./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl1.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl1.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash db1e722f73dbd7795cdbaca4c816f6c8a0f90138145d9f90bf0f222b7dd371eb --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 14:37:49,508 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 14:37:49,511 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 14:37:49,555 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 14:37:49,555 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 14:37:49,559 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 14:37:49,560 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 14:37:49,563 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 14:37:49,564 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 14:37:49,567 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 14:37:49,568 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 14:37:49,569 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 14:37:49,569 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 14:37:49,572 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 14:37:49,573 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 14:37:49,576 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 14:37:49,577 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 14:37:49,578 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 14:37:49,580 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 14:37:49,585 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 14:37:49,586 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 14:37:49,587 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 14:37:49,588 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 14:37:49,589 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 14:37:49,595 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 14:37:49,595 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 14:37:49,596 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 14:37:49,597 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 14:37:49,598 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 14:37:49,599 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 14:37:49,599 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 14:37:49,600 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 14:37:49,601 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 14:37:49,602 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 14:37:49,603 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 14:37:49,603 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 14:37:49,604 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 14:37:49,604 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 14:37:49,605 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 14:37:49,606 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 14:37:49,606 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 14:37:49,607 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 14:37:49,637 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 14:37:49,637 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 14:37:49,638 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 14:37:49,638 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 14:37:49,639 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 14:37:49,639 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 14:37:49,640 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 14:37:49,640 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 14:37:49,640 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 14:37:49,640 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 14:37:49,641 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 14:37:49,641 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 14:37:49,642 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 14:37:49,642 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 14:37:49,642 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 14:37:49,642 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 14:37:49,642 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 14:37:49,642 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 14:37:49,643 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 14:37:49,643 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 14:37:49,643 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 14:37:49,643 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 14:37:49,643 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 14:37:49,644 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 14:37:49,644 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 14:37:49,644 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 14:37:49,644 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 14:37:49,644 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 14:37:49,645 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 14:37:49,645 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 14:37:49,645 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 14:37:49,645 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 14:37:49,646 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 14:37:49,646 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> db1e722f73dbd7795cdbaca4c816f6c8a0f90138145d9f90bf0f222b7dd371eb [2022-02-20 14:37:49,894 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 14:37:49,914 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 14:37:49,917 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 14:37:49,918 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 14:37:49,919 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 14:37:49,920 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl1.cil.c [2022-02-20 14:37:49,979 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b5f9f95d5/ccf4d890bef84782b33647cbee112e71/FLAG976f7323a [2022-02-20 14:37:50,352 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 14:37:50,353 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl1.cil.c [2022-02-20 14:37:50,363 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b5f9f95d5/ccf4d890bef84782b33647cbee112e71/FLAG976f7323a [2022-02-20 14:37:50,754 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b5f9f95d5/ccf4d890bef84782b33647cbee112e71 [2022-02-20 14:37:50,756 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 14:37:50,757 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 14:37:50,764 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 14:37:50,764 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 14:37:50,767 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 14:37:50,768 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 02:37:50" (1/1) ... [2022-02-20 14:37:50,769 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@10d423 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:50, skipping insertion in model container [2022-02-20 14:37:50,770 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 02:37:50" (1/1) ... [2022-02-20 14:37:50,776 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 14:37:50,812 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 14:37:51,061 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl1.cil.c[17080,17093] [2022-02-20 14:37:51,064 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 14:37:51,071 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 14:37:51,136 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl1.cil.c[17080,17093] [2022-02-20 14:37:51,137 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 14:37:51,150 INFO L208 MainTranslator]: Completed translation [2022-02-20 14:37:51,150 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51 WrapperNode [2022-02-20 14:37:51,151 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 14:37:51,152 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 14:37:51,152 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 14:37:51,152 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 14:37:51,159 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,176 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,213 INFO L137 Inliner]: procedures = 24, calls = 29, calls flagged for inlining = 10, calls inlined = 10, statements flattened = 423 [2022-02-20 14:37:51,214 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 14:37:51,214 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 14:37:51,214 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 14:37:51,215 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 14:37:51,222 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,222 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,225 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,225 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,231 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,235 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,253 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,256 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 14:37:51,257 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 14:37:51,258 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 14:37:51,258 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 14:37:51,259 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (1/1) ... [2022-02-20 14:37:51,276 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 14:37:51,293 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 14:37:51,303 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 14:37:51,321 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 14:37:51,347 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 14:37:51,347 INFO L130 BoogieDeclarations]: Found specification of procedure errorFn [2022-02-20 14:37:51,347 INFO L138 BoogieDeclarations]: Found implementation of procedure errorFn [2022-02-20 14:37:51,347 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 14:37:51,348 INFO L130 BoogieDeclarations]: Found specification of procedure IofCallDriver [2022-02-20 14:37:51,348 INFO L138 BoogieDeclarations]: Found implementation of procedure IofCallDriver [2022-02-20 14:37:51,348 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 14:37:51,348 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 14:37:51,424 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 14:37:51,425 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 14:37:51,466 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-20 14:37:51,470 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-20 14:37:51,473 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-20 14:37:51,938 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##82: assume !false; [2022-02-20 14:37:51,938 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##81: assume false; [2022-02-20 14:37:51,939 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##58: assume !false; [2022-02-20 14:37:51,939 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##57: assume false; [2022-02-20 14:37:51,939 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##14: assume !false; [2022-02-20 14:37:51,939 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##13: assume false; [2022-02-20 14:37:51,941 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-20 14:37:52,014 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##12: assume !false; [2022-02-20 14:37:52,014 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##11: assume false; [2022-02-20 14:37:52,016 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 14:37:52,030 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 14:37:52,030 INFO L299 CfgBuilder]: Removed 0 assume(true) statements. [2022-02-20 14:37:52,032 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 02:37:52 BoogieIcfgContainer [2022-02-20 14:37:52,032 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 14:37:52,034 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 14:37:52,034 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 14:37:52,038 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 14:37:52,038 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 02:37:50" (1/3) ... [2022-02-20 14:37:52,039 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4c2b0822 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 02:37:52, skipping insertion in model container [2022-02-20 14:37:52,039 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 02:37:51" (2/3) ... [2022-02-20 14:37:52,040 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@4c2b0822 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 02:37:52, skipping insertion in model container [2022-02-20 14:37:52,040 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 02:37:52" (3/3) ... [2022-02-20 14:37:52,041 INFO L111 eAbstractionObserver]: Analyzing ICFG kbfiltr_simpl1.cil.c [2022-02-20 14:37:52,047 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 14:37:52,047 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 14:37:52,091 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 14:37:52,097 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 14:37:52,097 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 14:37:52,129 INFO L276 IsEmpty]: Start isEmpty. Operand has 121 states, 103 states have (on average 1.6116504854368932) internal successors, (166), 114 states have internal predecessors, (166), 14 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (14), 13 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 14:37:52,133 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 14 [2022-02-20 14:37:52,133 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:52,134 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:52,134 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:52,138 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:52,139 INFO L85 PathProgramCache]: Analyzing trace with hash -454322622, now seen corresponding path program 1 times [2022-02-20 14:37:52,147 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:52,147 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1353372326] [2022-02-20 14:37:52,147 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:52,148 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:52,251 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:52,361 INFO L290 TraceCheckUtils]: 0: Hoare triple {124#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {124#true} is VALID [2022-02-20 14:37:52,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {124#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {126#(= |ULTIMATE.start_main_~status~1#1| 0)} is VALID [2022-02-20 14:37:52,364 INFO L290 TraceCheckUtils]: 2: Hoare triple {126#(= |ULTIMATE.start_main_~status~1#1| 0)} assume { :end_inline__BLAST_init } true; {126#(= |ULTIMATE.start_main_~status~1#1| 0)} is VALID [2022-02-20 14:37:52,365 INFO L290 TraceCheckUtils]: 3: Hoare triple {126#(= |ULTIMATE.start_main_~status~1#1| 0)} assume !(main_~status~1#1 >= 0); {125#false} is VALID [2022-02-20 14:37:52,365 INFO L290 TraceCheckUtils]: 4: Hoare triple {125#false} assume !(1 == ~pended~0); {125#false} is VALID [2022-02-20 14:37:52,366 INFO L290 TraceCheckUtils]: 5: Hoare triple {125#false} assume !(1 == ~pended~0); {125#false} is VALID [2022-02-20 14:37:52,366 INFO L290 TraceCheckUtils]: 6: Hoare triple {125#false} assume ~s~0 != ~UNLOADED~0; {125#false} is VALID [2022-02-20 14:37:52,367 INFO L290 TraceCheckUtils]: 7: Hoare triple {125#false} assume -1 != main_~status~1#1; {125#false} is VALID [2022-02-20 14:37:52,367 INFO L290 TraceCheckUtils]: 8: Hoare triple {125#false} assume !(~s~0 != ~SKIP2~0); {125#false} is VALID [2022-02-20 14:37:52,367 INFO L290 TraceCheckUtils]: 9: Hoare triple {125#false} assume 1 == ~pended~0; {125#false} is VALID [2022-02-20 14:37:52,368 INFO L290 TraceCheckUtils]: 10: Hoare triple {125#false} assume 259 != main_~status~1#1; {125#false} is VALID [2022-02-20 14:37:52,368 INFO L272 TraceCheckUtils]: 11: Hoare triple {125#false} call errorFn(); {125#false} is VALID [2022-02-20 14:37:52,368 INFO L290 TraceCheckUtils]: 12: Hoare triple {125#false} assume !false; {125#false} is VALID [2022-02-20 14:37:52,369 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:52,370 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:52,370 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1353372326] [2022-02-20 14:37:52,371 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1353372326] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:52,371 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:52,371 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 14:37:52,374 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1007457099] [2022-02-20 14:37:52,374 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:52,379 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 4.0) internal successors, (12), 3 states have internal predecessors, (12), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 13 [2022-02-20 14:37:52,381 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:52,384 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 4.0) internal successors, (12), 3 states have internal predecessors, (12), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:52,401 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 13 edges. 13 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:52,401 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 14:37:52,403 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:52,426 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 14:37:52,427 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:52,434 INFO L87 Difference]: Start difference. First operand has 121 states, 103 states have (on average 1.6116504854368932) internal successors, (166), 114 states have internal predecessors, (166), 14 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (14), 13 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 3 states, 3 states have (on average 4.0) internal successors, (12), 3 states have internal predecessors, (12), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:52,727 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:52,728 INFO L93 Difference]: Finished difference Result 235 states and 382 transitions. [2022-02-20 14:37:52,728 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 14:37:52,729 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 4.0) internal successors, (12), 3 states have internal predecessors, (12), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 13 [2022-02-20 14:37:52,729 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:52,731 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 4.0) internal successors, (12), 3 states have internal predecessors, (12), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:52,746 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 382 transitions. [2022-02-20 14:37:52,747 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 4.0) internal successors, (12), 3 states have internal predecessors, (12), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:52,765 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 382 transitions. [2022-02-20 14:37:52,765 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 382 transitions. [2022-02-20 14:37:53,146 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 382 edges. 382 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:53,160 INFO L225 Difference]: With dead ends: 235 [2022-02-20 14:37:53,160 INFO L226 Difference]: Without dead ends: 111 [2022-02-20 14:37:53,167 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:53,171 INFO L933 BasicCegarLoop]: 178 mSDtfsCounter, 102 mSDsluCounter, 64 mSDsCounter, 0 mSdLazyCounter, 12 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 106 SdHoareTripleChecker+Valid, 242 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 12 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:53,172 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [106 Valid, 242 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 12 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:37:53,188 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 111 states. [2022-02-20 14:37:53,209 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 111 to 111. [2022-02-20 14:37:53,209 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:53,211 INFO L82 GeneralOperation]: Start isEquivalent. First operand 111 states. Second operand has 111 states, 95 states have (on average 1.5052631578947369) internal successors, (143), 104 states have internal predecessors, (143), 14 states have call successors, (14), 2 states have call predecessors, (14), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 14:37:53,212 INFO L74 IsIncluded]: Start isIncluded. First operand 111 states. Second operand has 111 states, 95 states have (on average 1.5052631578947369) internal successors, (143), 104 states have internal predecessors, (143), 14 states have call successors, (14), 2 states have call predecessors, (14), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 14:37:53,212 INFO L87 Difference]: Start difference. First operand 111 states. Second operand has 111 states, 95 states have (on average 1.5052631578947369) internal successors, (143), 104 states have internal predecessors, (143), 14 states have call successors, (14), 2 states have call predecessors, (14), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 14:37:53,219 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:53,219 INFO L93 Difference]: Finished difference Result 111 states and 161 transitions. [2022-02-20 14:37:53,219 INFO L276 IsEmpty]: Start isEmpty. Operand 111 states and 161 transitions. [2022-02-20 14:37:53,221 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:53,221 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:53,222 INFO L74 IsIncluded]: Start isIncluded. First operand has 111 states, 95 states have (on average 1.5052631578947369) internal successors, (143), 104 states have internal predecessors, (143), 14 states have call successors, (14), 2 states have call predecessors, (14), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Second operand 111 states. [2022-02-20 14:37:53,222 INFO L87 Difference]: Start difference. First operand has 111 states, 95 states have (on average 1.5052631578947369) internal successors, (143), 104 states have internal predecessors, (143), 14 states have call successors, (14), 2 states have call predecessors, (14), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Second operand 111 states. [2022-02-20 14:37:53,228 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:53,229 INFO L93 Difference]: Finished difference Result 111 states and 161 transitions. [2022-02-20 14:37:53,229 INFO L276 IsEmpty]: Start isEmpty. Operand 111 states and 161 transitions. [2022-02-20 14:37:53,230 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:53,230 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:53,231 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:53,231 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:53,232 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 111 states, 95 states have (on average 1.5052631578947369) internal successors, (143), 104 states have internal predecessors, (143), 14 states have call successors, (14), 2 states have call predecessors, (14), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 14:37:53,236 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 111 states to 111 states and 161 transitions. [2022-02-20 14:37:53,237 INFO L78 Accepts]: Start accepts. Automaton has 111 states and 161 transitions. Word has length 13 [2022-02-20 14:37:53,238 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:53,238 INFO L470 AbstractCegarLoop]: Abstraction has 111 states and 161 transitions. [2022-02-20 14:37:53,238 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 4.0) internal successors, (12), 3 states have internal predecessors, (12), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:53,239 INFO L276 IsEmpty]: Start isEmpty. Operand 111 states and 161 transitions. [2022-02-20 14:37:53,239 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 17 [2022-02-20 14:37:53,239 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:53,239 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:53,240 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 14:37:53,240 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:53,241 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:53,241 INFO L85 PathProgramCache]: Analyzing trace with hash -1664019001, now seen corresponding path program 1 times [2022-02-20 14:37:53,241 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:53,241 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [495756452] [2022-02-20 14:37:53,242 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:53,242 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:53,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:53,336 INFO L290 TraceCheckUtils]: 0: Hoare triple {823#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {823#true} is VALID [2022-02-20 14:37:53,336 INFO L290 TraceCheckUtils]: 1: Hoare triple {823#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {823#true} is VALID [2022-02-20 14:37:53,337 INFO L290 TraceCheckUtils]: 2: Hoare triple {823#true} assume { :end_inline__BLAST_init } true; {823#true} is VALID [2022-02-20 14:37:53,337 INFO L290 TraceCheckUtils]: 3: Hoare triple {823#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {823#true} is VALID [2022-02-20 14:37:53,337 INFO L290 TraceCheckUtils]: 4: Hoare triple {823#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {823#true} is VALID [2022-02-20 14:37:53,338 INFO L290 TraceCheckUtils]: 5: Hoare triple {823#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,338 INFO L290 TraceCheckUtils]: 6: Hoare triple {825#(= ~s~0 ~NP~0)} assume { :end_inline_stub_driver_init } true; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,339 INFO L290 TraceCheckUtils]: 7: Hoare triple {825#(= ~s~0 ~NP~0)} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,340 INFO L290 TraceCheckUtils]: 8: Hoare triple {825#(= ~s~0 ~NP~0)} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,340 INFO L290 TraceCheckUtils]: 9: Hoare triple {825#(= ~s~0 ~NP~0)} assume 3 == main_~tmp_ndt_1~0#1; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,341 INFO L290 TraceCheckUtils]: 10: Hoare triple {825#(= ~s~0 ~NP~0)} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,342 INFO L290 TraceCheckUtils]: 11: Hoare triple {825#(= ~s~0 ~NP~0)} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,347 INFO L290 TraceCheckUtils]: 12: Hoare triple {825#(= ~s~0 ~NP~0)} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {825#(= ~s~0 ~NP~0)} is VALID [2022-02-20 14:37:53,348 INFO L290 TraceCheckUtils]: 13: Hoare triple {825#(= ~s~0 ~NP~0)} assume ~s~0 != ~NP~0; {824#false} is VALID [2022-02-20 14:37:53,349 INFO L272 TraceCheckUtils]: 14: Hoare triple {824#false} call errorFn(); {824#false} is VALID [2022-02-20 14:37:53,349 INFO L290 TraceCheckUtils]: 15: Hoare triple {824#false} assume !false; {824#false} is VALID [2022-02-20 14:37:53,349 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:53,350 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:53,350 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [495756452] [2022-02-20 14:37:53,350 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [495756452] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:53,351 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:53,351 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 14:37:53,351 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [153676327] [2022-02-20 14:37:53,351 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:53,352 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 16 [2022-02-20 14:37:53,353 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:53,353 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:53,369 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 16 edges. 16 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:53,370 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 14:37:53,370 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:53,371 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 14:37:53,371 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:53,372 INFO L87 Difference]: Start difference. First operand 111 states and 161 transitions. Second operand has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:53,636 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:53,636 INFO L93 Difference]: Finished difference Result 203 states and 288 transitions. [2022-02-20 14:37:53,637 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 14:37:53,637 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 16 [2022-02-20 14:37:53,637 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:53,637 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:53,643 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 288 transitions. [2022-02-20 14:37:53,644 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:53,651 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 288 transitions. [2022-02-20 14:37:53,652 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 288 transitions. [2022-02-20 14:37:53,870 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 288 edges. 288 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:53,874 INFO L225 Difference]: With dead ends: 203 [2022-02-20 14:37:53,875 INFO L226 Difference]: Without dead ends: 156 [2022-02-20 14:37:53,875 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:53,885 INFO L933 BasicCegarLoop]: 176 mSDtfsCounter, 112 mSDsluCounter, 61 mSDsCounter, 0 mSdLazyCounter, 50 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 112 SdHoareTripleChecker+Valid, 237 SdHoareTripleChecker+Invalid, 62 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 50 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:53,886 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [112 Valid, 237 Invalid, 62 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 50 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 14:37:53,888 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 156 states. [2022-02-20 14:37:53,901 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 156 to 143. [2022-02-20 14:37:53,902 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:53,902 INFO L82 GeneralOperation]: Start isEquivalent. First operand 156 states. Second operand has 143 states, 130 states have (on average 1.4230769230769231) internal successors, (185), 131 states have internal predecessors, (185), 10 states have call successors, (10), 3 states have call predecessors, (10), 2 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:53,903 INFO L74 IsIncluded]: Start isIncluded. First operand 156 states. Second operand has 143 states, 130 states have (on average 1.4230769230769231) internal successors, (185), 131 states have internal predecessors, (185), 10 states have call successors, (10), 3 states have call predecessors, (10), 2 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:53,903 INFO L87 Difference]: Start difference. First operand 156 states. Second operand has 143 states, 130 states have (on average 1.4230769230769231) internal successors, (185), 131 states have internal predecessors, (185), 10 states have call successors, (10), 3 states have call predecessors, (10), 2 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:53,908 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:53,909 INFO L93 Difference]: Finished difference Result 156 states and 218 transitions. [2022-02-20 14:37:53,909 INFO L276 IsEmpty]: Start isEmpty. Operand 156 states and 218 transitions. [2022-02-20 14:37:53,911 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:53,914 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:53,915 INFO L74 IsIncluded]: Start isIncluded. First operand has 143 states, 130 states have (on average 1.4230769230769231) internal successors, (185), 131 states have internal predecessors, (185), 10 states have call successors, (10), 3 states have call predecessors, (10), 2 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 156 states. [2022-02-20 14:37:53,916 INFO L87 Difference]: Start difference. First operand has 143 states, 130 states have (on average 1.4230769230769231) internal successors, (185), 131 states have internal predecessors, (185), 10 states have call successors, (10), 3 states have call predecessors, (10), 2 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 156 states. [2022-02-20 14:37:53,922 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:53,924 INFO L93 Difference]: Finished difference Result 156 states and 218 transitions. [2022-02-20 14:37:53,924 INFO L276 IsEmpty]: Start isEmpty. Operand 156 states and 218 transitions. [2022-02-20 14:37:53,927 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:53,928 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:53,928 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:53,929 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:53,929 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 143 states, 130 states have (on average 1.4230769230769231) internal successors, (185), 131 states have internal predecessors, (185), 10 states have call successors, (10), 3 states have call predecessors, (10), 2 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:53,934 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 143 states to 143 states and 203 transitions. [2022-02-20 14:37:53,935 INFO L78 Accepts]: Start accepts. Automaton has 143 states and 203 transitions. Word has length 16 [2022-02-20 14:37:53,935 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:53,935 INFO L470 AbstractCegarLoop]: Abstraction has 143 states and 203 transitions. [2022-02-20 14:37:53,936 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.0) internal successors, (15), 3 states have internal predecessors, (15), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:53,936 INFO L276 IsEmpty]: Start isEmpty. Operand 143 states and 203 transitions. [2022-02-20 14:37:53,936 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 14:37:53,936 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:53,937 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:53,937 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 14:37:53,937 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:53,938 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:53,938 INFO L85 PathProgramCache]: Analyzing trace with hash -45143919, now seen corresponding path program 1 times [2022-02-20 14:37:53,938 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:53,938 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [171251111] [2022-02-20 14:37:53,938 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:53,939 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:53,962 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:53,988 INFO L290 TraceCheckUtils]: 0: Hoare triple {1615#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {1615#true} is VALID [2022-02-20 14:37:53,989 INFO L290 TraceCheckUtils]: 1: Hoare triple {1615#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {1615#true} is VALID [2022-02-20 14:37:53,989 INFO L290 TraceCheckUtils]: 2: Hoare triple {1615#true} assume { :end_inline__BLAST_init } true; {1615#true} is VALID [2022-02-20 14:37:53,989 INFO L290 TraceCheckUtils]: 3: Hoare triple {1615#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {1615#true} is VALID [2022-02-20 14:37:53,989 INFO L290 TraceCheckUtils]: 4: Hoare triple {1615#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {1615#true} is VALID [2022-02-20 14:37:53,990 INFO L290 TraceCheckUtils]: 5: Hoare triple {1615#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,990 INFO L290 TraceCheckUtils]: 6: Hoare triple {1617#(= ~compRegistered~0 0)} assume { :end_inline_stub_driver_init } true; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,991 INFO L290 TraceCheckUtils]: 7: Hoare triple {1617#(= ~compRegistered~0 0)} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,991 INFO L290 TraceCheckUtils]: 8: Hoare triple {1617#(= ~compRegistered~0 0)} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,992 INFO L290 TraceCheckUtils]: 9: Hoare triple {1617#(= ~compRegistered~0 0)} assume 3 == main_~tmp_ndt_1~0#1; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,992 INFO L290 TraceCheckUtils]: 10: Hoare triple {1617#(= ~compRegistered~0 0)} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,993 INFO L290 TraceCheckUtils]: 11: Hoare triple {1617#(= ~compRegistered~0 0)} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,993 INFO L290 TraceCheckUtils]: 12: Hoare triple {1617#(= ~compRegistered~0 0)} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,994 INFO L290 TraceCheckUtils]: 13: Hoare triple {1617#(= ~compRegistered~0 0)} assume !(~s~0 != ~NP~0); {1617#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:53,994 INFO L290 TraceCheckUtils]: 14: Hoare triple {1617#(= ~compRegistered~0 0)} assume 0 != ~compRegistered~0; {1616#false} is VALID [2022-02-20 14:37:53,994 INFO L272 TraceCheckUtils]: 15: Hoare triple {1616#false} call errorFn(); {1616#false} is VALID [2022-02-20 14:37:53,995 INFO L290 TraceCheckUtils]: 16: Hoare triple {1616#false} assume !false; {1616#false} is VALID [2022-02-20 14:37:53,995 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:53,995 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:53,995 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [171251111] [2022-02-20 14:37:53,996 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [171251111] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:54,001 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:54,001 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 14:37:54,002 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1761909227] [2022-02-20 14:37:54,002 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:54,003 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 17 [2022-02-20 14:37:54,004 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:54,004 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,020 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 17 edges. 17 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:54,020 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 14:37:54,021 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:54,021 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 14:37:54,021 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:54,022 INFO L87 Difference]: Start difference. First operand 143 states and 203 transitions. Second operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,179 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:54,179 INFO L93 Difference]: Finished difference Result 246 states and 339 transitions. [2022-02-20 14:37:54,179 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 14:37:54,180 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 17 [2022-02-20 14:37:54,180 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:54,180 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,184 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 270 transitions. [2022-02-20 14:37:54,184 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,188 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 270 transitions. [2022-02-20 14:37:54,188 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 270 transitions. [2022-02-20 14:37:54,396 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 270 edges. 270 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:54,401 INFO L225 Difference]: With dead ends: 246 [2022-02-20 14:37:54,401 INFO L226 Difference]: Without dead ends: 198 [2022-02-20 14:37:54,404 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:54,411 INFO L933 BasicCegarLoop]: 149 mSDtfsCounter, 128 mSDsluCounter, 73 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 128 SdHoareTripleChecker+Valid, 222 SdHoareTripleChecker+Invalid, 9 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:54,413 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [128 Valid, 222 Invalid, 9 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:37:54,415 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 198 states. [2022-02-20 14:37:54,432 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 198 to 154. [2022-02-20 14:37:54,438 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:54,440 INFO L82 GeneralOperation]: Start isEquivalent. First operand 198 states. Second operand has 154 states, 141 states have (on average 1.4113475177304964) internal successors, (199), 142 states have internal predecessors, (199), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,441 INFO L74 IsIncluded]: Start isIncluded. First operand 198 states. Second operand has 154 states, 141 states have (on average 1.4113475177304964) internal successors, (199), 142 states have internal predecessors, (199), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,441 INFO L87 Difference]: Start difference. First operand 198 states. Second operand has 154 states, 141 states have (on average 1.4113475177304964) internal successors, (199), 142 states have internal predecessors, (199), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,449 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:54,450 INFO L93 Difference]: Finished difference Result 198 states and 275 transitions. [2022-02-20 14:37:54,450 INFO L276 IsEmpty]: Start isEmpty. Operand 198 states and 275 transitions. [2022-02-20 14:37:54,451 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:54,451 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:54,452 INFO L74 IsIncluded]: Start isIncluded. First operand has 154 states, 141 states have (on average 1.4113475177304964) internal successors, (199), 142 states have internal predecessors, (199), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) Second operand 198 states. [2022-02-20 14:37:54,453 INFO L87 Difference]: Start difference. First operand has 154 states, 141 states have (on average 1.4113475177304964) internal successors, (199), 142 states have internal predecessors, (199), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) Second operand 198 states. [2022-02-20 14:37:54,461 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:54,461 INFO L93 Difference]: Finished difference Result 198 states and 275 transitions. [2022-02-20 14:37:54,461 INFO L276 IsEmpty]: Start isEmpty. Operand 198 states and 275 transitions. [2022-02-20 14:37:54,462 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:54,462 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:54,462 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:54,462 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:54,463 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 154 states, 141 states have (on average 1.4113475177304964) internal successors, (199), 142 states have internal predecessors, (199), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,468 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 154 states to 154 states and 216 transitions. [2022-02-20 14:37:54,468 INFO L78 Accepts]: Start accepts. Automaton has 154 states and 216 transitions. Word has length 17 [2022-02-20 14:37:54,469 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:54,469 INFO L470 AbstractCegarLoop]: Abstraction has 154 states and 216 transitions. [2022-02-20 14:37:54,469 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,469 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 216 transitions. [2022-02-20 14:37:54,470 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2022-02-20 14:37:54,470 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:54,470 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:54,471 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 14:37:54,471 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:54,471 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:54,472 INFO L85 PathProgramCache]: Analyzing trace with hash 111527333, now seen corresponding path program 1 times [2022-02-20 14:37:54,472 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:54,472 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [559655977] [2022-02-20 14:37:54,472 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:54,472 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:54,501 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:54,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {2558#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {2558#true} is VALID [2022-02-20 14:37:54,559 INFO L290 TraceCheckUtils]: 1: Hoare triple {2558#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {2558#true} is VALID [2022-02-20 14:37:54,559 INFO L290 TraceCheckUtils]: 2: Hoare triple {2558#true} assume { :end_inline__BLAST_init } true; {2558#true} is VALID [2022-02-20 14:37:54,560 INFO L290 TraceCheckUtils]: 3: Hoare triple {2558#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {2558#true} is VALID [2022-02-20 14:37:54,563 INFO L290 TraceCheckUtils]: 4: Hoare triple {2558#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {2558#true} is VALID [2022-02-20 14:37:54,564 INFO L290 TraceCheckUtils]: 5: Hoare triple {2558#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {2558#true} is VALID [2022-02-20 14:37:54,564 INFO L290 TraceCheckUtils]: 6: Hoare triple {2558#true} assume { :end_inline_stub_driver_init } true; {2558#true} is VALID [2022-02-20 14:37:54,564 INFO L290 TraceCheckUtils]: 7: Hoare triple {2558#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {2558#true} is VALID [2022-02-20 14:37:54,565 INFO L290 TraceCheckUtils]: 8: Hoare triple {2558#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {2558#true} is VALID [2022-02-20 14:37:54,565 INFO L290 TraceCheckUtils]: 9: Hoare triple {2558#true} assume 3 == main_~tmp_ndt_1~0#1; {2558#true} is VALID [2022-02-20 14:37:54,565 INFO L290 TraceCheckUtils]: 10: Hoare triple {2558#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {2558#true} is VALID [2022-02-20 14:37:54,565 INFO L290 TraceCheckUtils]: 11: Hoare triple {2558#true} assume !(0 == KbFilter_PnP_~irpStack__MinorFunction~0#1); {2558#true} is VALID [2022-02-20 14:37:54,565 INFO L290 TraceCheckUtils]: 12: Hoare triple {2558#true} assume 23 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {2558#true} is VALID [2022-02-20 14:37:54,565 INFO L290 TraceCheckUtils]: 13: Hoare triple {2558#true} KbFilter_PnP_~devExt__SurpriseRemoved~0#1 := 1; {2558#true} is VALID [2022-02-20 14:37:54,567 INFO L290 TraceCheckUtils]: 14: Hoare triple {2558#true} assume ~s~0 == ~NP~0;~s~0 := ~SKIP1~0; {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,568 INFO L290 TraceCheckUtils]: 15: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} KbFilter_PnP_#t~post14#1 := KbFilter_PnP_~Irp__CurrentLocation~0#1;KbFilter_PnP_~Irp__CurrentLocation~0#1 := 1 + KbFilter_PnP_#t~post14#1;havoc KbFilter_PnP_#t~post14#1;KbFilter_PnP_#t~post15#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := 1 + KbFilter_PnP_#t~post15#1;havoc KbFilter_PnP_#t~post15#1; {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,569 INFO L272 TraceCheckUtils]: 16: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} call KbFilter_PnP_#t~ret16#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,569 INFO L290 TraceCheckUtils]: 17: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,570 INFO L290 TraceCheckUtils]: 18: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} assume !(0 != ~compRegistered~0); {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,570 INFO L290 TraceCheckUtils]: 19: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,570 INFO L290 TraceCheckUtils]: 20: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} assume 0 == ~tmp_ndt_2~0#1; {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,571 INFO L290 TraceCheckUtils]: 21: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} ~returnVal2~0#1 := 0; {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,571 INFO L290 TraceCheckUtils]: 22: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} assume !(~s~0 == ~NP~0); {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,572 INFO L290 TraceCheckUtils]: 23: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} assume !(~s~0 == ~MPR1~0); {2560#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-20 14:37:54,572 INFO L290 TraceCheckUtils]: 24: Hoare triple {2560#(= ~SKIP1~0 ~s~0)} assume !(~s~0 == ~SKIP1~0); {2559#false} is VALID [2022-02-20 14:37:54,572 INFO L272 TraceCheckUtils]: 25: Hoare triple {2559#false} call errorFn(); {2559#false} is VALID [2022-02-20 14:37:54,573 INFO L290 TraceCheckUtils]: 26: Hoare triple {2559#false} assume !false; {2559#false} is VALID [2022-02-20 14:37:54,573 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:54,573 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:54,573 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [559655977] [2022-02-20 14:37:54,574 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [559655977] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:54,574 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:54,576 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 14:37:54,576 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1617907079] [2022-02-20 14:37:54,576 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:54,577 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 27 [2022-02-20 14:37:54,578 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:54,579 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,596 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 27 edges. 27 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:54,596 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 14:37:54,596 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:54,598 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 14:37:54,598 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:54,599 INFO L87 Difference]: Start difference. First operand 154 states and 216 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,769 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:54,769 INFO L93 Difference]: Finished difference Result 157 states and 218 transitions. [2022-02-20 14:37:54,781 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 14:37:54,781 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 27 [2022-02-20 14:37:54,781 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:54,782 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,784 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 169 transitions. [2022-02-20 14:37:54,784 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,786 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 169 transitions. [2022-02-20 14:37:54,786 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 169 transitions. [2022-02-20 14:37:54,899 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 169 edges. 169 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:54,901 INFO L225 Difference]: With dead ends: 157 [2022-02-20 14:37:54,902 INFO L226 Difference]: Without dead ends: 154 [2022-02-20 14:37:54,902 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:54,903 INFO L933 BasicCegarLoop]: 155 mSDtfsCounter, 10 mSDsluCounter, 107 mSDsCounter, 0 mSdLazyCounter, 38 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 262 SdHoareTripleChecker+Invalid, 41 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 38 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:54,903 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [10 Valid, 262 Invalid, 41 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 38 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:37:54,904 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 154 states. [2022-02-20 14:37:54,911 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 154 to 154. [2022-02-20 14:37:54,911 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:54,916 INFO L82 GeneralOperation]: Start isEquivalent. First operand 154 states. Second operand has 154 states, 141 states have (on average 1.4042553191489362) internal successors, (198), 142 states have internal predecessors, (198), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,917 INFO L74 IsIncluded]: Start isIncluded. First operand 154 states. Second operand has 154 states, 141 states have (on average 1.4042553191489362) internal successors, (198), 142 states have internal predecessors, (198), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,918 INFO L87 Difference]: Start difference. First operand 154 states. Second operand has 154 states, 141 states have (on average 1.4042553191489362) internal successors, (198), 142 states have internal predecessors, (198), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,922 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:54,925 INFO L93 Difference]: Finished difference Result 154 states and 215 transitions. [2022-02-20 14:37:54,925 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 215 transitions. [2022-02-20 14:37:54,926 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:54,926 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:54,927 INFO L74 IsIncluded]: Start isIncluded. First operand has 154 states, 141 states have (on average 1.4042553191489362) internal successors, (198), 142 states have internal predecessors, (198), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) Second operand 154 states. [2022-02-20 14:37:54,927 INFO L87 Difference]: Start difference. First operand has 154 states, 141 states have (on average 1.4042553191489362) internal successors, (198), 142 states have internal predecessors, (198), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) Second operand 154 states. [2022-02-20 14:37:54,935 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:54,935 INFO L93 Difference]: Finished difference Result 154 states and 215 transitions. [2022-02-20 14:37:54,935 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 215 transitions. [2022-02-20 14:37:54,936 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:54,936 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:54,936 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:54,936 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:54,937 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 154 states, 141 states have (on average 1.4042553191489362) internal successors, (198), 142 states have internal predecessors, (198), 8 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:54,942 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 154 states to 154 states and 215 transitions. [2022-02-20 14:37:54,942 INFO L78 Accepts]: Start accepts. Automaton has 154 states and 215 transitions. Word has length 27 [2022-02-20 14:37:54,943 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:54,943 INFO L470 AbstractCegarLoop]: Abstraction has 154 states and 215 transitions. [2022-02-20 14:37:54,943 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:54,943 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 215 transitions. [2022-02-20 14:37:54,944 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2022-02-20 14:37:54,944 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:54,944 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:54,945 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 14:37:54,945 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:54,945 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:54,945 INFO L85 PathProgramCache]: Analyzing trace with hash 1365306542, now seen corresponding path program 1 times [2022-02-20 14:37:54,946 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:54,946 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1200636268] [2022-02-20 14:37:54,946 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:54,946 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:54,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:54,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {3286#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {3286#true} is VALID [2022-02-20 14:37:54,998 INFO L290 TraceCheckUtils]: 1: Hoare triple {3286#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {3286#true} is VALID [2022-02-20 14:37:54,999 INFO L290 TraceCheckUtils]: 2: Hoare triple {3286#true} assume { :end_inline__BLAST_init } true; {3286#true} is VALID [2022-02-20 14:37:54,999 INFO L290 TraceCheckUtils]: 3: Hoare triple {3286#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {3286#true} is VALID [2022-02-20 14:37:54,999 INFO L290 TraceCheckUtils]: 4: Hoare triple {3286#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {3286#true} is VALID [2022-02-20 14:37:54,999 INFO L290 TraceCheckUtils]: 5: Hoare triple {3286#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {3286#true} is VALID [2022-02-20 14:37:55,000 INFO L290 TraceCheckUtils]: 6: Hoare triple {3286#true} assume { :end_inline_stub_driver_init } true; {3286#true} is VALID [2022-02-20 14:37:55,000 INFO L290 TraceCheckUtils]: 7: Hoare triple {3286#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {3286#true} is VALID [2022-02-20 14:37:55,000 INFO L290 TraceCheckUtils]: 8: Hoare triple {3286#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {3286#true} is VALID [2022-02-20 14:37:55,000 INFO L290 TraceCheckUtils]: 9: Hoare triple {3286#true} assume 3 == main_~tmp_ndt_1~0#1; {3286#true} is VALID [2022-02-20 14:37:55,001 INFO L290 TraceCheckUtils]: 10: Hoare triple {3286#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {3286#true} is VALID [2022-02-20 14:37:55,001 INFO L290 TraceCheckUtils]: 11: Hoare triple {3286#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {3286#true} is VALID [2022-02-20 14:37:55,001 INFO L290 TraceCheckUtils]: 12: Hoare triple {3286#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {3286#true} is VALID [2022-02-20 14:37:55,001 INFO L290 TraceCheckUtils]: 13: Hoare triple {3286#true} assume !(~s~0 != ~NP~0); {3286#true} is VALID [2022-02-20 14:37:55,001 INFO L290 TraceCheckUtils]: 14: Hoare triple {3286#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {3286#true} is VALID [2022-02-20 14:37:55,002 INFO L290 TraceCheckUtils]: 15: Hoare triple {3286#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {3286#true} is VALID [2022-02-20 14:37:55,002 INFO L272 TraceCheckUtils]: 16: Hoare triple {3286#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {3286#true} is VALID [2022-02-20 14:37:55,002 INFO L290 TraceCheckUtils]: 17: Hoare triple {3286#true} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {3286#true} is VALID [2022-02-20 14:37:55,002 INFO L290 TraceCheckUtils]: 18: Hoare triple {3286#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {3286#true} is VALID [2022-02-20 14:37:55,003 INFO L290 TraceCheckUtils]: 19: Hoare triple {3286#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {3286#true} is VALID [2022-02-20 14:37:55,003 INFO L290 TraceCheckUtils]: 20: Hoare triple {3286#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {3286#true} is VALID [2022-02-20 14:37:55,004 INFO L290 TraceCheckUtils]: 21: Hoare triple {3286#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:55,004 INFO L290 TraceCheckUtils]: 22: Hoare triple {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume { :end_inline_stubMoreProcessingRequired } true; {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:55,005 INFO L290 TraceCheckUtils]: 23: Hoare triple {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:55,005 INFO L290 TraceCheckUtils]: 24: Hoare triple {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume 0 == ~tmp_ndt_2~0#1; {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:55,006 INFO L290 TraceCheckUtils]: 25: Hoare triple {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} ~returnVal2~0#1 := 0; {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:55,006 INFO L290 TraceCheckUtils]: 26: Hoare triple {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume !(~s~0 == ~NP~0); {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:55,007 INFO L290 TraceCheckUtils]: 27: Hoare triple {3288#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume !(~s~0 == ~MPR1~0); {3287#false} is VALID [2022-02-20 14:37:55,007 INFO L290 TraceCheckUtils]: 28: Hoare triple {3287#false} assume !(~s~0 == ~SKIP1~0); {3287#false} is VALID [2022-02-20 14:37:55,007 INFO L272 TraceCheckUtils]: 29: Hoare triple {3287#false} call errorFn(); {3287#false} is VALID [2022-02-20 14:37:55,007 INFO L290 TraceCheckUtils]: 30: Hoare triple {3287#false} assume !false; {3287#false} is VALID [2022-02-20 14:37:55,008 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:55,008 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:55,008 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1200636268] [2022-02-20 14:37:55,008 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1200636268] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:55,008 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:55,009 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 14:37:55,009 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [186621508] [2022-02-20 14:37:55,009 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:55,009 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 3 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 31 [2022-02-20 14:37:55,010 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:55,010 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 3 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:55,032 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:55,032 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 14:37:55,032 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:55,033 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 14:37:55,033 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:55,033 INFO L87 Difference]: Start difference. First operand 154 states and 215 transitions. Second operand has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 3 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:55,198 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:55,199 INFO L93 Difference]: Finished difference Result 200 states and 276 transitions. [2022-02-20 14:37:55,199 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 14:37:55,199 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 3 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 31 [2022-02-20 14:37:55,201 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:55,201 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 3 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:55,204 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 211 transitions. [2022-02-20 14:37:55,204 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 3 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:55,207 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 211 transitions. [2022-02-20 14:37:55,207 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 211 transitions. [2022-02-20 14:37:55,357 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 211 edges. 211 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:55,360 INFO L225 Difference]: With dead ends: 200 [2022-02-20 14:37:55,360 INFO L226 Difference]: Without dead ends: 152 [2022-02-20 14:37:55,361 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 14:37:55,363 INFO L933 BasicCegarLoop]: 155 mSDtfsCounter, 5 mSDsluCounter, 114 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 5 SdHoareTripleChecker+Valid, 269 SdHoareTripleChecker+Invalid, 35 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:55,364 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [5 Valid, 269 Invalid, 35 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:37:55,365 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 152 states. [2022-02-20 14:37:55,386 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 152 to 152. [2022-02-20 14:37:55,386 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:55,387 INFO L82 GeneralOperation]: Start isEquivalent. First operand 152 states. Second operand has 152 states, 140 states have (on average 1.3928571428571428) internal successors, (195), 140 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:55,388 INFO L74 IsIncluded]: Start isIncluded. First operand 152 states. Second operand has 152 states, 140 states have (on average 1.3928571428571428) internal successors, (195), 140 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:55,388 INFO L87 Difference]: Start difference. First operand 152 states. Second operand has 152 states, 140 states have (on average 1.3928571428571428) internal successors, (195), 140 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:55,393 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:55,393 INFO L93 Difference]: Finished difference Result 152 states and 211 transitions. [2022-02-20 14:37:55,393 INFO L276 IsEmpty]: Start isEmpty. Operand 152 states and 211 transitions. [2022-02-20 14:37:55,394 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:55,394 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:55,395 INFO L74 IsIncluded]: Start isIncluded. First operand has 152 states, 140 states have (on average 1.3928571428571428) internal successors, (195), 140 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) Second operand 152 states. [2022-02-20 14:37:55,395 INFO L87 Difference]: Start difference. First operand has 152 states, 140 states have (on average 1.3928571428571428) internal successors, (195), 140 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) Second operand 152 states. [2022-02-20 14:37:55,399 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:55,400 INFO L93 Difference]: Finished difference Result 152 states and 211 transitions. [2022-02-20 14:37:55,400 INFO L276 IsEmpty]: Start isEmpty. Operand 152 states and 211 transitions. [2022-02-20 14:37:55,400 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:55,401 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:55,401 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:55,401 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:55,402 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 152 states, 140 states have (on average 1.3928571428571428) internal successors, (195), 140 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (9), 8 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:55,406 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 152 states to 152 states and 211 transitions. [2022-02-20 14:37:55,406 INFO L78 Accepts]: Start accepts. Automaton has 152 states and 211 transitions. Word has length 31 [2022-02-20 14:37:55,407 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:55,407 INFO L470 AbstractCegarLoop]: Abstraction has 152 states and 211 transitions. [2022-02-20 14:37:55,407 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 3 states have internal predecessors, (29), 2 states have call successors, (2), 2 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:37:55,407 INFO L276 IsEmpty]: Start isEmpty. Operand 152 states and 211 transitions. [2022-02-20 14:37:55,408 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-02-20 14:37:55,408 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:55,408 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:55,408 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 14:37:55,409 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:55,409 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:55,409 INFO L85 PathProgramCache]: Analyzing trace with hash 52355391, now seen corresponding path program 1 times [2022-02-20 14:37:55,410 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:55,410 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1241003828] [2022-02-20 14:37:55,410 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:55,410 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:55,433 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:55,487 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:37:55,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:55,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {4079#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {4066#true} is VALID [2022-02-20 14:37:55,519 INFO L290 TraceCheckUtils]: 1: Hoare triple {4066#true} assume !(0 != ~compRegistered~0); {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,523 INFO L290 TraceCheckUtils]: 2: Hoare triple {4080#(= ~compRegistered~0 0)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,524 INFO L290 TraceCheckUtils]: 3: Hoare triple {4080#(= ~compRegistered~0 0)} assume 0 == ~tmp_ndt_2~0#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,524 INFO L290 TraceCheckUtils]: 4: Hoare triple {4080#(= ~compRegistered~0 0)} ~returnVal2~0#1 := 0; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,525 INFO L290 TraceCheckUtils]: 5: Hoare triple {4080#(= ~compRegistered~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,526 INFO L290 TraceCheckUtils]: 6: Hoare triple {4080#(= ~compRegistered~0 0)} #res#1 := ~returnVal2~0#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,527 INFO L290 TraceCheckUtils]: 7: Hoare triple {4080#(= ~compRegistered~0 0)} assume true; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,528 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {4080#(= ~compRegistered~0 0)} {4069#(not (= ~compRegistered~0 0))} #436#return; {4067#false} is VALID [2022-02-20 14:37:55,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {4066#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {4066#true} is VALID [2022-02-20 14:37:55,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {4066#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {4066#true} is VALID [2022-02-20 14:37:55,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {4066#true} assume { :end_inline__BLAST_init } true; {4066#true} is VALID [2022-02-20 14:37:55,530 INFO L290 TraceCheckUtils]: 3: Hoare triple {4066#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {4066#true} is VALID [2022-02-20 14:37:55,531 INFO L290 TraceCheckUtils]: 4: Hoare triple {4066#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {4066#true} is VALID [2022-02-20 14:37:55,531 INFO L290 TraceCheckUtils]: 5: Hoare triple {4066#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {4066#true} is VALID [2022-02-20 14:37:55,532 INFO L290 TraceCheckUtils]: 6: Hoare triple {4066#true} assume { :end_inline_stub_driver_init } true; {4066#true} is VALID [2022-02-20 14:37:55,541 INFO L290 TraceCheckUtils]: 7: Hoare triple {4066#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {4068#(= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1)} is VALID [2022-02-20 14:37:55,541 INFO L290 TraceCheckUtils]: 8: Hoare triple {4068#(= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1)} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {4066#true} is VALID [2022-02-20 14:37:55,541 INFO L290 TraceCheckUtils]: 9: Hoare triple {4066#true} assume 3 == main_~tmp_ndt_1~0#1; {4066#true} is VALID [2022-02-20 14:37:55,541 INFO L290 TraceCheckUtils]: 10: Hoare triple {4066#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {4066#true} is VALID [2022-02-20 14:37:55,542 INFO L290 TraceCheckUtils]: 11: Hoare triple {4066#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {4066#true} is VALID [2022-02-20 14:37:55,542 INFO L290 TraceCheckUtils]: 12: Hoare triple {4066#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {4066#true} is VALID [2022-02-20 14:37:55,542 INFO L290 TraceCheckUtils]: 13: Hoare triple {4066#true} assume !(~s~0 != ~NP~0); {4066#true} is VALID [2022-02-20 14:37:55,542 INFO L290 TraceCheckUtils]: 14: Hoare triple {4066#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {4069#(not (= ~compRegistered~0 0))} is VALID [2022-02-20 14:37:55,543 INFO L290 TraceCheckUtils]: 15: Hoare triple {4069#(not (= ~compRegistered~0 0))} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {4069#(not (= ~compRegistered~0 0))} is VALID [2022-02-20 14:37:55,544 INFO L272 TraceCheckUtils]: 16: Hoare triple {4069#(not (= ~compRegistered~0 0))} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {4079#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:37:55,544 INFO L290 TraceCheckUtils]: 17: Hoare triple {4079#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {4066#true} is VALID [2022-02-20 14:37:55,544 INFO L290 TraceCheckUtils]: 18: Hoare triple {4066#true} assume !(0 != ~compRegistered~0); {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,545 INFO L290 TraceCheckUtils]: 19: Hoare triple {4080#(= ~compRegistered~0 0)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,545 INFO L290 TraceCheckUtils]: 20: Hoare triple {4080#(= ~compRegistered~0 0)} assume 0 == ~tmp_ndt_2~0#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,546 INFO L290 TraceCheckUtils]: 21: Hoare triple {4080#(= ~compRegistered~0 0)} ~returnVal2~0#1 := 0; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,546 INFO L290 TraceCheckUtils]: 22: Hoare triple {4080#(= ~compRegistered~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,546 INFO L290 TraceCheckUtils]: 23: Hoare triple {4080#(= ~compRegistered~0 0)} #res#1 := ~returnVal2~0#1; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,547 INFO L290 TraceCheckUtils]: 24: Hoare triple {4080#(= ~compRegistered~0 0)} assume true; {4080#(= ~compRegistered~0 0)} is VALID [2022-02-20 14:37:55,551 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {4080#(= ~compRegistered~0 0)} {4069#(not (= ~compRegistered~0 0))} #436#return; {4067#false} is VALID [2022-02-20 14:37:55,551 INFO L290 TraceCheckUtils]: 26: Hoare triple {4067#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {4067#false} is VALID [2022-02-20 14:37:55,551 INFO L290 TraceCheckUtils]: 27: Hoare triple {4067#false} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet33#1, KeWaitForSingleObject_~tmp_ndt_4~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {4067#false} is VALID [2022-02-20 14:37:55,551 INFO L290 TraceCheckUtils]: 28: Hoare triple {4067#false} assume !(~s~0 == ~MPR3~0); {4067#false} is VALID [2022-02-20 14:37:55,552 INFO L290 TraceCheckUtils]: 29: Hoare triple {4067#false} assume !(1 == ~customIrp~0); {4067#false} is VALID [2022-02-20 14:37:55,552 INFO L290 TraceCheckUtils]: 30: Hoare triple {4067#false} assume ~s~0 == ~MPR3~0; {4067#false} is VALID [2022-02-20 14:37:55,552 INFO L272 TraceCheckUtils]: 31: Hoare triple {4067#false} call errorFn(); {4067#false} is VALID [2022-02-20 14:37:55,552 INFO L290 TraceCheckUtils]: 32: Hoare triple {4067#false} assume !false; {4067#false} is VALID [2022-02-20 14:37:55,552 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:55,553 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:55,553 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1241003828] [2022-02-20 14:37:55,553 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1241003828] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:55,553 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:55,553 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 14:37:55,553 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [40166571] [2022-02-20 14:37:55,554 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:55,555 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 33 [2022-02-20 14:37:55,555 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:55,556 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:55,578 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:55,578 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 14:37:55,579 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:55,579 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 14:37:55,580 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 14:37:55,580 INFO L87 Difference]: Start difference. First operand 152 states and 211 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:56,082 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:56,089 INFO L93 Difference]: Finished difference Result 214 states and 290 transitions. [2022-02-20 14:37:56,089 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 14:37:56,090 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 33 [2022-02-20 14:37:56,090 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:56,090 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:56,100 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 241 transitions. [2022-02-20 14:37:56,100 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:56,102 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 241 transitions. [2022-02-20 14:37:56,103 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 241 transitions. [2022-02-20 14:37:56,290 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 241 edges. 241 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:56,293 INFO L225 Difference]: With dead ends: 214 [2022-02-20 14:37:56,294 INFO L226 Difference]: Without dead ends: 161 [2022-02-20 14:37:56,294 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=25, Invalid=65, Unknown=0, NotChecked=0, Total=90 [2022-02-20 14:37:56,295 INFO L933 BasicCegarLoop]: 169 mSDtfsCounter, 293 mSDsluCounter, 311 mSDsCounter, 0 mSdLazyCounter, 100 mSolverCounterSat, 27 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 293 SdHoareTripleChecker+Valid, 480 SdHoareTripleChecker+Invalid, 127 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 27 IncrementalHoareTripleChecker+Valid, 100 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:56,295 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [293 Valid, 480 Invalid, 127 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [27 Valid, 100 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 14:37:56,296 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 161 states. [2022-02-20 14:37:56,302 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 161 to 145. [2022-02-20 14:37:56,302 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:56,303 INFO L82 GeneralOperation]: Start isEquivalent. First operand 161 states. Second operand has 145 states, 133 states have (on average 1.3909774436090225) internal successors, (185), 133 states have internal predecessors, (185), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:56,304 INFO L74 IsIncluded]: Start isIncluded. First operand 161 states. Second operand has 145 states, 133 states have (on average 1.3909774436090225) internal successors, (185), 133 states have internal predecessors, (185), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:56,304 INFO L87 Difference]: Start difference. First operand 161 states. Second operand has 145 states, 133 states have (on average 1.3909774436090225) internal successors, (185), 133 states have internal predecessors, (185), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:56,308 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:56,308 INFO L93 Difference]: Finished difference Result 161 states and 219 transitions. [2022-02-20 14:37:56,308 INFO L276 IsEmpty]: Start isEmpty. Operand 161 states and 219 transitions. [2022-02-20 14:37:56,309 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:56,309 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:56,310 INFO L74 IsIncluded]: Start isIncluded. First operand has 145 states, 133 states have (on average 1.3909774436090225) internal successors, (185), 133 states have internal predecessors, (185), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 161 states. [2022-02-20 14:37:56,310 INFO L87 Difference]: Start difference. First operand has 145 states, 133 states have (on average 1.3909774436090225) internal successors, (185), 133 states have internal predecessors, (185), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 161 states. [2022-02-20 14:37:56,314 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:56,314 INFO L93 Difference]: Finished difference Result 161 states and 219 transitions. [2022-02-20 14:37:56,314 INFO L276 IsEmpty]: Start isEmpty. Operand 161 states and 219 transitions. [2022-02-20 14:37:56,314 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:56,314 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:56,315 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:56,315 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:56,315 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 145 states, 133 states have (on average 1.3909774436090225) internal successors, (185), 133 states have internal predecessors, (185), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:56,318 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 145 states to 145 states and 200 transitions. [2022-02-20 14:37:56,319 INFO L78 Accepts]: Start accepts. Automaton has 145 states and 200 transitions. Word has length 33 [2022-02-20 14:37:56,319 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:56,319 INFO L470 AbstractCegarLoop]: Abstraction has 145 states and 200 transitions. [2022-02-20 14:37:56,319 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:56,320 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 200 transitions. [2022-02-20 14:37:56,320 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 38 [2022-02-20 14:37:56,320 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:56,321 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:56,321 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 14:37:56,321 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:56,321 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:56,321 INFO L85 PathProgramCache]: Analyzing trace with hash -572632936, now seen corresponding path program 1 times [2022-02-20 14:37:56,322 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:56,322 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1734133454] [2022-02-20 14:37:56,322 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:56,322 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:56,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:56,421 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:37:56,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:56,481 INFO L290 TraceCheckUtils]: 0: Hoare triple {4913#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {4897#true} is VALID [2022-02-20 14:37:56,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {4897#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {4897#true} is VALID [2022-02-20 14:37:56,482 INFO L290 TraceCheckUtils]: 2: Hoare triple {4897#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {4897#true} is VALID [2022-02-20 14:37:56,482 INFO L290 TraceCheckUtils]: 3: Hoare triple {4897#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {4897#true} is VALID [2022-02-20 14:37:56,482 INFO L290 TraceCheckUtils]: 4: Hoare triple {4897#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,483 INFO L290 TraceCheckUtils]: 5: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume { :end_inline_stubMoreProcessingRequired } true; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,483 INFO L290 TraceCheckUtils]: 6: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,484 INFO L290 TraceCheckUtils]: 7: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume 0 == ~tmp_ndt_2~0#1; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,484 INFO L290 TraceCheckUtils]: 8: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} ~returnVal2~0#1 := 0; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,485 INFO L290 TraceCheckUtils]: 9: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-20 14:37:56,485 INFO L290 TraceCheckUtils]: 10: Hoare triple {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} #res#1 := ~returnVal2~0#1; {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-20 14:37:56,485 INFO L290 TraceCheckUtils]: 11: Hoare triple {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} assume true; {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-20 14:37:56,486 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} #436#return; {4898#false} is VALID [2022-02-20 14:37:56,487 INFO L290 TraceCheckUtils]: 0: Hoare triple {4897#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {4897#true} is VALID [2022-02-20 14:37:56,488 INFO L290 TraceCheckUtils]: 1: Hoare triple {4897#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,488 INFO L290 TraceCheckUtils]: 2: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :end_inline__BLAST_init } true; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,489 INFO L290 TraceCheckUtils]: 3: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,489 INFO L290 TraceCheckUtils]: 4: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,490 INFO L290 TraceCheckUtils]: 5: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,490 INFO L290 TraceCheckUtils]: 6: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :end_inline_stub_driver_init } true; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,491 INFO L290 TraceCheckUtils]: 7: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,491 INFO L290 TraceCheckUtils]: 8: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,492 INFO L290 TraceCheckUtils]: 9: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume 3 == main_~tmp_ndt_1~0#1; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,492 INFO L290 TraceCheckUtils]: 10: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,493 INFO L290 TraceCheckUtils]: 11: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,493 INFO L290 TraceCheckUtils]: 12: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,494 INFO L290 TraceCheckUtils]: 13: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(~s~0 != ~NP~0); {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,494 INFO L290 TraceCheckUtils]: 14: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,495 INFO L290 TraceCheckUtils]: 15: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-20 14:37:56,496 INFO L272 TraceCheckUtils]: 16: Hoare triple {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {4913#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:37:56,496 INFO L290 TraceCheckUtils]: 17: Hoare triple {4913#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {4897#true} is VALID [2022-02-20 14:37:56,496 INFO L290 TraceCheckUtils]: 18: Hoare triple {4897#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {4897#true} is VALID [2022-02-20 14:37:56,496 INFO L290 TraceCheckUtils]: 19: Hoare triple {4897#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {4897#true} is VALID [2022-02-20 14:37:56,496 INFO L290 TraceCheckUtils]: 20: Hoare triple {4897#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {4897#true} is VALID [2022-02-20 14:37:56,497 INFO L290 TraceCheckUtils]: 21: Hoare triple {4897#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,497 INFO L290 TraceCheckUtils]: 22: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume { :end_inline_stubMoreProcessingRequired } true; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,498 INFO L290 TraceCheckUtils]: 23: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,498 INFO L290 TraceCheckUtils]: 24: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume 0 == ~tmp_ndt_2~0#1; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,499 INFO L290 TraceCheckUtils]: 25: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} ~returnVal2~0#1 := 0; {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-20 14:37:56,500 INFO L290 TraceCheckUtils]: 26: Hoare triple {4914#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-20 14:37:56,500 INFO L290 TraceCheckUtils]: 27: Hoare triple {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} #res#1 := ~returnVal2~0#1; {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-20 14:37:56,500 INFO L290 TraceCheckUtils]: 28: Hoare triple {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} assume true; {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-20 14:37:56,503 INFO L284 TraceCheckUtils]: 29: Hoare quadruple {4915#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} {4899#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} #436#return; {4898#false} is VALID [2022-02-20 14:37:56,503 INFO L290 TraceCheckUtils]: 30: Hoare triple {4898#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {4898#false} is VALID [2022-02-20 14:37:56,503 INFO L290 TraceCheckUtils]: 31: Hoare triple {4898#false} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet33#1, KeWaitForSingleObject_~tmp_ndt_4~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {4898#false} is VALID [2022-02-20 14:37:56,503 INFO L290 TraceCheckUtils]: 32: Hoare triple {4898#false} assume !(~s~0 == ~MPR3~0); {4898#false} is VALID [2022-02-20 14:37:56,504 INFO L290 TraceCheckUtils]: 33: Hoare triple {4898#false} assume !(1 == ~customIrp~0); {4898#false} is VALID [2022-02-20 14:37:56,504 INFO L290 TraceCheckUtils]: 34: Hoare triple {4898#false} assume ~s~0 == ~MPR3~0; {4898#false} is VALID [2022-02-20 14:37:56,504 INFO L272 TraceCheckUtils]: 35: Hoare triple {4898#false} call errorFn(); {4898#false} is VALID [2022-02-20 14:37:56,504 INFO L290 TraceCheckUtils]: 36: Hoare triple {4898#false} assume !false; {4898#false} is VALID [2022-02-20 14:37:56,505 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:56,505 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:56,506 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1734133454] [2022-02-20 14:37:56,506 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1734133454] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:56,506 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:56,506 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 14:37:56,506 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1065480238] [2022-02-20 14:37:56,506 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:56,507 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 37 [2022-02-20 14:37:56,508 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:56,508 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:56,538 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 37 edges. 37 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:56,538 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 14:37:56,538 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:56,539 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 14:37:56,539 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 14:37:56,539 INFO L87 Difference]: Start difference. First operand 145 states and 200 transitions. Second operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:57,102 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:57,103 INFO L93 Difference]: Finished difference Result 191 states and 261 transitions. [2022-02-20 14:37:57,103 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 14:37:57,103 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 37 [2022-02-20 14:37:57,104 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:57,104 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:57,106 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 209 transitions. [2022-02-20 14:37:57,106 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:57,108 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 209 transitions. [2022-02-20 14:37:57,108 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 209 transitions. [2022-02-20 14:37:57,273 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 209 edges. 209 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:57,276 INFO L225 Difference]: With dead ends: 191 [2022-02-20 14:37:57,276 INFO L226 Difference]: Without dead ends: 145 [2022-02-20 14:37:57,277 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=28, Invalid=62, Unknown=0, NotChecked=0, Total=90 [2022-02-20 14:37:57,277 INFO L933 BasicCegarLoop]: 137 mSDtfsCounter, 160 mSDsluCounter, 328 mSDsCounter, 0 mSdLazyCounter, 128 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 160 SdHoareTripleChecker+Valid, 465 SdHoareTripleChecker+Invalid, 142 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 128 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:57,278 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [160 Valid, 465 Invalid, 142 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 128 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 14:37:57,278 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 145 states. [2022-02-20 14:37:57,310 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 145 to 145. [2022-02-20 14:37:57,310 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:57,311 INFO L82 GeneralOperation]: Start isEquivalent. First operand 145 states. Second operand has 145 states, 133 states have (on average 1.3834586466165413) internal successors, (184), 133 states have internal predecessors, (184), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:57,312 INFO L74 IsIncluded]: Start isIncluded. First operand 145 states. Second operand has 145 states, 133 states have (on average 1.3834586466165413) internal successors, (184), 133 states have internal predecessors, (184), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:57,312 INFO L87 Difference]: Start difference. First operand 145 states. Second operand has 145 states, 133 states have (on average 1.3834586466165413) internal successors, (184), 133 states have internal predecessors, (184), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:57,315 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:57,316 INFO L93 Difference]: Finished difference Result 145 states and 199 transitions. [2022-02-20 14:37:57,316 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 199 transitions. [2022-02-20 14:37:57,316 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:57,317 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:57,317 INFO L74 IsIncluded]: Start isIncluded. First operand has 145 states, 133 states have (on average 1.3834586466165413) internal successors, (184), 133 states have internal predecessors, (184), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 145 states. [2022-02-20 14:37:57,318 INFO L87 Difference]: Start difference. First operand has 145 states, 133 states have (on average 1.3834586466165413) internal successors, (184), 133 states have internal predecessors, (184), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 145 states. [2022-02-20 14:37:57,321 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:57,321 INFO L93 Difference]: Finished difference Result 145 states and 199 transitions. [2022-02-20 14:37:57,321 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 199 transitions. [2022-02-20 14:37:57,322 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:57,322 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:57,322 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:57,322 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:57,323 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 145 states, 133 states have (on average 1.3834586466165413) internal successors, (184), 133 states have internal predecessors, (184), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:57,326 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 145 states to 145 states and 199 transitions. [2022-02-20 14:37:57,326 INFO L78 Accepts]: Start accepts. Automaton has 145 states and 199 transitions. Word has length 37 [2022-02-20 14:37:57,326 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:57,326 INFO L470 AbstractCegarLoop]: Abstraction has 145 states and 199 transitions. [2022-02-20 14:37:57,327 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.666666666666667) internal successors, (34), 5 states have internal predecessors, (34), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:57,327 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 199 transitions. [2022-02-20 14:37:57,327 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 14:37:57,327 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:57,328 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:57,328 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 14:37:57,328 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:57,328 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:57,329 INFO L85 PathProgramCache]: Analyzing trace with hash 1593142548, now seen corresponding path program 1 times [2022-02-20 14:37:57,329 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:57,329 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [615027384] [2022-02-20 14:37:57,329 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:57,329 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:57,357 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:57,382 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:37:57,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:57,400 INFO L290 TraceCheckUtils]: 0: Hoare triple {5676#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,400 INFO L290 TraceCheckUtils]: 1: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} assume !(0 != ~compRegistered~0); {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,401 INFO L290 TraceCheckUtils]: 2: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,401 INFO L290 TraceCheckUtils]: 3: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} assume 0 == ~tmp_ndt_2~0#1; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,402 INFO L290 TraceCheckUtils]: 4: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} ~returnVal2~0#1 := 0; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,402 INFO L290 TraceCheckUtils]: 5: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {5678#(= ~NP~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,402 INFO L290 TraceCheckUtils]: 6: Hoare triple {5678#(= ~NP~0 |old(~s~0)|)} #res#1 := ~returnVal2~0#1; {5678#(= ~NP~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,403 INFO L290 TraceCheckUtils]: 7: Hoare triple {5678#(= ~NP~0 |old(~s~0)|)} assume true; {5678#(= ~NP~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,404 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {5678#(= ~NP~0 |old(~s~0)|)} {5666#(not (= ~s~0 ~NP~0))} #444#return; {5664#false} is VALID [2022-02-20 14:37:57,404 INFO L290 TraceCheckUtils]: 0: Hoare triple {5663#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {5663#true} is VALID [2022-02-20 14:37:57,405 INFO L290 TraceCheckUtils]: 1: Hoare triple {5663#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,405 INFO L290 TraceCheckUtils]: 2: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume { :end_inline__BLAST_init } true; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,406 INFO L290 TraceCheckUtils]: 3: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,406 INFO L290 TraceCheckUtils]: 4: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,406 INFO L290 TraceCheckUtils]: 5: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,407 INFO L290 TraceCheckUtils]: 6: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume { :end_inline_stub_driver_init } true; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,407 INFO L290 TraceCheckUtils]: 7: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,407 INFO L290 TraceCheckUtils]: 8: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,408 INFO L290 TraceCheckUtils]: 9: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume 3 == main_~tmp_ndt_1~0#1; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,408 INFO L290 TraceCheckUtils]: 10: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,409 INFO L290 TraceCheckUtils]: 11: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume !(0 == KbFilter_PnP_~irpStack__MinorFunction~0#1); {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,409 INFO L290 TraceCheckUtils]: 12: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume 23 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,409 INFO L290 TraceCheckUtils]: 13: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} KbFilter_PnP_~devExt__SurpriseRemoved~0#1 := 1; {5665#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-20 14:37:57,410 INFO L290 TraceCheckUtils]: 14: Hoare triple {5665#(not (= ~SKIP1~0 ~NP~0))} assume ~s~0 == ~NP~0;~s~0 := ~SKIP1~0; {5666#(not (= ~s~0 ~NP~0))} is VALID [2022-02-20 14:37:57,410 INFO L290 TraceCheckUtils]: 15: Hoare triple {5666#(not (= ~s~0 ~NP~0))} KbFilter_PnP_#t~post14#1 := KbFilter_PnP_~Irp__CurrentLocation~0#1;KbFilter_PnP_~Irp__CurrentLocation~0#1 := 1 + KbFilter_PnP_#t~post14#1;havoc KbFilter_PnP_#t~post14#1;KbFilter_PnP_#t~post15#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := 1 + KbFilter_PnP_#t~post15#1;havoc KbFilter_PnP_#t~post15#1; {5666#(not (= ~s~0 ~NP~0))} is VALID [2022-02-20 14:37:57,411 INFO L272 TraceCheckUtils]: 16: Hoare triple {5666#(not (= ~s~0 ~NP~0))} call KbFilter_PnP_#t~ret16#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {5676#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:37:57,411 INFO L290 TraceCheckUtils]: 17: Hoare triple {5676#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,412 INFO L290 TraceCheckUtils]: 18: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} assume !(0 != ~compRegistered~0); {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,412 INFO L290 TraceCheckUtils]: 19: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,412 INFO L290 TraceCheckUtils]: 20: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} assume 0 == ~tmp_ndt_2~0#1; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,413 INFO L290 TraceCheckUtils]: 21: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} ~returnVal2~0#1 := 0; {5677#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,413 INFO L290 TraceCheckUtils]: 22: Hoare triple {5677#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {5678#(= ~NP~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,413 INFO L290 TraceCheckUtils]: 23: Hoare triple {5678#(= ~NP~0 |old(~s~0)|)} #res#1 := ~returnVal2~0#1; {5678#(= ~NP~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,414 INFO L290 TraceCheckUtils]: 24: Hoare triple {5678#(= ~NP~0 |old(~s~0)|)} assume true; {5678#(= ~NP~0 |old(~s~0)|)} is VALID [2022-02-20 14:37:57,415 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {5678#(= ~NP~0 |old(~s~0)|)} {5666#(not (= ~s~0 ~NP~0))} #444#return; {5664#false} is VALID [2022-02-20 14:37:57,415 INFO L290 TraceCheckUtils]: 26: Hoare triple {5664#false} assume -2147483648 <= KbFilter_PnP_#t~ret16#1 && KbFilter_PnP_#t~ret16#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret16#1;havoc KbFilter_PnP_#t~ret16#1; {5664#false} is VALID [2022-02-20 14:37:57,415 INFO L290 TraceCheckUtils]: 27: Hoare triple {5664#false} KbFilter_PnP_#res#1 := KbFilter_PnP_~status~0#1; {5664#false} is VALID [2022-02-20 14:37:57,415 INFO L290 TraceCheckUtils]: 28: Hoare triple {5664#false} main_#t~ret27#1 := KbFilter_PnP_#res#1;assume { :end_inline_KbFilter_PnP } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~status~1#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {5664#false} is VALID [2022-02-20 14:37:57,416 INFO L290 TraceCheckUtils]: 29: Hoare triple {5664#false} assume !(1 == ~pended~0); {5664#false} is VALID [2022-02-20 14:37:57,416 INFO L290 TraceCheckUtils]: 30: Hoare triple {5664#false} assume !(1 == ~pended~0); {5664#false} is VALID [2022-02-20 14:37:57,416 INFO L290 TraceCheckUtils]: 31: Hoare triple {5664#false} assume ~s~0 != ~UNLOADED~0; {5664#false} is VALID [2022-02-20 14:37:57,416 INFO L290 TraceCheckUtils]: 32: Hoare triple {5664#false} assume -1 != main_~status~1#1; {5664#false} is VALID [2022-02-20 14:37:57,416 INFO L290 TraceCheckUtils]: 33: Hoare triple {5664#false} assume !(~s~0 != ~SKIP2~0); {5664#false} is VALID [2022-02-20 14:37:57,416 INFO L290 TraceCheckUtils]: 34: Hoare triple {5664#false} assume 1 == ~pended~0; {5664#false} is VALID [2022-02-20 14:37:57,417 INFO L290 TraceCheckUtils]: 35: Hoare triple {5664#false} assume 259 != main_~status~1#1; {5664#false} is VALID [2022-02-20 14:37:57,417 INFO L272 TraceCheckUtils]: 36: Hoare triple {5664#false} call errorFn(); {5664#false} is VALID [2022-02-20 14:37:57,417 INFO L290 TraceCheckUtils]: 37: Hoare triple {5664#false} assume !false; {5664#false} is VALID [2022-02-20 14:37:57,417 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:57,417 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:57,418 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [615027384] [2022-02-20 14:37:57,418 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [615027384] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:57,418 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:57,418 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 14:37:57,418 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [805004993] [2022-02-20 14:37:57,418 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:57,419 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.0) internal successors, (35), 6 states have internal predecessors, (35), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 38 [2022-02-20 14:37:57,419 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:57,419 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 5.0) internal successors, (35), 6 states have internal predecessors, (35), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:57,444 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 38 edges. 38 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:57,444 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 14:37:57,444 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:57,445 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 14:37:57,445 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=12, Invalid=30, Unknown=0, NotChecked=0, Total=42 [2022-02-20 14:37:57,445 INFO L87 Difference]: Start difference. First operand 145 states and 199 transitions. Second operand has 7 states, 7 states have (on average 5.0) internal successors, (35), 6 states have internal predecessors, (35), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:58,138 INFO L93 Difference]: Finished difference Result 179 states and 240 transitions. [2022-02-20 14:37:58,138 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 10 states. [2022-02-20 14:37:58,139 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.0) internal successors, (35), 6 states have internal predecessors, (35), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 38 [2022-02-20 14:37:58,139 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:58,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.0) internal successors, (35), 6 states have internal predecessors, (35), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,145 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 206 transitions. [2022-02-20 14:37:58,145 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.0) internal successors, (35), 6 states have internal predecessors, (35), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,148 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 10 states to 10 states and 206 transitions. [2022-02-20 14:37:58,148 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 10 states and 206 transitions. [2022-02-20 14:37:58,319 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 206 edges. 206 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:58,322 INFO L225 Difference]: With dead ends: 179 [2022-02-20 14:37:58,323 INFO L226 Difference]: Without dead ends: 157 [2022-02-20 14:37:58,323 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 17 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=129, Unknown=0, NotChecked=0, Total=182 [2022-02-20 14:37:58,324 INFO L933 BasicCegarLoop]: 148 mSDtfsCounter, 196 mSDsluCounter, 437 mSDsCounter, 0 mSdLazyCounter, 191 mSolverCounterSat, 30 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 197 SdHoareTripleChecker+Valid, 585 SdHoareTripleChecker+Invalid, 221 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 30 IncrementalHoareTripleChecker+Valid, 191 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:58,324 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [197 Valid, 585 Invalid, 221 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [30 Valid, 191 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 14:37:58,325 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 157 states. [2022-02-20 14:37:58,355 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 157 to 145. [2022-02-20 14:37:58,355 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:58,356 INFO L82 GeneralOperation]: Start isEquivalent. First operand 157 states. Second operand has 145 states, 133 states have (on average 1.3759398496240602) internal successors, (183), 133 states have internal predecessors, (183), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:58,356 INFO L74 IsIncluded]: Start isIncluded. First operand 157 states. Second operand has 145 states, 133 states have (on average 1.3759398496240602) internal successors, (183), 133 states have internal predecessors, (183), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:58,357 INFO L87 Difference]: Start difference. First operand 157 states. Second operand has 145 states, 133 states have (on average 1.3759398496240602) internal successors, (183), 133 states have internal predecessors, (183), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:58,360 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:58,361 INFO L93 Difference]: Finished difference Result 157 states and 212 transitions. [2022-02-20 14:37:58,361 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 212 transitions. [2022-02-20 14:37:58,361 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:58,362 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:58,362 INFO L74 IsIncluded]: Start isIncluded. First operand has 145 states, 133 states have (on average 1.3759398496240602) internal successors, (183), 133 states have internal predecessors, (183), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 157 states. [2022-02-20 14:37:58,363 INFO L87 Difference]: Start difference. First operand has 145 states, 133 states have (on average 1.3759398496240602) internal successors, (183), 133 states have internal predecessors, (183), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 157 states. [2022-02-20 14:37:58,366 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:58,366 INFO L93 Difference]: Finished difference Result 157 states and 212 transitions. [2022-02-20 14:37:58,367 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 212 transitions. [2022-02-20 14:37:58,367 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:58,367 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:58,367 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:58,367 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:58,369 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 145 states, 133 states have (on average 1.3759398496240602) internal successors, (183), 133 states have internal predecessors, (183), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:58,372 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 145 states to 145 states and 198 transitions. [2022-02-20 14:37:58,372 INFO L78 Accepts]: Start accepts. Automaton has 145 states and 198 transitions. Word has length 38 [2022-02-20 14:37:58,372 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:58,373 INFO L470 AbstractCegarLoop]: Abstraction has 145 states and 198 transitions. [2022-02-20 14:37:58,373 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.0) internal successors, (35), 6 states have internal predecessors, (35), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,373 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 198 transitions. [2022-02-20 14:37:58,374 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-20 14:37:58,374 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:58,374 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:58,374 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 14:37:58,374 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:58,375 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:58,375 INFO L85 PathProgramCache]: Analyzing trace with hash -1687313027, now seen corresponding path program 1 times [2022-02-20 14:37:58,375 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:58,375 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1938004813] [2022-02-20 14:37:58,375 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:58,376 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:58,398 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:58,413 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:37:58,420 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:58,433 INFO L290 TraceCheckUtils]: 0: Hoare triple {6455#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {6438#true} is VALID [2022-02-20 14:37:58,434 INFO L290 TraceCheckUtils]: 1: Hoare triple {6438#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {6438#true} is VALID [2022-02-20 14:37:58,434 INFO L290 TraceCheckUtils]: 2: Hoare triple {6438#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {6438#true} is VALID [2022-02-20 14:37:58,434 INFO L290 TraceCheckUtils]: 3: Hoare triple {6438#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {6438#true} is VALID [2022-02-20 14:37:58,434 INFO L290 TraceCheckUtils]: 4: Hoare triple {6438#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {6438#true} is VALID [2022-02-20 14:37:58,434 INFO L290 TraceCheckUtils]: 5: Hoare triple {6438#true} assume { :end_inline_stubMoreProcessingRequired } true; {6438#true} is VALID [2022-02-20 14:37:58,435 INFO L290 TraceCheckUtils]: 6: Hoare triple {6438#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {6438#true} is VALID [2022-02-20 14:37:58,435 INFO L290 TraceCheckUtils]: 7: Hoare triple {6438#true} assume 0 == ~tmp_ndt_2~0#1; {6438#true} is VALID [2022-02-20 14:37:58,435 INFO L290 TraceCheckUtils]: 8: Hoare triple {6438#true} ~returnVal2~0#1 := 0; {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} is VALID [2022-02-20 14:37:58,436 INFO L290 TraceCheckUtils]: 9: Hoare triple {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} assume !(~s~0 == ~NP~0); {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} is VALID [2022-02-20 14:37:58,436 INFO L290 TraceCheckUtils]: 10: Hoare triple {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} assume ~s~0 == ~MPR1~0; {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} is VALID [2022-02-20 14:37:58,436 INFO L290 TraceCheckUtils]: 11: Hoare triple {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {6439#false} is VALID [2022-02-20 14:37:58,437 INFO L290 TraceCheckUtils]: 12: Hoare triple {6439#false} #res#1 := ~returnVal2~0#1; {6439#false} is VALID [2022-02-20 14:37:58,437 INFO L290 TraceCheckUtils]: 13: Hoare triple {6439#false} assume true; {6439#false} is VALID [2022-02-20 14:37:58,437 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {6439#false} {6438#true} #436#return; {6439#false} is VALID [2022-02-20 14:37:58,437 INFO L290 TraceCheckUtils]: 0: Hoare triple {6438#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {6438#true} is VALID [2022-02-20 14:37:58,437 INFO L290 TraceCheckUtils]: 1: Hoare triple {6438#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {6438#true} is VALID [2022-02-20 14:37:58,438 INFO L290 TraceCheckUtils]: 2: Hoare triple {6438#true} assume { :end_inline__BLAST_init } true; {6438#true} is VALID [2022-02-20 14:37:58,438 INFO L290 TraceCheckUtils]: 3: Hoare triple {6438#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {6438#true} is VALID [2022-02-20 14:37:58,438 INFO L290 TraceCheckUtils]: 4: Hoare triple {6438#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {6438#true} is VALID [2022-02-20 14:37:58,438 INFO L290 TraceCheckUtils]: 5: Hoare triple {6438#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {6438#true} is VALID [2022-02-20 14:37:58,438 INFO L290 TraceCheckUtils]: 6: Hoare triple {6438#true} assume { :end_inline_stub_driver_init } true; {6438#true} is VALID [2022-02-20 14:37:58,439 INFO L290 TraceCheckUtils]: 7: Hoare triple {6438#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {6438#true} is VALID [2022-02-20 14:37:58,439 INFO L290 TraceCheckUtils]: 8: Hoare triple {6438#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {6438#true} is VALID [2022-02-20 14:37:58,439 INFO L290 TraceCheckUtils]: 9: Hoare triple {6438#true} assume 3 == main_~tmp_ndt_1~0#1; {6438#true} is VALID [2022-02-20 14:37:58,439 INFO L290 TraceCheckUtils]: 10: Hoare triple {6438#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {6438#true} is VALID [2022-02-20 14:37:58,439 INFO L290 TraceCheckUtils]: 11: Hoare triple {6438#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {6438#true} is VALID [2022-02-20 14:37:58,439 INFO L290 TraceCheckUtils]: 12: Hoare triple {6438#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {6438#true} is VALID [2022-02-20 14:37:58,440 INFO L290 TraceCheckUtils]: 13: Hoare triple {6438#true} assume !(~s~0 != ~NP~0); {6438#true} is VALID [2022-02-20 14:37:58,440 INFO L290 TraceCheckUtils]: 14: Hoare triple {6438#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {6438#true} is VALID [2022-02-20 14:37:58,440 INFO L290 TraceCheckUtils]: 15: Hoare triple {6438#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {6438#true} is VALID [2022-02-20 14:37:58,441 INFO L272 TraceCheckUtils]: 16: Hoare triple {6438#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {6455#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:37:58,441 INFO L290 TraceCheckUtils]: 17: Hoare triple {6455#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {6438#true} is VALID [2022-02-20 14:37:58,441 INFO L290 TraceCheckUtils]: 18: Hoare triple {6438#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {6438#true} is VALID [2022-02-20 14:37:58,441 INFO L290 TraceCheckUtils]: 19: Hoare triple {6438#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {6438#true} is VALID [2022-02-20 14:37:58,442 INFO L290 TraceCheckUtils]: 20: Hoare triple {6438#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {6438#true} is VALID [2022-02-20 14:37:58,442 INFO L290 TraceCheckUtils]: 21: Hoare triple {6438#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {6438#true} is VALID [2022-02-20 14:37:58,442 INFO L290 TraceCheckUtils]: 22: Hoare triple {6438#true} assume { :end_inline_stubMoreProcessingRequired } true; {6438#true} is VALID [2022-02-20 14:37:58,442 INFO L290 TraceCheckUtils]: 23: Hoare triple {6438#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {6438#true} is VALID [2022-02-20 14:37:58,442 INFO L290 TraceCheckUtils]: 24: Hoare triple {6438#true} assume 0 == ~tmp_ndt_2~0#1; {6438#true} is VALID [2022-02-20 14:37:58,443 INFO L290 TraceCheckUtils]: 25: Hoare triple {6438#true} ~returnVal2~0#1 := 0; {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} is VALID [2022-02-20 14:37:58,443 INFO L290 TraceCheckUtils]: 26: Hoare triple {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} assume !(~s~0 == ~NP~0); {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} is VALID [2022-02-20 14:37:58,443 INFO L290 TraceCheckUtils]: 27: Hoare triple {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} assume ~s~0 == ~MPR1~0; {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} is VALID [2022-02-20 14:37:58,444 INFO L290 TraceCheckUtils]: 28: Hoare triple {6456#(not (= 259 |IofCallDriver_~returnVal2~0#1|))} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {6439#false} is VALID [2022-02-20 14:37:58,444 INFO L290 TraceCheckUtils]: 29: Hoare triple {6439#false} #res#1 := ~returnVal2~0#1; {6439#false} is VALID [2022-02-20 14:37:58,444 INFO L290 TraceCheckUtils]: 30: Hoare triple {6439#false} assume true; {6439#false} is VALID [2022-02-20 14:37:58,444 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {6439#false} {6438#true} #436#return; {6439#false} is VALID [2022-02-20 14:37:58,445 INFO L290 TraceCheckUtils]: 32: Hoare triple {6439#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {6439#false} is VALID [2022-02-20 14:37:58,445 INFO L290 TraceCheckUtils]: 33: Hoare triple {6439#false} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet33#1, KeWaitForSingleObject_~tmp_ndt_4~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {6439#false} is VALID [2022-02-20 14:37:58,445 INFO L290 TraceCheckUtils]: 34: Hoare triple {6439#false} assume !(~s~0 == ~MPR3~0); {6439#false} is VALID [2022-02-20 14:37:58,445 INFO L290 TraceCheckUtils]: 35: Hoare triple {6439#false} assume !(1 == ~customIrp~0); {6439#false} is VALID [2022-02-20 14:37:58,445 INFO L290 TraceCheckUtils]: 36: Hoare triple {6439#false} assume ~s~0 == ~MPR3~0; {6439#false} is VALID [2022-02-20 14:37:58,445 INFO L272 TraceCheckUtils]: 37: Hoare triple {6439#false} call errorFn(); {6439#false} is VALID [2022-02-20 14:37:58,446 INFO L290 TraceCheckUtils]: 38: Hoare triple {6439#false} assume !false; {6439#false} is VALID [2022-02-20 14:37:58,446 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:58,446 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:58,446 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1938004813] [2022-02-20 14:37:58,446 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1938004813] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:58,447 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:58,447 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 14:37:58,447 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [158233889] [2022-02-20 14:37:58,447 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:58,448 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 39 [2022-02-20 14:37:58,448 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:58,448 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 9.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,473 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:58,473 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 14:37:58,473 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:58,474 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 14:37:58,474 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 14:37:58,474 INFO L87 Difference]: Start difference. First operand 145 states and 198 transitions. Second operand has 4 states, 4 states have (on average 9.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,763 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:58,763 INFO L93 Difference]: Finished difference Result 207 states and 282 transitions. [2022-02-20 14:37:58,763 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 14:37:58,764 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 39 [2022-02-20 14:37:58,764 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:58,764 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,766 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 229 transitions. [2022-02-20 14:37:58,767 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:58,769 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 229 transitions. [2022-02-20 14:37:58,769 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 229 transitions. [2022-02-20 14:37:58,967 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 229 edges. 229 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:58,970 INFO L225 Difference]: With dead ends: 207 [2022-02-20 14:37:58,970 INFO L226 Difference]: Without dead ends: 155 [2022-02-20 14:37:58,970 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 14:37:58,971 INFO L933 BasicCegarLoop]: 140 mSDtfsCounter, 21 mSDsluCounter, 236 mSDsCounter, 0 mSdLazyCounter, 48 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 376 SdHoareTripleChecker+Invalid, 60 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 48 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:58,971 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 376 Invalid, 60 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 48 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:37:58,972 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 155 states. [2022-02-20 14:37:59,004 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 155 to 151. [2022-02-20 14:37:59,004 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:59,005 INFO L82 GeneralOperation]: Start isEquivalent. First operand 155 states. Second operand has 151 states, 139 states have (on average 1.3669064748201438) internal successors, (190), 139 states have internal predecessors, (190), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:59,005 INFO L74 IsIncluded]: Start isIncluded. First operand 155 states. Second operand has 151 states, 139 states have (on average 1.3669064748201438) internal successors, (190), 139 states have internal predecessors, (190), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:59,006 INFO L87 Difference]: Start difference. First operand 155 states. Second operand has 151 states, 139 states have (on average 1.3669064748201438) internal successors, (190), 139 states have internal predecessors, (190), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:59,009 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:59,010 INFO L93 Difference]: Finished difference Result 155 states and 211 transitions. [2022-02-20 14:37:59,010 INFO L276 IsEmpty]: Start isEmpty. Operand 155 states and 211 transitions. [2022-02-20 14:37:59,010 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:59,010 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:59,011 INFO L74 IsIncluded]: Start isIncluded. First operand has 151 states, 139 states have (on average 1.3669064748201438) internal successors, (190), 139 states have internal predecessors, (190), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 155 states. [2022-02-20 14:37:59,011 INFO L87 Difference]: Start difference. First operand has 151 states, 139 states have (on average 1.3669064748201438) internal successors, (190), 139 states have internal predecessors, (190), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) Second operand 155 states. [2022-02-20 14:37:59,015 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:59,015 INFO L93 Difference]: Finished difference Result 155 states and 211 transitions. [2022-02-20 14:37:59,015 INFO L276 IsEmpty]: Start isEmpty. Operand 155 states and 211 transitions. [2022-02-20 14:37:59,015 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:59,016 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:59,016 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:59,016 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:59,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 151 states, 139 states have (on average 1.3669064748201438) internal successors, (190), 139 states have internal predecessors, (190), 7 states have call successors, (7), 3 states have call predecessors, (7), 4 states have return successors, (8), 8 states have call predecessors, (8), 4 states have call successors, (8) [2022-02-20 14:37:59,019 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 151 states to 151 states and 205 transitions. [2022-02-20 14:37:59,020 INFO L78 Accepts]: Start accepts. Automaton has 151 states and 205 transitions. Word has length 39 [2022-02-20 14:37:59,020 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:59,020 INFO L470 AbstractCegarLoop]: Abstraction has 151 states and 205 transitions. [2022-02-20 14:37:59,020 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 9.0) internal successors, (36), 3 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:59,020 INFO L276 IsEmpty]: Start isEmpty. Operand 151 states and 205 transitions. [2022-02-20 14:37:59,021 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-20 14:37:59,021 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:59,021 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:59,021 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 14:37:59,022 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:59,022 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:59,022 INFO L85 PathProgramCache]: Analyzing trace with hash -986248449, now seen corresponding path program 1 times [2022-02-20 14:37:59,022 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:59,022 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [575771516] [2022-02-20 14:37:59,023 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:59,023 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:59,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:59,066 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:37:59,072 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:59,097 INFO L290 TraceCheckUtils]: 0: Hoare triple {7262#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {7243#true} is VALID [2022-02-20 14:37:59,097 INFO L290 TraceCheckUtils]: 1: Hoare triple {7243#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {7243#true} is VALID [2022-02-20 14:37:59,097 INFO L290 TraceCheckUtils]: 2: Hoare triple {7243#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {7243#true} is VALID [2022-02-20 14:37:59,098 INFO L290 TraceCheckUtils]: 3: Hoare triple {7243#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {7243#true} is VALID [2022-02-20 14:37:59,098 INFO L290 TraceCheckUtils]: 4: Hoare triple {7243#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {7243#true} is VALID [2022-02-20 14:37:59,098 INFO L290 TraceCheckUtils]: 5: Hoare triple {7243#true} assume { :end_inline_stubMoreProcessingRequired } true; {7243#true} is VALID [2022-02-20 14:37:59,098 INFO L290 TraceCheckUtils]: 6: Hoare triple {7243#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {7243#true} is VALID [2022-02-20 14:37:59,098 INFO L290 TraceCheckUtils]: 7: Hoare triple {7243#true} assume 0 == ~tmp_ndt_2~0#1; {7243#true} is VALID [2022-02-20 14:37:59,099 INFO L290 TraceCheckUtils]: 8: Hoare triple {7243#true} ~returnVal2~0#1 := 0; {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,100 INFO L290 TraceCheckUtils]: 9: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} assume !(~s~0 == ~NP~0); {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,100 INFO L290 TraceCheckUtils]: 10: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} assume ~s~0 == ~MPR1~0; {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,101 INFO L290 TraceCheckUtils]: 11: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} assume !(259 == ~returnVal2~0#1);~s~0 := ~NP~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,101 INFO L290 TraceCheckUtils]: 12: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} #res#1 := ~returnVal2~0#1; {7264#(<= |IofCallDriver_#res#1| 0)} is VALID [2022-02-20 14:37:59,101 INFO L290 TraceCheckUtils]: 13: Hoare triple {7264#(<= |IofCallDriver_#res#1| 0)} assume true; {7264#(<= |IofCallDriver_#res#1| 0)} is VALID [2022-02-20 14:37:59,102 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {7264#(<= |IofCallDriver_#res#1| 0)} {7243#true} #436#return; {7260#(not (= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|))} is VALID [2022-02-20 14:37:59,103 INFO L290 TraceCheckUtils]: 0: Hoare triple {7243#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {7243#true} is VALID [2022-02-20 14:37:59,103 INFO L290 TraceCheckUtils]: 1: Hoare triple {7243#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {7243#true} is VALID [2022-02-20 14:37:59,103 INFO L290 TraceCheckUtils]: 2: Hoare triple {7243#true} assume { :end_inline__BLAST_init } true; {7243#true} is VALID [2022-02-20 14:37:59,103 INFO L290 TraceCheckUtils]: 3: Hoare triple {7243#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {7243#true} is VALID [2022-02-20 14:37:59,103 INFO L290 TraceCheckUtils]: 4: Hoare triple {7243#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {7243#true} is VALID [2022-02-20 14:37:59,104 INFO L290 TraceCheckUtils]: 5: Hoare triple {7243#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {7243#true} is VALID [2022-02-20 14:37:59,104 INFO L290 TraceCheckUtils]: 6: Hoare triple {7243#true} assume { :end_inline_stub_driver_init } true; {7243#true} is VALID [2022-02-20 14:37:59,104 INFO L290 TraceCheckUtils]: 7: Hoare triple {7243#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {7243#true} is VALID [2022-02-20 14:37:59,104 INFO L290 TraceCheckUtils]: 8: Hoare triple {7243#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {7243#true} is VALID [2022-02-20 14:37:59,104 INFO L290 TraceCheckUtils]: 9: Hoare triple {7243#true} assume 3 == main_~tmp_ndt_1~0#1; {7243#true} is VALID [2022-02-20 14:37:59,104 INFO L290 TraceCheckUtils]: 10: Hoare triple {7243#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {7243#true} is VALID [2022-02-20 14:37:59,105 INFO L290 TraceCheckUtils]: 11: Hoare triple {7243#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {7243#true} is VALID [2022-02-20 14:37:59,105 INFO L290 TraceCheckUtils]: 12: Hoare triple {7243#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {7243#true} is VALID [2022-02-20 14:37:59,105 INFO L290 TraceCheckUtils]: 13: Hoare triple {7243#true} assume !(~s~0 != ~NP~0); {7243#true} is VALID [2022-02-20 14:37:59,105 INFO L290 TraceCheckUtils]: 14: Hoare triple {7243#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {7243#true} is VALID [2022-02-20 14:37:59,105 INFO L290 TraceCheckUtils]: 15: Hoare triple {7243#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {7243#true} is VALID [2022-02-20 14:37:59,106 INFO L272 TraceCheckUtils]: 16: Hoare triple {7243#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {7262#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:37:59,106 INFO L290 TraceCheckUtils]: 17: Hoare triple {7262#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {7243#true} is VALID [2022-02-20 14:37:59,107 INFO L290 TraceCheckUtils]: 18: Hoare triple {7243#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {7243#true} is VALID [2022-02-20 14:37:59,107 INFO L290 TraceCheckUtils]: 19: Hoare triple {7243#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {7243#true} is VALID [2022-02-20 14:37:59,107 INFO L290 TraceCheckUtils]: 20: Hoare triple {7243#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {7243#true} is VALID [2022-02-20 14:37:59,107 INFO L290 TraceCheckUtils]: 21: Hoare triple {7243#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {7243#true} is VALID [2022-02-20 14:37:59,107 INFO L290 TraceCheckUtils]: 22: Hoare triple {7243#true} assume { :end_inline_stubMoreProcessingRequired } true; {7243#true} is VALID [2022-02-20 14:37:59,108 INFO L290 TraceCheckUtils]: 23: Hoare triple {7243#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {7243#true} is VALID [2022-02-20 14:37:59,108 INFO L290 TraceCheckUtils]: 24: Hoare triple {7243#true} assume 0 == ~tmp_ndt_2~0#1; {7243#true} is VALID [2022-02-20 14:37:59,108 INFO L290 TraceCheckUtils]: 25: Hoare triple {7243#true} ~returnVal2~0#1 := 0; {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,108 INFO L290 TraceCheckUtils]: 26: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} assume !(~s~0 == ~NP~0); {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,111 INFO L290 TraceCheckUtils]: 27: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} assume ~s~0 == ~MPR1~0; {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,112 INFO L290 TraceCheckUtils]: 28: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} assume !(259 == ~returnVal2~0#1);~s~0 := ~NP~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} is VALID [2022-02-20 14:37:59,112 INFO L290 TraceCheckUtils]: 29: Hoare triple {7263#(<= |IofCallDriver_~returnVal2~0#1| 0)} #res#1 := ~returnVal2~0#1; {7264#(<= |IofCallDriver_#res#1| 0)} is VALID [2022-02-20 14:37:59,113 INFO L290 TraceCheckUtils]: 30: Hoare triple {7264#(<= |IofCallDriver_#res#1| 0)} assume true; {7264#(<= |IofCallDriver_#res#1| 0)} is VALID [2022-02-20 14:37:59,113 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {7264#(<= |IofCallDriver_#res#1| 0)} {7243#true} #436#return; {7260#(not (= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|))} is VALID [2022-02-20 14:37:59,114 INFO L290 TraceCheckUtils]: 32: Hoare triple {7260#(not (= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|))} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {7261#(not (= 259 |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1|))} is VALID [2022-02-20 14:37:59,114 INFO L290 TraceCheckUtils]: 33: Hoare triple {7261#(not (= 259 |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1|))} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet33#1, KeWaitForSingleObject_~tmp_ndt_4~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {7244#false} is VALID [2022-02-20 14:37:59,114 INFO L290 TraceCheckUtils]: 34: Hoare triple {7244#false} assume !(~s~0 == ~MPR3~0); {7244#false} is VALID [2022-02-20 14:37:59,115 INFO L290 TraceCheckUtils]: 35: Hoare triple {7244#false} assume !(1 == ~customIrp~0); {7244#false} is VALID [2022-02-20 14:37:59,115 INFO L290 TraceCheckUtils]: 36: Hoare triple {7244#false} assume ~s~0 == ~MPR3~0; {7244#false} is VALID [2022-02-20 14:37:59,115 INFO L272 TraceCheckUtils]: 37: Hoare triple {7244#false} call errorFn(); {7244#false} is VALID [2022-02-20 14:37:59,115 INFO L290 TraceCheckUtils]: 38: Hoare triple {7244#false} assume !false; {7244#false} is VALID [2022-02-20 14:37:59,115 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:37:59,116 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:37:59,116 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [575771516] [2022-02-20 14:37:59,116 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [575771516] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:37:59,116 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:37:59,116 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 14:37:59,116 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [785703937] [2022-02-20 14:37:59,116 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:37:59,117 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.142857142857143) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 39 [2022-02-20 14:37:59,117 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:37:59,117 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 5.142857142857143) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:59,143 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:59,143 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 14:37:59,144 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:37:59,144 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 14:37:59,144 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 14:37:59,144 INFO L87 Difference]: Start difference. First operand 151 states and 205 transitions. Second operand has 7 states, 7 states have (on average 5.142857142857143) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:59,676 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:59,677 INFO L93 Difference]: Finished difference Result 218 states and 296 transitions. [2022-02-20 14:37:59,677 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 14:37:59,677 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.142857142857143) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 39 [2022-02-20 14:37:59,677 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:37:59,677 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.142857142857143) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:59,680 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 243 transitions. [2022-02-20 14:37:59,680 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.142857142857143) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:59,688 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 243 transitions. [2022-02-20 14:37:59,689 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 243 transitions. [2022-02-20 14:37:59,846 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 243 edges. 243 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:37:59,849 INFO L225 Difference]: With dead ends: 218 [2022-02-20 14:37:59,849 INFO L226 Difference]: Without dead ends: 187 [2022-02-20 14:37:59,850 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=53, Unknown=0, NotChecked=0, Total=72 [2022-02-20 14:37:59,850 INFO L933 BasicCegarLoop]: 156 mSDtfsCounter, 46 mSDsluCounter, 704 mSDsCounter, 0 mSdLazyCounter, 92 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 46 SdHoareTripleChecker+Valid, 860 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 92 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 14:37:59,850 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [46 Valid, 860 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 92 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 14:37:59,851 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 187 states. [2022-02-20 14:37:59,886 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 187 to 156. [2022-02-20 14:37:59,886 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:37:59,887 INFO L82 GeneralOperation]: Start isEquivalent. First operand 187 states. Second operand has 156 states, 143 states have (on average 1.3566433566433567) internal successors, (194), 143 states have internal predecessors, (194), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (9), 9 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:59,887 INFO L74 IsIncluded]: Start isIncluded. First operand 187 states. Second operand has 156 states, 143 states have (on average 1.3566433566433567) internal successors, (194), 143 states have internal predecessors, (194), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (9), 9 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:59,888 INFO L87 Difference]: Start difference. First operand 187 states. Second operand has 156 states, 143 states have (on average 1.3566433566433567) internal successors, (194), 143 states have internal predecessors, (194), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (9), 9 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:59,892 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:59,892 INFO L93 Difference]: Finished difference Result 187 states and 254 transitions. [2022-02-20 14:37:59,892 INFO L276 IsEmpty]: Start isEmpty. Operand 187 states and 254 transitions. [2022-02-20 14:37:59,893 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:59,893 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:59,893 INFO L74 IsIncluded]: Start isIncluded. First operand has 156 states, 143 states have (on average 1.3566433566433567) internal successors, (194), 143 states have internal predecessors, (194), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (9), 9 states have call predecessors, (9), 4 states have call successors, (9) Second operand 187 states. [2022-02-20 14:37:59,894 INFO L87 Difference]: Start difference. First operand has 156 states, 143 states have (on average 1.3566433566433567) internal successors, (194), 143 states have internal predecessors, (194), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (9), 9 states have call predecessors, (9), 4 states have call successors, (9) Second operand 187 states. [2022-02-20 14:37:59,898 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:37:59,898 INFO L93 Difference]: Finished difference Result 187 states and 254 transitions. [2022-02-20 14:37:59,898 INFO L276 IsEmpty]: Start isEmpty. Operand 187 states and 254 transitions. [2022-02-20 14:37:59,899 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:37:59,899 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:37:59,899 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:37:59,899 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:37:59,900 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 156 states, 143 states have (on average 1.3566433566433567) internal successors, (194), 143 states have internal predecessors, (194), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (9), 9 states have call predecessors, (9), 4 states have call successors, (9) [2022-02-20 14:37:59,903 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 156 states to 156 states and 210 transitions. [2022-02-20 14:37:59,903 INFO L78 Accepts]: Start accepts. Automaton has 156 states and 210 transitions. Word has length 39 [2022-02-20 14:37:59,903 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:37:59,904 INFO L470 AbstractCegarLoop]: Abstraction has 156 states and 210 transitions. [2022-02-20 14:37:59,904 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.142857142857143) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:37:59,904 INFO L276 IsEmpty]: Start isEmpty. Operand 156 states and 210 transitions. [2022-02-20 14:37:59,905 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 14:37:59,905 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:37:59,905 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:37:59,905 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2022-02-20 14:37:59,905 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:37:59,906 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:37:59,906 INFO L85 PathProgramCache]: Analyzing trace with hash 368817782, now seen corresponding path program 1 times [2022-02-20 14:37:59,906 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:37:59,906 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1060051755] [2022-02-20 14:37:59,906 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:37:59,906 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:37:59,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:59,953 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:37:59,960 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:37:59,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {8157#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {8138#true} is VALID [2022-02-20 14:37:59,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {8138#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {8138#true} is VALID [2022-02-20 14:37:59,975 INFO L290 TraceCheckUtils]: 2: Hoare triple {8138#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {8138#true} is VALID [2022-02-20 14:37:59,975 INFO L290 TraceCheckUtils]: 3: Hoare triple {8138#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {8138#true} is VALID [2022-02-20 14:37:59,976 INFO L290 TraceCheckUtils]: 4: Hoare triple {8138#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {8138#true} is VALID [2022-02-20 14:37:59,976 INFO L290 TraceCheckUtils]: 5: Hoare triple {8138#true} assume { :end_inline_stubMoreProcessingRequired } true; {8138#true} is VALID [2022-02-20 14:37:59,976 INFO L290 TraceCheckUtils]: 6: Hoare triple {8138#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {8138#true} is VALID [2022-02-20 14:37:59,976 INFO L290 TraceCheckUtils]: 7: Hoare triple {8138#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {8138#true} is VALID [2022-02-20 14:37:59,976 INFO L290 TraceCheckUtils]: 8: Hoare triple {8138#true} assume !(1 == ~tmp_ndt_3~0#1); {8138#true} is VALID [2022-02-20 14:37:59,976 INFO L290 TraceCheckUtils]: 9: Hoare triple {8138#true} ~returnVal2~0#1 := 259; {8138#true} is VALID [2022-02-20 14:37:59,977 INFO L290 TraceCheckUtils]: 10: Hoare triple {8138#true} assume !(~s~0 == ~NP~0); {8138#true} is VALID [2022-02-20 14:37:59,977 INFO L290 TraceCheckUtils]: 11: Hoare triple {8138#true} assume ~s~0 == ~MPR1~0; {8138#true} is VALID [2022-02-20 14:37:59,977 INFO L290 TraceCheckUtils]: 12: Hoare triple {8138#true} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:59,978 INFO L290 TraceCheckUtils]: 13: Hoare triple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} #res#1 := ~returnVal2~0#1; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:59,978 INFO L290 TraceCheckUtils]: 14: Hoare triple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume true; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:59,979 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} {8138#true} #436#return; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:37:59,979 INFO L290 TraceCheckUtils]: 0: Hoare triple {8138#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {8138#true} is VALID [2022-02-20 14:37:59,979 INFO L290 TraceCheckUtils]: 1: Hoare triple {8138#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {8138#true} is VALID [2022-02-20 14:37:59,980 INFO L290 TraceCheckUtils]: 2: Hoare triple {8138#true} assume { :end_inline__BLAST_init } true; {8138#true} is VALID [2022-02-20 14:37:59,980 INFO L290 TraceCheckUtils]: 3: Hoare triple {8138#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {8138#true} is VALID [2022-02-20 14:37:59,980 INFO L290 TraceCheckUtils]: 4: Hoare triple {8138#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {8138#true} is VALID [2022-02-20 14:37:59,980 INFO L290 TraceCheckUtils]: 5: Hoare triple {8138#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {8138#true} is VALID [2022-02-20 14:37:59,980 INFO L290 TraceCheckUtils]: 6: Hoare triple {8138#true} assume { :end_inline_stub_driver_init } true; {8138#true} is VALID [2022-02-20 14:37:59,984 INFO L290 TraceCheckUtils]: 7: Hoare triple {8138#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {8138#true} is VALID [2022-02-20 14:37:59,987 INFO L290 TraceCheckUtils]: 8: Hoare triple {8138#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {8138#true} is VALID [2022-02-20 14:37:59,993 INFO L290 TraceCheckUtils]: 9: Hoare triple {8138#true} assume 3 == main_~tmp_ndt_1~0#1; {8138#true} is VALID [2022-02-20 14:37:59,994 INFO L290 TraceCheckUtils]: 10: Hoare triple {8138#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {8138#true} is VALID [2022-02-20 14:37:59,995 INFO L290 TraceCheckUtils]: 11: Hoare triple {8138#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {8138#true} is VALID [2022-02-20 14:37:59,995 INFO L290 TraceCheckUtils]: 12: Hoare triple {8138#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {8138#true} is VALID [2022-02-20 14:37:59,995 INFO L290 TraceCheckUtils]: 13: Hoare triple {8138#true} assume !(~s~0 != ~NP~0); {8138#true} is VALID [2022-02-20 14:37:59,996 INFO L290 TraceCheckUtils]: 14: Hoare triple {8138#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {8138#true} is VALID [2022-02-20 14:37:59,996 INFO L290 TraceCheckUtils]: 15: Hoare triple {8138#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {8138#true} is VALID [2022-02-20 14:37:59,997 INFO L272 TraceCheckUtils]: 16: Hoare triple {8138#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {8157#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:37:59,997 INFO L290 TraceCheckUtils]: 17: Hoare triple {8157#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {8138#true} is VALID [2022-02-20 14:37:59,998 INFO L290 TraceCheckUtils]: 18: Hoare triple {8138#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {8138#true} is VALID [2022-02-20 14:37:59,998 INFO L290 TraceCheckUtils]: 19: Hoare triple {8138#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {8138#true} is VALID [2022-02-20 14:37:59,998 INFO L290 TraceCheckUtils]: 20: Hoare triple {8138#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {8138#true} is VALID [2022-02-20 14:37:59,998 INFO L290 TraceCheckUtils]: 21: Hoare triple {8138#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {8138#true} is VALID [2022-02-20 14:37:59,998 INFO L290 TraceCheckUtils]: 22: Hoare triple {8138#true} assume { :end_inline_stubMoreProcessingRequired } true; {8138#true} is VALID [2022-02-20 14:37:59,998 INFO L290 TraceCheckUtils]: 23: Hoare triple {8138#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {8138#true} is VALID [2022-02-20 14:37:59,999 INFO L290 TraceCheckUtils]: 24: Hoare triple {8138#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {8138#true} is VALID [2022-02-20 14:37:59,999 INFO L290 TraceCheckUtils]: 25: Hoare triple {8138#true} assume !(1 == ~tmp_ndt_3~0#1); {8138#true} is VALID [2022-02-20 14:37:59,999 INFO L290 TraceCheckUtils]: 26: Hoare triple {8138#true} ~returnVal2~0#1 := 259; {8138#true} is VALID [2022-02-20 14:37:59,999 INFO L290 TraceCheckUtils]: 27: Hoare triple {8138#true} assume !(~s~0 == ~NP~0); {8138#true} is VALID [2022-02-20 14:37:59,999 INFO L290 TraceCheckUtils]: 28: Hoare triple {8138#true} assume ~s~0 == ~MPR1~0; {8138#true} is VALID [2022-02-20 14:38:00,000 INFO L290 TraceCheckUtils]: 29: Hoare triple {8138#true} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:38:00,001 INFO L290 TraceCheckUtils]: 30: Hoare triple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} #res#1 := ~returnVal2~0#1; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:38:00,001 INFO L290 TraceCheckUtils]: 31: Hoare triple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume true; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:38:00,002 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} {8138#true} #436#return; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:38:00,002 INFO L290 TraceCheckUtils]: 33: Hoare triple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:38:00,003 INFO L290 TraceCheckUtils]: 34: Hoare triple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet33#1, KeWaitForSingleObject_~tmp_ndt_4~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-20 14:38:00,003 INFO L290 TraceCheckUtils]: 35: Hoare triple {8156#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume !(~s~0 == ~MPR3~0); {8139#false} is VALID [2022-02-20 14:38:00,003 INFO L290 TraceCheckUtils]: 36: Hoare triple {8139#false} assume !(1 == ~customIrp~0); {8139#false} is VALID [2022-02-20 14:38:00,004 INFO L290 TraceCheckUtils]: 37: Hoare triple {8139#false} assume ~s~0 == ~MPR3~0; {8139#false} is VALID [2022-02-20 14:38:00,004 INFO L272 TraceCheckUtils]: 38: Hoare triple {8139#false} call errorFn(); {8139#false} is VALID [2022-02-20 14:38:00,004 INFO L290 TraceCheckUtils]: 39: Hoare triple {8139#false} assume !false; {8139#false} is VALID [2022-02-20 14:38:00,004 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:38:00,005 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:38:00,005 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1060051755] [2022-02-20 14:38:00,005 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1060051755] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:38:00,005 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:38:00,005 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 14:38:00,005 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [431379588] [2022-02-20 14:38:00,006 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:38:00,006 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:00,006 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:38:00,007 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:00,032 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:00,032 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 14:38:00,032 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:38:00,032 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 14:38:00,032 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 14:38:00,033 INFO L87 Difference]: Start difference. First operand 156 states and 210 transitions. Second operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:00,359 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:00,359 INFO L93 Difference]: Finished difference Result 214 states and 286 transitions. [2022-02-20 14:38:00,359 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 14:38:00,360 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:00,360 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:38:00,360 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:00,362 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 240 transitions. [2022-02-20 14:38:00,363 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:00,365 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 240 transitions. [2022-02-20 14:38:00,365 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 240 transitions. [2022-02-20 14:38:00,552 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 240 edges. 240 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:00,554 INFO L225 Difference]: With dead ends: 214 [2022-02-20 14:38:00,555 INFO L226 Difference]: Without dead ends: 174 [2022-02-20 14:38:00,555 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 14:38:00,556 INFO L933 BasicCegarLoop]: 168 mSDtfsCounter, 51 mSDsluCounter, 236 mSDsCounter, 0 mSdLazyCounter, 90 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 51 SdHoareTripleChecker+Valid, 404 SdHoareTripleChecker+Invalid, 101 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 90 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 14:38:00,556 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [51 Valid, 404 Invalid, 101 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 90 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 14:38:00,556 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 174 states. [2022-02-20 14:38:00,592 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 174 to 161. [2022-02-20 14:38:00,592 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:38:00,593 INFO L82 GeneralOperation]: Start isEquivalent. First operand 174 states. Second operand has 161 states, 147 states have (on average 1.3265306122448979) internal successors, (195), 145 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:00,593 INFO L74 IsIncluded]: Start isIncluded. First operand 174 states. Second operand has 161 states, 147 states have (on average 1.3265306122448979) internal successors, (195), 145 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:00,593 INFO L87 Difference]: Start difference. First operand 174 states. Second operand has 161 states, 147 states have (on average 1.3265306122448979) internal successors, (195), 145 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:00,597 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:00,597 INFO L93 Difference]: Finished difference Result 174 states and 230 transitions. [2022-02-20 14:38:00,597 INFO L276 IsEmpty]: Start isEmpty. Operand 174 states and 230 transitions. [2022-02-20 14:38:00,597 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:00,597 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:00,598 INFO L74 IsIncluded]: Start isIncluded. First operand has 161 states, 147 states have (on average 1.3265306122448979) internal successors, (195), 145 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) Second operand 174 states. [2022-02-20 14:38:00,601 INFO L87 Difference]: Start difference. First operand has 161 states, 147 states have (on average 1.3265306122448979) internal successors, (195), 145 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) Second operand 174 states. [2022-02-20 14:38:00,606 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:00,606 INFO L93 Difference]: Finished difference Result 174 states and 230 transitions. [2022-02-20 14:38:00,606 INFO L276 IsEmpty]: Start isEmpty. Operand 174 states and 230 transitions. [2022-02-20 14:38:00,607 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:00,607 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:00,607 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:38:00,607 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:38:00,608 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 161 states, 147 states have (on average 1.3265306122448979) internal successors, (195), 145 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:00,611 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 161 states to 161 states and 214 transitions. [2022-02-20 14:38:00,611 INFO L78 Accepts]: Start accepts. Automaton has 161 states and 214 transitions. Word has length 40 [2022-02-20 14:38:00,611 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:38:00,611 INFO L470 AbstractCegarLoop]: Abstraction has 161 states and 214 transitions. [2022-02-20 14:38:00,611 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:00,612 INFO L276 IsEmpty]: Start isEmpty. Operand 161 states and 214 transitions. [2022-02-20 14:38:00,612 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 14:38:00,612 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:38:00,612 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:38:00,612 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-20 14:38:00,613 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:38:00,614 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:38:00,614 INFO L85 PathProgramCache]: Analyzing trace with hash 1582571415, now seen corresponding path program 1 times [2022-02-20 14:38:00,614 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:38:00,614 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [457597697] [2022-02-20 14:38:00,614 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:38:00,614 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:38:00,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:00,684 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:38:00,690 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:00,716 INFO L290 TraceCheckUtils]: 0: Hoare triple {9026#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {9006#true} is VALID [2022-02-20 14:38:00,716 INFO L290 TraceCheckUtils]: 1: Hoare triple {9006#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {9006#true} is VALID [2022-02-20 14:38:00,716 INFO L290 TraceCheckUtils]: 2: Hoare triple {9006#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {9006#true} is VALID [2022-02-20 14:38:00,716 INFO L290 TraceCheckUtils]: 3: Hoare triple {9006#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {9006#true} is VALID [2022-02-20 14:38:00,716 INFO L290 TraceCheckUtils]: 4: Hoare triple {9006#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {9006#true} is VALID [2022-02-20 14:38:00,716 INFO L290 TraceCheckUtils]: 5: Hoare triple {9006#true} assume { :end_inline_stubMoreProcessingRequired } true; {9006#true} is VALID [2022-02-20 14:38:00,717 INFO L290 TraceCheckUtils]: 6: Hoare triple {9006#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {9006#true} is VALID [2022-02-20 14:38:00,717 INFO L290 TraceCheckUtils]: 7: Hoare triple {9006#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {9006#true} is VALID [2022-02-20 14:38:00,717 INFO L290 TraceCheckUtils]: 8: Hoare triple {9006#true} assume !(1 == ~tmp_ndt_3~0#1); {9006#true} is VALID [2022-02-20 14:38:00,717 INFO L290 TraceCheckUtils]: 9: Hoare triple {9006#true} ~returnVal2~0#1 := 259; {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,717 INFO L290 TraceCheckUtils]: 10: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} assume !(~s~0 == ~NP~0); {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,718 INFO L290 TraceCheckUtils]: 11: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} assume ~s~0 == ~MPR1~0; {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,718 INFO L290 TraceCheckUtils]: 12: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,718 INFO L290 TraceCheckUtils]: 13: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} #res#1 := ~returnVal2~0#1; {9028#(<= 259 |IofCallDriver_#res#1|)} is VALID [2022-02-20 14:38:00,719 INFO L290 TraceCheckUtils]: 14: Hoare triple {9028#(<= 259 |IofCallDriver_#res#1|)} assume true; {9028#(<= 259 |IofCallDriver_#res#1|)} is VALID [2022-02-20 14:38:00,719 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {9028#(<= 259 |IofCallDriver_#res#1|)} {9006#true} #436#return; {9024#(<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|)} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 0: Hoare triple {9006#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {9006#true} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 1: Hoare triple {9006#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {9006#true} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 2: Hoare triple {9006#true} assume { :end_inline__BLAST_init } true; {9006#true} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 3: Hoare triple {9006#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {9006#true} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 4: Hoare triple {9006#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {9006#true} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 5: Hoare triple {9006#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {9006#true} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 6: Hoare triple {9006#true} assume { :end_inline_stub_driver_init } true; {9006#true} is VALID [2022-02-20 14:38:00,720 INFO L290 TraceCheckUtils]: 7: Hoare triple {9006#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {9006#true} is VALID [2022-02-20 14:38:00,721 INFO L290 TraceCheckUtils]: 8: Hoare triple {9006#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {9006#true} is VALID [2022-02-20 14:38:00,721 INFO L290 TraceCheckUtils]: 9: Hoare triple {9006#true} assume 3 == main_~tmp_ndt_1~0#1; {9006#true} is VALID [2022-02-20 14:38:00,721 INFO L290 TraceCheckUtils]: 10: Hoare triple {9006#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {9006#true} is VALID [2022-02-20 14:38:00,721 INFO L290 TraceCheckUtils]: 11: Hoare triple {9006#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {9006#true} is VALID [2022-02-20 14:38:00,721 INFO L290 TraceCheckUtils]: 12: Hoare triple {9006#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {9006#true} is VALID [2022-02-20 14:38:00,722 INFO L290 TraceCheckUtils]: 13: Hoare triple {9006#true} assume !(~s~0 != ~NP~0); {9006#true} is VALID [2022-02-20 14:38:00,722 INFO L290 TraceCheckUtils]: 14: Hoare triple {9006#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {9006#true} is VALID [2022-02-20 14:38:00,722 INFO L290 TraceCheckUtils]: 15: Hoare triple {9006#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L272 TraceCheckUtils]: 16: Hoare triple {9006#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {9026#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 17: Hoare triple {9026#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 18: Hoare triple {9006#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 19: Hoare triple {9006#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 20: Hoare triple {9006#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 21: Hoare triple {9006#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 22: Hoare triple {9006#true} assume { :end_inline_stubMoreProcessingRequired } true; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 23: Hoare triple {9006#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {9006#true} is VALID [2022-02-20 14:38:00,723 INFO L290 TraceCheckUtils]: 24: Hoare triple {9006#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {9006#true} is VALID [2022-02-20 14:38:00,724 INFO L290 TraceCheckUtils]: 25: Hoare triple {9006#true} assume !(1 == ~tmp_ndt_3~0#1); {9006#true} is VALID [2022-02-20 14:38:00,724 INFO L290 TraceCheckUtils]: 26: Hoare triple {9006#true} ~returnVal2~0#1 := 259; {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,724 INFO L290 TraceCheckUtils]: 27: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} assume !(~s~0 == ~NP~0); {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,725 INFO L290 TraceCheckUtils]: 28: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} assume ~s~0 == ~MPR1~0; {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,725 INFO L290 TraceCheckUtils]: 29: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} is VALID [2022-02-20 14:38:00,725 INFO L290 TraceCheckUtils]: 30: Hoare triple {9027#(<= 259 |IofCallDriver_~returnVal2~0#1|)} #res#1 := ~returnVal2~0#1; {9028#(<= 259 |IofCallDriver_#res#1|)} is VALID [2022-02-20 14:38:00,726 INFO L290 TraceCheckUtils]: 31: Hoare triple {9028#(<= 259 |IofCallDriver_#res#1|)} assume true; {9028#(<= 259 |IofCallDriver_#res#1|)} is VALID [2022-02-20 14:38:00,726 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {9028#(<= 259 |IofCallDriver_#res#1|)} {9006#true} #436#return; {9024#(<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|)} is VALID [2022-02-20 14:38:00,727 INFO L290 TraceCheckUtils]: 33: Hoare triple {9024#(<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {9025#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} is VALID [2022-02-20 14:38:00,727 INFO L290 TraceCheckUtils]: 34: Hoare triple {9025#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {9025#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} is VALID [2022-02-20 14:38:00,728 INFO L290 TraceCheckUtils]: 35: Hoare triple {9025#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} assume !(KbFilter_PnP_~status~0#1 >= 0); {9007#false} is VALID [2022-02-20 14:38:00,728 INFO L290 TraceCheckUtils]: 36: Hoare triple {9007#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0;assume { :begin_inline_IofCompleteRequest } true;IofCompleteRequest_#in~Irp#1, IofCompleteRequest_#in~PriorityBoost#1 := KbFilter_PnP_~Irp#1, 0;havoc IofCompleteRequest_~Irp#1, IofCompleteRequest_~PriorityBoost#1;IofCompleteRequest_~Irp#1 := IofCompleteRequest_#in~Irp#1;IofCompleteRequest_~PriorityBoost#1 := IofCompleteRequest_#in~PriorityBoost#1; {9007#false} is VALID [2022-02-20 14:38:00,728 INFO L290 TraceCheckUtils]: 37: Hoare triple {9007#false} assume !(~s~0 == ~NP~0); {9007#false} is VALID [2022-02-20 14:38:00,728 INFO L272 TraceCheckUtils]: 38: Hoare triple {9007#false} call errorFn(); {9007#false} is VALID [2022-02-20 14:38:00,728 INFO L290 TraceCheckUtils]: 39: Hoare triple {9007#false} assume !false; {9007#false} is VALID [2022-02-20 14:38:00,728 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:38:00,728 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:38:00,729 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [457597697] [2022-02-20 14:38:00,729 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [457597697] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:38:00,729 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:38:00,729 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 14:38:00,729 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1883579115] [2022-02-20 14:38:00,729 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:38:00,730 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:00,731 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:38:00,731 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:00,762 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:00,762 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 14:38:00,763 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:38:00,763 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 14:38:00,763 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 14:38:00,764 INFO L87 Difference]: Start difference. First operand 161 states and 214 transitions. Second operand has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:01,367 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:01,368 INFO L93 Difference]: Finished difference Result 209 states and 276 transitions. [2022-02-20 14:38:01,368 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 14:38:01,375 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:01,375 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:38:01,375 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:01,378 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 223 transitions. [2022-02-20 14:38:01,378 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:01,380 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 223 transitions. [2022-02-20 14:38:01,380 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 223 transitions. [2022-02-20 14:38:01,538 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 223 edges. 223 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:01,542 INFO L225 Difference]: With dead ends: 209 [2022-02-20 14:38:01,542 INFO L226 Difference]: Without dead ends: 187 [2022-02-20 14:38:01,542 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=53, Unknown=0, NotChecked=0, Total=72 [2022-02-20 14:38:01,543 INFO L933 BasicCegarLoop]: 168 mSDtfsCounter, 57 mSDsluCounter, 730 mSDsCounter, 0 mSdLazyCounter, 134 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 898 SdHoareTripleChecker+Invalid, 142 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 134 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 14:38:01,543 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [57 Valid, 898 Invalid, 142 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 134 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 14:38:01,544 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 187 states. [2022-02-20 14:38:01,594 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 187 to 162. [2022-02-20 14:38:01,594 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:38:01,594 INFO L82 GeneralOperation]: Start isEquivalent. First operand 187 states. Second operand has 162 states, 148 states have (on average 1.3175675675675675) internal successors, (195), 146 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:01,595 INFO L74 IsIncluded]: Start isIncluded. First operand 187 states. Second operand has 162 states, 148 states have (on average 1.3175675675675675) internal successors, (195), 146 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:01,595 INFO L87 Difference]: Start difference. First operand 187 states. Second operand has 162 states, 148 states have (on average 1.3175675675675675) internal successors, (195), 146 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:01,599 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:01,599 INFO L93 Difference]: Finished difference Result 187 states and 248 transitions. [2022-02-20 14:38:01,599 INFO L276 IsEmpty]: Start isEmpty. Operand 187 states and 248 transitions. [2022-02-20 14:38:01,599 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:01,599 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:01,600 INFO L74 IsIncluded]: Start isIncluded. First operand has 162 states, 148 states have (on average 1.3175675675675675) internal successors, (195), 146 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) Second operand 187 states. [2022-02-20 14:38:01,600 INFO L87 Difference]: Start difference. First operand has 162 states, 148 states have (on average 1.3175675675675675) internal successors, (195), 146 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) Second operand 187 states. [2022-02-20 14:38:01,604 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:01,604 INFO L93 Difference]: Finished difference Result 187 states and 248 transitions. [2022-02-20 14:38:01,604 INFO L276 IsEmpty]: Start isEmpty. Operand 187 states and 248 transitions. [2022-02-20 14:38:01,605 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:01,605 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:01,605 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:38:01,605 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:38:01,606 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 162 states, 148 states have (on average 1.3175675675675675) internal successors, (195), 146 states have internal predecessors, (195), 7 states have call successors, (7), 3 states have call predecessors, (7), 6 states have return successors, (12), 12 states have call predecessors, (12), 4 states have call successors, (12) [2022-02-20 14:38:01,609 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 162 states to 162 states and 214 transitions. [2022-02-20 14:38:01,609 INFO L78 Accepts]: Start accepts. Automaton has 162 states and 214 transitions. Word has length 40 [2022-02-20 14:38:01,609 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:38:01,609 INFO L470 AbstractCegarLoop]: Abstraction has 162 states and 214 transitions. [2022-02-20 14:38:01,609 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:01,609 INFO L276 IsEmpty]: Start isEmpty. Operand 162 states and 214 transitions. [2022-02-20 14:38:01,610 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 14:38:01,610 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:38:01,610 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:38:01,610 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 14:38:01,610 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:38:01,611 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:38:01,611 INFO L85 PathProgramCache]: Analyzing trace with hash 1069882360, now seen corresponding path program 1 times [2022-02-20 14:38:01,611 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:38:01,611 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1499365660] [2022-02-20 14:38:01,611 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:38:01,611 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:38:01,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:01,658 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:38:01,670 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:01,680 INFO L290 TraceCheckUtils]: 0: Hoare triple {9914#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {9896#true} is VALID [2022-02-20 14:38:01,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {9896#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {9896#true} is VALID [2022-02-20 14:38:01,681 INFO L290 TraceCheckUtils]: 2: Hoare triple {9896#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {9896#true} is VALID [2022-02-20 14:38:01,681 INFO L290 TraceCheckUtils]: 3: Hoare triple {9896#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {9896#true} is VALID [2022-02-20 14:38:01,681 INFO L290 TraceCheckUtils]: 4: Hoare triple {9896#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {9896#true} is VALID [2022-02-20 14:38:01,681 INFO L290 TraceCheckUtils]: 5: Hoare triple {9896#true} assume { :end_inline_stubMoreProcessingRequired } true; {9896#true} is VALID [2022-02-20 14:38:01,681 INFO L290 TraceCheckUtils]: 6: Hoare triple {9896#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {9896#true} is VALID [2022-02-20 14:38:01,681 INFO L290 TraceCheckUtils]: 7: Hoare triple {9896#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {9896#true} is VALID [2022-02-20 14:38:01,682 INFO L290 TraceCheckUtils]: 8: Hoare triple {9896#true} assume !(1 == ~tmp_ndt_3~0#1); {9896#true} is VALID [2022-02-20 14:38:01,682 INFO L290 TraceCheckUtils]: 9: Hoare triple {9896#true} ~returnVal2~0#1 := 259; {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} is VALID [2022-02-20 14:38:01,682 INFO L290 TraceCheckUtils]: 10: Hoare triple {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} assume !(~s~0 == ~NP~0); {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} is VALID [2022-02-20 14:38:01,683 INFO L290 TraceCheckUtils]: 11: Hoare triple {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} assume ~s~0 == ~MPR1~0; {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} is VALID [2022-02-20 14:38:01,683 INFO L290 TraceCheckUtils]: 12: Hoare triple {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} assume !(259 == ~returnVal2~0#1);~s~0 := ~NP~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {9897#false} is VALID [2022-02-20 14:38:01,683 INFO L290 TraceCheckUtils]: 13: Hoare triple {9897#false} #res#1 := ~returnVal2~0#1; {9897#false} is VALID [2022-02-20 14:38:01,683 INFO L290 TraceCheckUtils]: 14: Hoare triple {9897#false} assume true; {9897#false} is VALID [2022-02-20 14:38:01,683 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {9897#false} {9896#true} #436#return; {9897#false} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 0: Hoare triple {9896#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 1: Hoare triple {9896#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {9896#true} assume { :end_inline__BLAST_init } true; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 3: Hoare triple {9896#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 4: Hoare triple {9896#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 5: Hoare triple {9896#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 6: Hoare triple {9896#true} assume { :end_inline_stub_driver_init } true; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 7: Hoare triple {9896#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {9896#true} is VALID [2022-02-20 14:38:01,684 INFO L290 TraceCheckUtils]: 8: Hoare triple {9896#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {9896#true} is VALID [2022-02-20 14:38:01,685 INFO L290 TraceCheckUtils]: 9: Hoare triple {9896#true} assume 3 == main_~tmp_ndt_1~0#1; {9896#true} is VALID [2022-02-20 14:38:01,685 INFO L290 TraceCheckUtils]: 10: Hoare triple {9896#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {9896#true} is VALID [2022-02-20 14:38:01,685 INFO L290 TraceCheckUtils]: 11: Hoare triple {9896#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {9896#true} is VALID [2022-02-20 14:38:01,685 INFO L290 TraceCheckUtils]: 12: Hoare triple {9896#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {9896#true} is VALID [2022-02-20 14:38:01,685 INFO L290 TraceCheckUtils]: 13: Hoare triple {9896#true} assume !(~s~0 != ~NP~0); {9896#true} is VALID [2022-02-20 14:38:01,685 INFO L290 TraceCheckUtils]: 14: Hoare triple {9896#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {9896#true} is VALID [2022-02-20 14:38:01,685 INFO L290 TraceCheckUtils]: 15: Hoare triple {9896#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {9896#true} is VALID [2022-02-20 14:38:01,686 INFO L272 TraceCheckUtils]: 16: Hoare triple {9896#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {9914#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:38:01,686 INFO L290 TraceCheckUtils]: 17: Hoare triple {9914#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {9896#true} is VALID [2022-02-20 14:38:01,686 INFO L290 TraceCheckUtils]: 18: Hoare triple {9896#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {9896#true} is VALID [2022-02-20 14:38:01,686 INFO L290 TraceCheckUtils]: 19: Hoare triple {9896#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {9896#true} is VALID [2022-02-20 14:38:01,687 INFO L290 TraceCheckUtils]: 20: Hoare triple {9896#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {9896#true} is VALID [2022-02-20 14:38:01,687 INFO L290 TraceCheckUtils]: 21: Hoare triple {9896#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {9896#true} is VALID [2022-02-20 14:38:01,689 INFO L290 TraceCheckUtils]: 22: Hoare triple {9896#true} assume { :end_inline_stubMoreProcessingRequired } true; {9896#true} is VALID [2022-02-20 14:38:01,690 INFO L290 TraceCheckUtils]: 23: Hoare triple {9896#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {9896#true} is VALID [2022-02-20 14:38:01,690 INFO L290 TraceCheckUtils]: 24: Hoare triple {9896#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {9896#true} is VALID [2022-02-20 14:38:01,690 INFO L290 TraceCheckUtils]: 25: Hoare triple {9896#true} assume !(1 == ~tmp_ndt_3~0#1); {9896#true} is VALID [2022-02-20 14:38:01,691 INFO L290 TraceCheckUtils]: 26: Hoare triple {9896#true} ~returnVal2~0#1 := 259; {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} is VALID [2022-02-20 14:38:01,691 INFO L290 TraceCheckUtils]: 27: Hoare triple {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} assume !(~s~0 == ~NP~0); {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} is VALID [2022-02-20 14:38:01,692 INFO L290 TraceCheckUtils]: 28: Hoare triple {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} assume ~s~0 == ~MPR1~0; {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} is VALID [2022-02-20 14:38:01,692 INFO L290 TraceCheckUtils]: 29: Hoare triple {9915#(= (+ (- 259) |IofCallDriver_~returnVal2~0#1|) 0)} assume !(259 == ~returnVal2~0#1);~s~0 := ~NP~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {9897#false} is VALID [2022-02-20 14:38:01,692 INFO L290 TraceCheckUtils]: 30: Hoare triple {9897#false} #res#1 := ~returnVal2~0#1; {9897#false} is VALID [2022-02-20 14:38:01,692 INFO L290 TraceCheckUtils]: 31: Hoare triple {9897#false} assume true; {9897#false} is VALID [2022-02-20 14:38:01,692 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {9897#false} {9896#true} #436#return; {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L290 TraceCheckUtils]: 33: Hoare triple {9897#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L290 TraceCheckUtils]: 34: Hoare triple {9897#false} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet33#1, KeWaitForSingleObject_~tmp_ndt_4~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L290 TraceCheckUtils]: 35: Hoare triple {9897#false} assume !(~s~0 == ~MPR3~0); {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L290 TraceCheckUtils]: 36: Hoare triple {9897#false} assume !(1 == ~customIrp~0); {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L290 TraceCheckUtils]: 37: Hoare triple {9897#false} assume ~s~0 == ~MPR3~0; {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L272 TraceCheckUtils]: 38: Hoare triple {9897#false} call errorFn(); {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L290 TraceCheckUtils]: 39: Hoare triple {9897#false} assume !false; {9897#false} is VALID [2022-02-20 14:38:01,693 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:38:01,693 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:38:01,694 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1499365660] [2022-02-20 14:38:01,694 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1499365660] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:38:01,694 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:38:01,694 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 14:38:01,694 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [581673284] [2022-02-20 14:38:01,694 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:38:01,695 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:01,695 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:38:01,695 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:01,724 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:01,724 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 14:38:01,724 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:38:01,725 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 14:38:01,725 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 14:38:01,725 INFO L87 Difference]: Start difference. First operand 162 states and 214 transitions. Second operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,030 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:02,030 INFO L93 Difference]: Finished difference Result 205 states and 268 transitions. [2022-02-20 14:38:02,030 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 14:38:02,030 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:02,030 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:38:02,030 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,032 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 222 transitions. [2022-02-20 14:38:02,033 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,034 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 222 transitions. [2022-02-20 14:38:02,035 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 222 transitions. [2022-02-20 14:38:02,193 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 222 edges. 222 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:02,196 INFO L225 Difference]: With dead ends: 205 [2022-02-20 14:38:02,196 INFO L226 Difference]: Without dead ends: 158 [2022-02-20 14:38:02,196 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 14:38:02,198 INFO L933 BasicCegarLoop]: 144 mSDtfsCounter, 18 mSDsluCounter, 244 mSDsCounter, 0 mSdLazyCounter, 54 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 388 SdHoareTripleChecker+Invalid, 62 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 54 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:38:02,198 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [18 Valid, 388 Invalid, 62 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 54 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:38:02,199 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 158 states. [2022-02-20 14:38:02,252 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 158 to 154. [2022-02-20 14:38:02,252 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:38:02,253 INFO L82 GeneralOperation]: Start isEquivalent. First operand 158 states. Second operand has 154 states, 141 states have (on average 1.2907801418439717) internal successors, (182), 139 states have internal predecessors, (182), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (11), 11 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 14:38:02,254 INFO L74 IsIncluded]: Start isIncluded. First operand 158 states. Second operand has 154 states, 141 states have (on average 1.2907801418439717) internal successors, (182), 139 states have internal predecessors, (182), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (11), 11 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 14:38:02,254 INFO L87 Difference]: Start difference. First operand 158 states. Second operand has 154 states, 141 states have (on average 1.2907801418439717) internal successors, (182), 139 states have internal predecessors, (182), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (11), 11 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 14:38:02,258 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:02,258 INFO L93 Difference]: Finished difference Result 158 states and 206 transitions. [2022-02-20 14:38:02,258 INFO L276 IsEmpty]: Start isEmpty. Operand 158 states and 206 transitions. [2022-02-20 14:38:02,260 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:02,260 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:02,261 INFO L74 IsIncluded]: Start isIncluded. First operand has 154 states, 141 states have (on average 1.2907801418439717) internal successors, (182), 139 states have internal predecessors, (182), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (11), 11 states have call predecessors, (11), 4 states have call successors, (11) Second operand 158 states. [2022-02-20 14:38:02,262 INFO L87 Difference]: Start difference. First operand has 154 states, 141 states have (on average 1.2907801418439717) internal successors, (182), 139 states have internal predecessors, (182), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (11), 11 states have call predecessors, (11), 4 states have call successors, (11) Second operand 158 states. [2022-02-20 14:38:02,265 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:02,265 INFO L93 Difference]: Finished difference Result 158 states and 206 transitions. [2022-02-20 14:38:02,265 INFO L276 IsEmpty]: Start isEmpty. Operand 158 states and 206 transitions. [2022-02-20 14:38:02,266 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:02,266 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:02,266 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:38:02,266 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:38:02,267 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 154 states, 141 states have (on average 1.2907801418439717) internal successors, (182), 139 states have internal predecessors, (182), 7 states have call successors, (7), 3 states have call predecessors, (7), 5 states have return successors, (11), 11 states have call predecessors, (11), 4 states have call successors, (11) [2022-02-20 14:38:02,270 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 154 states to 154 states and 200 transitions. [2022-02-20 14:38:02,270 INFO L78 Accepts]: Start accepts. Automaton has 154 states and 200 transitions. Word has length 40 [2022-02-20 14:38:02,270 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:38:02,270 INFO L470 AbstractCegarLoop]: Abstraction has 154 states and 200 transitions. [2022-02-20 14:38:02,270 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,271 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 200 transitions. [2022-02-20 14:38:02,271 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 41 [2022-02-20 14:38:02,271 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:38:02,271 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:38:02,272 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2022-02-20 14:38:02,272 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:38:02,272 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:38:02,273 INFO L85 PathProgramCache]: Analyzing trace with hash -760530929, now seen corresponding path program 1 times [2022-02-20 14:38:02,273 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:38:02,273 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1295599229] [2022-02-20 14:38:02,273 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:38:02,273 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:38:02,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:02,328 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:38:02,332 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:02,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {10725#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {10709#true} is VALID [2022-02-20 14:38:02,337 INFO L290 TraceCheckUtils]: 1: Hoare triple {10709#true} assume !(0 != ~compRegistered~0); {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 2: Hoare triple {10709#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 3: Hoare triple {10709#true} assume 0 == ~tmp_ndt_2~0#1; {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 4: Hoare triple {10709#true} ~returnVal2~0#1 := 0; {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 5: Hoare triple {10709#true} assume !(~s~0 == ~NP~0); {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 6: Hoare triple {10709#true} assume !(~s~0 == ~MPR1~0); {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 7: Hoare triple {10709#true} assume ~s~0 == ~SKIP1~0;~s~0 := ~SKIP2~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 8: Hoare triple {10709#true} #res#1 := ~returnVal2~0#1; {10709#true} is VALID [2022-02-20 14:38:02,338 INFO L290 TraceCheckUtils]: 9: Hoare triple {10709#true} assume true; {10709#true} is VALID [2022-02-20 14:38:02,339 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {10709#true} {10713#(not (= ~pended~0 1))} #444#return; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {10709#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {10709#true} is VALID [2022-02-20 14:38:02,339 INFO L290 TraceCheckUtils]: 1: Hoare triple {10709#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {10709#true} is VALID [2022-02-20 14:38:02,340 INFO L290 TraceCheckUtils]: 2: Hoare triple {10709#true} assume { :end_inline__BLAST_init } true; {10709#true} is VALID [2022-02-20 14:38:02,340 INFO L290 TraceCheckUtils]: 3: Hoare triple {10709#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {10709#true} is VALID [2022-02-20 14:38:02,340 INFO L290 TraceCheckUtils]: 4: Hoare triple {10709#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {10709#true} is VALID [2022-02-20 14:38:02,340 INFO L290 TraceCheckUtils]: 5: Hoare triple {10709#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {10711#(= ~pended~0 0)} is VALID [2022-02-20 14:38:02,340 INFO L290 TraceCheckUtils]: 6: Hoare triple {10711#(= ~pended~0 0)} assume { :end_inline_stub_driver_init } true; {10711#(= ~pended~0 0)} is VALID [2022-02-20 14:38:02,341 INFO L290 TraceCheckUtils]: 7: Hoare triple {10711#(= ~pended~0 0)} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {10712#(and (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0))} is VALID [2022-02-20 14:38:02,341 INFO L290 TraceCheckUtils]: 8: Hoare triple {10712#(and (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0))} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,341 INFO L290 TraceCheckUtils]: 9: Hoare triple {10713#(not (= ~pended~0 1))} assume 3 == main_~tmp_ndt_1~0#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,342 INFO L290 TraceCheckUtils]: 10: Hoare triple {10713#(not (= ~pended~0 1))} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,342 INFO L290 TraceCheckUtils]: 11: Hoare triple {10713#(not (= ~pended~0 1))} assume !(0 == KbFilter_PnP_~irpStack__MinorFunction~0#1); {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,343 INFO L290 TraceCheckUtils]: 12: Hoare triple {10713#(not (= ~pended~0 1))} assume 23 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,344 INFO L290 TraceCheckUtils]: 13: Hoare triple {10713#(not (= ~pended~0 1))} KbFilter_PnP_~devExt__SurpriseRemoved~0#1 := 1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,344 INFO L290 TraceCheckUtils]: 14: Hoare triple {10713#(not (= ~pended~0 1))} assume ~s~0 == ~NP~0;~s~0 := ~SKIP1~0; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,344 INFO L290 TraceCheckUtils]: 15: Hoare triple {10713#(not (= ~pended~0 1))} KbFilter_PnP_#t~post14#1 := KbFilter_PnP_~Irp__CurrentLocation~0#1;KbFilter_PnP_~Irp__CurrentLocation~0#1 := 1 + KbFilter_PnP_#t~post14#1;havoc KbFilter_PnP_#t~post14#1;KbFilter_PnP_#t~post15#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := 1 + KbFilter_PnP_#t~post15#1;havoc KbFilter_PnP_#t~post15#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,345 INFO L272 TraceCheckUtils]: 16: Hoare triple {10713#(not (= ~pended~0 1))} call KbFilter_PnP_#t~ret16#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {10725#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:38:02,345 INFO L290 TraceCheckUtils]: 17: Hoare triple {10725#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {10709#true} is VALID [2022-02-20 14:38:02,345 INFO L290 TraceCheckUtils]: 18: Hoare triple {10709#true} assume !(0 != ~compRegistered~0); {10709#true} is VALID [2022-02-20 14:38:02,345 INFO L290 TraceCheckUtils]: 19: Hoare triple {10709#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {10709#true} is VALID [2022-02-20 14:38:02,345 INFO L290 TraceCheckUtils]: 20: Hoare triple {10709#true} assume 0 == ~tmp_ndt_2~0#1; {10709#true} is VALID [2022-02-20 14:38:02,346 INFO L290 TraceCheckUtils]: 21: Hoare triple {10709#true} ~returnVal2~0#1 := 0; {10709#true} is VALID [2022-02-20 14:38:02,346 INFO L290 TraceCheckUtils]: 22: Hoare triple {10709#true} assume !(~s~0 == ~NP~0); {10709#true} is VALID [2022-02-20 14:38:02,346 INFO L290 TraceCheckUtils]: 23: Hoare triple {10709#true} assume !(~s~0 == ~MPR1~0); {10709#true} is VALID [2022-02-20 14:38:02,346 INFO L290 TraceCheckUtils]: 24: Hoare triple {10709#true} assume ~s~0 == ~SKIP1~0;~s~0 := ~SKIP2~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {10709#true} is VALID [2022-02-20 14:38:02,346 INFO L290 TraceCheckUtils]: 25: Hoare triple {10709#true} #res#1 := ~returnVal2~0#1; {10709#true} is VALID [2022-02-20 14:38:02,346 INFO L290 TraceCheckUtils]: 26: Hoare triple {10709#true} assume true; {10709#true} is VALID [2022-02-20 14:38:02,347 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {10709#true} {10713#(not (= ~pended~0 1))} #444#return; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,347 INFO L290 TraceCheckUtils]: 28: Hoare triple {10713#(not (= ~pended~0 1))} assume -2147483648 <= KbFilter_PnP_#t~ret16#1 && KbFilter_PnP_#t~ret16#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret16#1;havoc KbFilter_PnP_#t~ret16#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,347 INFO L290 TraceCheckUtils]: 29: Hoare triple {10713#(not (= ~pended~0 1))} KbFilter_PnP_#res#1 := KbFilter_PnP_~status~0#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,348 INFO L290 TraceCheckUtils]: 30: Hoare triple {10713#(not (= ~pended~0 1))} main_#t~ret27#1 := KbFilter_PnP_#res#1;assume { :end_inline_KbFilter_PnP } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~status~1#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,348 INFO L290 TraceCheckUtils]: 31: Hoare triple {10713#(not (= ~pended~0 1))} assume !(1 == ~pended~0); {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,348 INFO L290 TraceCheckUtils]: 32: Hoare triple {10713#(not (= ~pended~0 1))} assume !(1 == ~pended~0); {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,349 INFO L290 TraceCheckUtils]: 33: Hoare triple {10713#(not (= ~pended~0 1))} assume ~s~0 != ~UNLOADED~0; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,349 INFO L290 TraceCheckUtils]: 34: Hoare triple {10713#(not (= ~pended~0 1))} assume -1 != main_~status~1#1; {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,349 INFO L290 TraceCheckUtils]: 35: Hoare triple {10713#(not (= ~pended~0 1))} assume !(~s~0 != ~SKIP2~0); {10713#(not (= ~pended~0 1))} is VALID [2022-02-20 14:38:02,349 INFO L290 TraceCheckUtils]: 36: Hoare triple {10713#(not (= ~pended~0 1))} assume 1 == ~pended~0; {10710#false} is VALID [2022-02-20 14:38:02,350 INFO L290 TraceCheckUtils]: 37: Hoare triple {10710#false} assume 259 != main_~status~1#1; {10710#false} is VALID [2022-02-20 14:38:02,350 INFO L272 TraceCheckUtils]: 38: Hoare triple {10710#false} call errorFn(); {10710#false} is VALID [2022-02-20 14:38:02,350 INFO L290 TraceCheckUtils]: 39: Hoare triple {10710#false} assume !false; {10710#false} is VALID [2022-02-20 14:38:02,350 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:38:02,350 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:38:02,350 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1295599229] [2022-02-20 14:38:02,350 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1295599229] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:38:02,350 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:38:02,351 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 14:38:02,351 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1407866429] [2022-02-20 14:38:02,351 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:38:02,352 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:02,352 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:38:02,352 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,377 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 40 edges. 40 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:02,377 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 14:38:02,377 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:38:02,378 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 14:38:02,378 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=12, Invalid=18, Unknown=0, NotChecked=0, Total=30 [2022-02-20 14:38:02,378 INFO L87 Difference]: Start difference. First operand 154 states and 200 transitions. Second operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,715 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:02,715 INFO L93 Difference]: Finished difference Result 164 states and 212 transitions. [2022-02-20 14:38:02,715 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 14:38:02,716 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 40 [2022-02-20 14:38:02,716 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:38:02,716 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,718 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 167 transitions. [2022-02-20 14:38:02,718 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,719 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 167 transitions. [2022-02-20 14:38:02,719 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 167 transitions. [2022-02-20 14:38:02,857 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 167 edges. 167 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:02,857 INFO L225 Difference]: With dead ends: 164 [2022-02-20 14:38:02,858 INFO L226 Difference]: Without dead ends: 47 [2022-02-20 14:38:02,858 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 14:38:02,858 INFO L933 BasicCegarLoop]: 126 mSDtfsCounter, 187 mSDsluCounter, 115 mSDsCounter, 0 mSdLazyCounter, 61 mSolverCounterSat, 28 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 191 SdHoareTripleChecker+Valid, 241 SdHoareTripleChecker+Invalid, 89 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 28 IncrementalHoareTripleChecker+Valid, 61 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 14:38:02,859 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [191 Valid, 241 Invalid, 89 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [28 Valid, 61 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 14:38:02,859 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 47 states. [2022-02-20 14:38:02,873 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 47 to 47. [2022-02-20 14:38:02,874 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:38:02,874 INFO L82 GeneralOperation]: Start isEquivalent. First operand 47 states. Second operand has 47 states, 42 states have (on average 1.0714285714285714) internal successors, (45), 43 states have internal predecessors, (45), 3 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,874 INFO L74 IsIncluded]: Start isIncluded. First operand 47 states. Second operand has 47 states, 42 states have (on average 1.0714285714285714) internal successors, (45), 43 states have internal predecessors, (45), 3 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,874 INFO L87 Difference]: Start difference. First operand 47 states. Second operand has 47 states, 42 states have (on average 1.0714285714285714) internal successors, (45), 43 states have internal predecessors, (45), 3 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,875 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:02,875 INFO L93 Difference]: Finished difference Result 47 states and 49 transitions. [2022-02-20 14:38:02,875 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 49 transitions. [2022-02-20 14:38:02,876 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:02,876 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:02,876 INFO L74 IsIncluded]: Start isIncluded. First operand has 47 states, 42 states have (on average 1.0714285714285714) internal successors, (45), 43 states have internal predecessors, (45), 3 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Second operand 47 states. [2022-02-20 14:38:02,876 INFO L87 Difference]: Start difference. First operand has 47 states, 42 states have (on average 1.0714285714285714) internal successors, (45), 43 states have internal predecessors, (45), 3 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Second operand 47 states. [2022-02-20 14:38:02,877 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:02,877 INFO L93 Difference]: Finished difference Result 47 states and 49 transitions. [2022-02-20 14:38:02,877 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 49 transitions. [2022-02-20 14:38:02,877 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:02,878 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:02,878 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:38:02,878 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:38:02,878 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 47 states, 42 states have (on average 1.0714285714285714) internal successors, (45), 43 states have internal predecessors, (45), 3 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,879 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 47 states to 47 states and 49 transitions. [2022-02-20 14:38:02,879 INFO L78 Accepts]: Start accepts. Automaton has 47 states and 49 transitions. Word has length 40 [2022-02-20 14:38:02,879 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:38:02,879 INFO L470 AbstractCegarLoop]: Abstraction has 47 states and 49 transitions. [2022-02-20 14:38:02,879 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,880 INFO L276 IsEmpty]: Start isEmpty. Operand 47 states and 49 transitions. [2022-02-20 14:38:02,881 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 14:38:02,881 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:38:02,882 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:38:02,882 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable13 [2022-02-20 14:38:02,882 INFO L402 AbstractCegarLoop]: === Iteration 15 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:38:02,882 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:38:02,882 INFO L85 PathProgramCache]: Analyzing trace with hash -1689213541, now seen corresponding path program 1 times [2022-02-20 14:38:02,883 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:38:02,883 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2047739893] [2022-02-20 14:38:02,883 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:38:02,883 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:38:02,904 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:02,923 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:38:02,929 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:02,945 INFO L290 TraceCheckUtils]: 0: Hoare triple {11123#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {11104#true} is VALID [2022-02-20 14:38:02,946 INFO L290 TraceCheckUtils]: 1: Hoare triple {11104#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,946 INFO L290 TraceCheckUtils]: 2: Hoare triple {11122#(= ~setEventCalled~0 1)} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,946 INFO L290 TraceCheckUtils]: 3: Hoare triple {11122#(= ~setEventCalled~0 1)} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,947 INFO L290 TraceCheckUtils]: 4: Hoare triple {11122#(= ~setEventCalled~0 1)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,954 INFO L290 TraceCheckUtils]: 5: Hoare triple {11122#(= ~setEventCalled~0 1)} assume { :end_inline_stubMoreProcessingRequired } true; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,954 INFO L290 TraceCheckUtils]: 6: Hoare triple {11122#(= ~setEventCalled~0 1)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,955 INFO L290 TraceCheckUtils]: 7: Hoare triple {11122#(= ~setEventCalled~0 1)} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,955 INFO L290 TraceCheckUtils]: 8: Hoare triple {11122#(= ~setEventCalled~0 1)} assume !(1 == ~tmp_ndt_3~0#1); {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,955 INFO L290 TraceCheckUtils]: 9: Hoare triple {11122#(= ~setEventCalled~0 1)} ~returnVal2~0#1 := 259; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,956 INFO L290 TraceCheckUtils]: 10: Hoare triple {11122#(= ~setEventCalled~0 1)} assume !(~s~0 == ~NP~0); {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,956 INFO L290 TraceCheckUtils]: 11: Hoare triple {11122#(= ~setEventCalled~0 1)} assume ~s~0 == ~MPR1~0; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,956 INFO L290 TraceCheckUtils]: 12: Hoare triple {11122#(= ~setEventCalled~0 1)} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,957 INFO L290 TraceCheckUtils]: 13: Hoare triple {11122#(= ~setEventCalled~0 1)} #res#1 := ~returnVal2~0#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,957 INFO L290 TraceCheckUtils]: 14: Hoare triple {11122#(= ~setEventCalled~0 1)} assume true; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,958 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {11122#(= ~setEventCalled~0 1)} {11104#true} #436#return; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,959 INFO L290 TraceCheckUtils]: 0: Hoare triple {11104#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {11104#true} is VALID [2022-02-20 14:38:02,959 INFO L290 TraceCheckUtils]: 1: Hoare triple {11104#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11104#true} is VALID [2022-02-20 14:38:02,959 INFO L290 TraceCheckUtils]: 2: Hoare triple {11104#true} assume { :end_inline__BLAST_init } true; {11104#true} is VALID [2022-02-20 14:38:02,959 INFO L290 TraceCheckUtils]: 3: Hoare triple {11104#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {11104#true} is VALID [2022-02-20 14:38:02,959 INFO L290 TraceCheckUtils]: 4: Hoare triple {11104#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {11104#true} is VALID [2022-02-20 14:38:02,959 INFO L290 TraceCheckUtils]: 5: Hoare triple {11104#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11104#true} is VALID [2022-02-20 14:38:02,959 INFO L290 TraceCheckUtils]: 6: Hoare triple {11104#true} assume { :end_inline_stub_driver_init } true; {11104#true} is VALID [2022-02-20 14:38:02,960 INFO L290 TraceCheckUtils]: 7: Hoare triple {11104#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {11104#true} is VALID [2022-02-20 14:38:02,960 INFO L290 TraceCheckUtils]: 8: Hoare triple {11104#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {11104#true} is VALID [2022-02-20 14:38:02,960 INFO L290 TraceCheckUtils]: 9: Hoare triple {11104#true} assume 3 == main_~tmp_ndt_1~0#1; {11104#true} is VALID [2022-02-20 14:38:02,960 INFO L290 TraceCheckUtils]: 10: Hoare triple {11104#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {11104#true} is VALID [2022-02-20 14:38:02,960 INFO L290 TraceCheckUtils]: 11: Hoare triple {11104#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {11104#true} is VALID [2022-02-20 14:38:02,960 INFO L290 TraceCheckUtils]: 12: Hoare triple {11104#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {11104#true} is VALID [2022-02-20 14:38:02,961 INFO L290 TraceCheckUtils]: 13: Hoare triple {11104#true} assume !(~s~0 != ~NP~0); {11104#true} is VALID [2022-02-20 14:38:02,961 INFO L290 TraceCheckUtils]: 14: Hoare triple {11104#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {11104#true} is VALID [2022-02-20 14:38:02,961 INFO L290 TraceCheckUtils]: 15: Hoare triple {11104#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {11104#true} is VALID [2022-02-20 14:38:02,962 INFO L272 TraceCheckUtils]: 16: Hoare triple {11104#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {11123#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:38:02,962 INFO L290 TraceCheckUtils]: 17: Hoare triple {11123#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {11104#true} is VALID [2022-02-20 14:38:02,962 INFO L290 TraceCheckUtils]: 18: Hoare triple {11104#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,963 INFO L290 TraceCheckUtils]: 19: Hoare triple {11122#(= ~setEventCalled~0 1)} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,963 INFO L290 TraceCheckUtils]: 20: Hoare triple {11122#(= ~setEventCalled~0 1)} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,963 INFO L290 TraceCheckUtils]: 21: Hoare triple {11122#(= ~setEventCalled~0 1)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,964 INFO L290 TraceCheckUtils]: 22: Hoare triple {11122#(= ~setEventCalled~0 1)} assume { :end_inline_stubMoreProcessingRequired } true; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,964 INFO L290 TraceCheckUtils]: 23: Hoare triple {11122#(= ~setEventCalled~0 1)} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,964 INFO L290 TraceCheckUtils]: 24: Hoare triple {11122#(= ~setEventCalled~0 1)} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,965 INFO L290 TraceCheckUtils]: 25: Hoare triple {11122#(= ~setEventCalled~0 1)} assume !(1 == ~tmp_ndt_3~0#1); {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,965 INFO L290 TraceCheckUtils]: 26: Hoare triple {11122#(= ~setEventCalled~0 1)} ~returnVal2~0#1 := 259; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,965 INFO L290 TraceCheckUtils]: 27: Hoare triple {11122#(= ~setEventCalled~0 1)} assume !(~s~0 == ~NP~0); {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,966 INFO L290 TraceCheckUtils]: 28: Hoare triple {11122#(= ~setEventCalled~0 1)} assume ~s~0 == ~MPR1~0; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,966 INFO L290 TraceCheckUtils]: 29: Hoare triple {11122#(= ~setEventCalled~0 1)} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,966 INFO L290 TraceCheckUtils]: 30: Hoare triple {11122#(= ~setEventCalled~0 1)} #res#1 := ~returnVal2~0#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,967 INFO L290 TraceCheckUtils]: 31: Hoare triple {11122#(= ~setEventCalled~0 1)} assume true; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,967 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {11122#(= ~setEventCalled~0 1)} {11104#true} #436#return; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,968 INFO L290 TraceCheckUtils]: 33: Hoare triple {11122#(= ~setEventCalled~0 1)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,968 INFO L290 TraceCheckUtils]: 34: Hoare triple {11122#(= ~setEventCalled~0 1)} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet33#1, KeWaitForSingleObject_~tmp_ndt_4~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,968 INFO L290 TraceCheckUtils]: 35: Hoare triple {11122#(= ~setEventCalled~0 1)} assume ~s~0 == ~MPR3~0; {11122#(= ~setEventCalled~0 1)} is VALID [2022-02-20 14:38:02,969 INFO L290 TraceCheckUtils]: 36: Hoare triple {11122#(= ~setEventCalled~0 1)} assume !(1 == ~setEventCalled~0); {11105#false} is VALID [2022-02-20 14:38:02,969 INFO L290 TraceCheckUtils]: 37: Hoare triple {11105#false} assume !(1 == ~customIrp~0); {11105#false} is VALID [2022-02-20 14:38:02,969 INFO L290 TraceCheckUtils]: 38: Hoare triple {11105#false} assume ~s~0 == ~MPR3~0; {11105#false} is VALID [2022-02-20 14:38:02,969 INFO L272 TraceCheckUtils]: 39: Hoare triple {11105#false} call errorFn(); {11105#false} is VALID [2022-02-20 14:38:02,969 INFO L290 TraceCheckUtils]: 40: Hoare triple {11105#false} assume !false; {11105#false} is VALID [2022-02-20 14:38:02,970 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:38:02,970 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:38:02,970 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2047739893] [2022-02-20 14:38:02,970 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2047739893] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:38:02,970 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:38:02,970 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 14:38:02,971 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [27799434] [2022-02-20 14:38:02,971 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:38:02,971 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 14:38:02,971 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:38:02,972 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:02,998 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:02,998 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 14:38:02,998 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:38:02,999 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 14:38:02,999 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 14:38:02,999 INFO L87 Difference]: Start difference. First operand 47 states and 49 transitions. Second operand has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,082 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,082 INFO L93 Difference]: Finished difference Result 49 states and 50 transitions. [2022-02-20 14:38:03,083 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 14:38:03,083 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 14:38:03,083 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:38:03,083 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,084 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 50 transitions. [2022-02-20 14:38:03,084 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,086 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 50 transitions. [2022-02-20 14:38:03,086 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 50 transitions. [2022-02-20 14:38:03,125 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:03,126 INFO L225 Difference]: With dead ends: 49 [2022-02-20 14:38:03,126 INFO L226 Difference]: Without dead ends: 42 [2022-02-20 14:38:03,126 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 3 SyntacticMatches, 1 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 14:38:03,127 INFO L933 BasicCegarLoop]: 45 mSDtfsCounter, 10 mSDsluCounter, 43 mSDsCounter, 0 mSdLazyCounter, 17 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 88 SdHoareTripleChecker+Invalid, 18 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 17 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:38:03,127 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [10 Valid, 88 Invalid, 18 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 17 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:38:03,128 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2022-02-20 14:38:03,139 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 42. [2022-02-20 14:38:03,139 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:38:03,140 INFO L82 GeneralOperation]: Start isEquivalent. First operand 42 states. Second operand has 42 states, 38 states have (on average 1.0526315789473684) internal successors, (40), 38 states have internal predecessors, (40), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,140 INFO L74 IsIncluded]: Start isIncluded. First operand 42 states. Second operand has 42 states, 38 states have (on average 1.0526315789473684) internal successors, (40), 38 states have internal predecessors, (40), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,140 INFO L87 Difference]: Start difference. First operand 42 states. Second operand has 42 states, 38 states have (on average 1.0526315789473684) internal successors, (40), 38 states have internal predecessors, (40), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,141 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,141 INFO L93 Difference]: Finished difference Result 42 states and 43 transitions. [2022-02-20 14:38:03,141 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 43 transitions. [2022-02-20 14:38:03,141 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:03,141 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:03,142 INFO L74 IsIncluded]: Start isIncluded. First operand has 42 states, 38 states have (on average 1.0526315789473684) internal successors, (40), 38 states have internal predecessors, (40), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Second operand 42 states. [2022-02-20 14:38:03,142 INFO L87 Difference]: Start difference. First operand has 42 states, 38 states have (on average 1.0526315789473684) internal successors, (40), 38 states have internal predecessors, (40), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Second operand 42 states. [2022-02-20 14:38:03,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,142 INFO L93 Difference]: Finished difference Result 42 states and 43 transitions. [2022-02-20 14:38:03,143 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 43 transitions. [2022-02-20 14:38:03,143 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:03,143 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:03,143 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:38:03,143 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:38:03,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 42 states, 38 states have (on average 1.0526315789473684) internal successors, (40), 38 states have internal predecessors, (40), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,144 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 42 states to 42 states and 43 transitions. [2022-02-20 14:38:03,144 INFO L78 Accepts]: Start accepts. Automaton has 42 states and 43 transitions. Word has length 41 [2022-02-20 14:38:03,144 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:38:03,145 INFO L470 AbstractCegarLoop]: Abstraction has 42 states and 43 transitions. [2022-02-20 14:38:03,145 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,145 INFO L276 IsEmpty]: Start isEmpty. Operand 42 states and 43 transitions. [2022-02-20 14:38:03,145 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 14:38:03,145 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:38:03,145 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:38:03,146 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable14 [2022-02-20 14:38:03,146 INFO L402 AbstractCegarLoop]: === Iteration 16 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:38:03,146 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:38:03,146 INFO L85 PathProgramCache]: Analyzing trace with hash 1579234754, now seen corresponding path program 1 times [2022-02-20 14:38:03,146 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:38:03,147 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [46809427] [2022-02-20 14:38:03,147 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:38:03,147 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:38:03,165 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:03,183 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:38:03,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:03,193 INFO L290 TraceCheckUtils]: 0: Hoare triple {11351#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {11332#true} is VALID [2022-02-20 14:38:03,194 INFO L290 TraceCheckUtils]: 1: Hoare triple {11332#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11332#true} is VALID [2022-02-20 14:38:03,194 INFO L290 TraceCheckUtils]: 2: Hoare triple {11332#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {11332#true} is VALID [2022-02-20 14:38:03,194 INFO L290 TraceCheckUtils]: 3: Hoare triple {11332#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {11332#true} is VALID [2022-02-20 14:38:03,194 INFO L290 TraceCheckUtils]: 4: Hoare triple {11332#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {11332#true} is VALID [2022-02-20 14:38:03,194 INFO L290 TraceCheckUtils]: 5: Hoare triple {11332#true} assume { :end_inline_stubMoreProcessingRequired } true; {11332#true} is VALID [2022-02-20 14:38:03,195 INFO L290 TraceCheckUtils]: 6: Hoare triple {11332#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {11332#true} is VALID [2022-02-20 14:38:03,195 INFO L290 TraceCheckUtils]: 7: Hoare triple {11332#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {11332#true} is VALID [2022-02-20 14:38:03,195 INFO L290 TraceCheckUtils]: 8: Hoare triple {11332#true} assume !(1 == ~tmp_ndt_3~0#1); {11332#true} is VALID [2022-02-20 14:38:03,195 INFO L290 TraceCheckUtils]: 9: Hoare triple {11332#true} ~returnVal2~0#1 := 259; {11332#true} is VALID [2022-02-20 14:38:03,195 INFO L290 TraceCheckUtils]: 10: Hoare triple {11332#true} assume !(~s~0 == ~NP~0); {11332#true} is VALID [2022-02-20 14:38:03,195 INFO L290 TraceCheckUtils]: 11: Hoare triple {11332#true} assume ~s~0 == ~MPR1~0; {11332#true} is VALID [2022-02-20 14:38:03,196 INFO L290 TraceCheckUtils]: 12: Hoare triple {11332#true} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {11332#true} is VALID [2022-02-20 14:38:03,196 INFO L290 TraceCheckUtils]: 13: Hoare triple {11332#true} #res#1 := ~returnVal2~0#1; {11332#true} is VALID [2022-02-20 14:38:03,196 INFO L290 TraceCheckUtils]: 14: Hoare triple {11332#true} assume true; {11332#true} is VALID [2022-02-20 14:38:03,197 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {11332#true} {11334#(<= (+ ~myStatus~0 1073741637) 0)} #436#return; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,197 INFO L290 TraceCheckUtils]: 0: Hoare triple {11332#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {11332#true} is VALID [2022-02-20 14:38:03,197 INFO L290 TraceCheckUtils]: 1: Hoare triple {11332#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11332#true} is VALID [2022-02-20 14:38:03,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {11332#true} assume { :end_inline__BLAST_init } true; {11332#true} is VALID [2022-02-20 14:38:03,197 INFO L290 TraceCheckUtils]: 3: Hoare triple {11332#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {11332#true} is VALID [2022-02-20 14:38:03,198 INFO L290 TraceCheckUtils]: 4: Hoare triple {11332#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,198 INFO L290 TraceCheckUtils]: 5: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,199 INFO L290 TraceCheckUtils]: 6: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume { :end_inline_stub_driver_init } true; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,199 INFO L290 TraceCheckUtils]: 7: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,200 INFO L290 TraceCheckUtils]: 8: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,200 INFO L290 TraceCheckUtils]: 9: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume 3 == main_~tmp_ndt_1~0#1; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,201 INFO L290 TraceCheckUtils]: 10: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,201 INFO L290 TraceCheckUtils]: 11: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,202 INFO L290 TraceCheckUtils]: 12: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,202 INFO L290 TraceCheckUtils]: 13: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume !(~s~0 != ~NP~0); {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,202 INFO L290 TraceCheckUtils]: 14: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,203 INFO L290 TraceCheckUtils]: 15: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,204 INFO L272 TraceCheckUtils]: 16: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {11351#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:38:03,204 INFO L290 TraceCheckUtils]: 17: Hoare triple {11351#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {11332#true} is VALID [2022-02-20 14:38:03,204 INFO L290 TraceCheckUtils]: 18: Hoare triple {11332#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11332#true} is VALID [2022-02-20 14:38:03,204 INFO L290 TraceCheckUtils]: 19: Hoare triple {11332#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {11332#true} is VALID [2022-02-20 14:38:03,204 INFO L290 TraceCheckUtils]: 20: Hoare triple {11332#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {11332#true} is VALID [2022-02-20 14:38:03,204 INFO L290 TraceCheckUtils]: 21: Hoare triple {11332#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {11332#true} is VALID [2022-02-20 14:38:03,205 INFO L290 TraceCheckUtils]: 22: Hoare triple {11332#true} assume { :end_inline_stubMoreProcessingRequired } true; {11332#true} is VALID [2022-02-20 14:38:03,205 INFO L290 TraceCheckUtils]: 23: Hoare triple {11332#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {11332#true} is VALID [2022-02-20 14:38:03,205 INFO L290 TraceCheckUtils]: 24: Hoare triple {11332#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {11332#true} is VALID [2022-02-20 14:38:03,205 INFO L290 TraceCheckUtils]: 25: Hoare triple {11332#true} assume !(1 == ~tmp_ndt_3~0#1); {11332#true} is VALID [2022-02-20 14:38:03,205 INFO L290 TraceCheckUtils]: 26: Hoare triple {11332#true} ~returnVal2~0#1 := 259; {11332#true} is VALID [2022-02-20 14:38:03,205 INFO L290 TraceCheckUtils]: 27: Hoare triple {11332#true} assume !(~s~0 == ~NP~0); {11332#true} is VALID [2022-02-20 14:38:03,205 INFO L290 TraceCheckUtils]: 28: Hoare triple {11332#true} assume ~s~0 == ~MPR1~0; {11332#true} is VALID [2022-02-20 14:38:03,206 INFO L290 TraceCheckUtils]: 29: Hoare triple {11332#true} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {11332#true} is VALID [2022-02-20 14:38:03,206 INFO L290 TraceCheckUtils]: 30: Hoare triple {11332#true} #res#1 := ~returnVal2~0#1; {11332#true} is VALID [2022-02-20 14:38:03,206 INFO L290 TraceCheckUtils]: 31: Hoare triple {11332#true} assume true; {11332#true} is VALID [2022-02-20 14:38:03,207 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {11332#true} {11334#(<= (+ ~myStatus~0 1073741637) 0)} #436#return; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,207 INFO L290 TraceCheckUtils]: 33: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,210 INFO L290 TraceCheckUtils]: 34: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,211 INFO L290 TraceCheckUtils]: 35: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume KbFilter_PnP_~status~0#1 >= 0; {11334#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-20 14:38:03,211 INFO L290 TraceCheckUtils]: 36: Hoare triple {11334#(<= (+ ~myStatus~0 1073741637) 0)} assume ~myStatus~0 >= 0;KbFilter_PnP_~devExt__Started~0#1 := 1;KbFilter_PnP_~devExt__Removed~0#1 := 0;KbFilter_PnP_~devExt__SurpriseRemoved~0#1 := 0; {11333#false} is VALID [2022-02-20 14:38:03,211 INFO L290 TraceCheckUtils]: 37: Hoare triple {11333#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0;assume { :begin_inline_IofCompleteRequest } true;IofCompleteRequest_#in~Irp#1, IofCompleteRequest_#in~PriorityBoost#1 := KbFilter_PnP_~Irp#1, 0;havoc IofCompleteRequest_~Irp#1, IofCompleteRequest_~PriorityBoost#1;IofCompleteRequest_~Irp#1 := IofCompleteRequest_#in~Irp#1;IofCompleteRequest_~PriorityBoost#1 := IofCompleteRequest_#in~PriorityBoost#1; {11333#false} is VALID [2022-02-20 14:38:03,211 INFO L290 TraceCheckUtils]: 38: Hoare triple {11333#false} assume !(~s~0 == ~NP~0); {11333#false} is VALID [2022-02-20 14:38:03,212 INFO L272 TraceCheckUtils]: 39: Hoare triple {11333#false} call errorFn(); {11333#false} is VALID [2022-02-20 14:38:03,212 INFO L290 TraceCheckUtils]: 40: Hoare triple {11333#false} assume !false; {11333#false} is VALID [2022-02-20 14:38:03,212 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:38:03,212 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:38:03,212 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [46809427] [2022-02-20 14:38:03,213 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [46809427] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:38:03,213 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:38:03,213 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 14:38:03,213 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1976537992] [2022-02-20 14:38:03,213 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:38:03,214 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 14:38:03,214 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:38:03,214 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,245 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:03,245 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 14:38:03,245 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:38:03,246 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 14:38:03,246 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 14:38:03,246 INFO L87 Difference]: Start difference. First operand 42 states and 43 transitions. Second operand has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,367 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,368 INFO L93 Difference]: Finished difference Result 80 states and 81 transitions. [2022-02-20 14:38:03,368 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 14:38:03,368 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 14:38:03,368 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:38:03,368 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,370 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 81 transitions. [2022-02-20 14:38:03,370 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,370 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 81 transitions. [2022-02-20 14:38:03,371 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 81 transitions. [2022-02-20 14:38:03,426 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:03,427 INFO L225 Difference]: With dead ends: 80 [2022-02-20 14:38:03,427 INFO L226 Difference]: Without dead ends: 75 [2022-02-20 14:38:03,427 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 14:38:03,428 INFO L933 BasicCegarLoop]: 43 mSDtfsCounter, 20 mSDsluCounter, 63 mSDsCounter, 0 mSdLazyCounter, 20 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 106 SdHoareTripleChecker+Invalid, 22 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 20 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:38:03,428 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 106 Invalid, 22 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 20 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:38:03,429 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2022-02-20 14:38:03,450 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 74. [2022-02-20 14:38:03,450 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:38:03,451 INFO L82 GeneralOperation]: Start isEquivalent. First operand 75 states. Second operand has 74 states, 68 states have (on average 1.0294117647058822) internal successors, (70), 68 states have internal predecessors, (70), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 14:38:03,451 INFO L74 IsIncluded]: Start isIncluded. First operand 75 states. Second operand has 74 states, 68 states have (on average 1.0294117647058822) internal successors, (70), 68 states have internal predecessors, (70), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 14:38:03,451 INFO L87 Difference]: Start difference. First operand 75 states. Second operand has 74 states, 68 states have (on average 1.0294117647058822) internal successors, (70), 68 states have internal predecessors, (70), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 14:38:03,452 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,452 INFO L93 Difference]: Finished difference Result 75 states and 76 transitions. [2022-02-20 14:38:03,452 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 76 transitions. [2022-02-20 14:38:03,453 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:03,453 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:03,453 INFO L74 IsIncluded]: Start isIncluded. First operand has 74 states, 68 states have (on average 1.0294117647058822) internal successors, (70), 68 states have internal predecessors, (70), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Second operand 75 states. [2022-02-20 14:38:03,453 INFO L87 Difference]: Start difference. First operand has 74 states, 68 states have (on average 1.0294117647058822) internal successors, (70), 68 states have internal predecessors, (70), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Second operand 75 states. [2022-02-20 14:38:03,454 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,455 INFO L93 Difference]: Finished difference Result 75 states and 76 transitions. [2022-02-20 14:38:03,455 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 76 transitions. [2022-02-20 14:38:03,455 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:03,455 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:03,455 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:38:03,455 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:38:03,456 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 74 states, 68 states have (on average 1.0294117647058822) internal successors, (70), 68 states have internal predecessors, (70), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 14:38:03,457 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 74 states to 74 states and 75 transitions. [2022-02-20 14:38:03,457 INFO L78 Accepts]: Start accepts. Automaton has 74 states and 75 transitions. Word has length 41 [2022-02-20 14:38:03,457 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:38:03,457 INFO L470 AbstractCegarLoop]: Abstraction has 74 states and 75 transitions. [2022-02-20 14:38:03,457 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 9.5) internal successors, (38), 3 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,457 INFO L276 IsEmpty]: Start isEmpty. Operand 74 states and 75 transitions. [2022-02-20 14:38:03,458 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-20 14:38:03,458 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 14:38:03,458 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:38:03,458 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable15 [2022-02-20 14:38:03,458 INFO L402 AbstractCegarLoop]: === Iteration 17 === Targeting errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION === [errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 14:38:03,459 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 14:38:03,459 INFO L85 PathProgramCache]: Analyzing trace with hash 1581081796, now seen corresponding path program 1 times [2022-02-20 14:38:03,459 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 14:38:03,459 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [845409422] [2022-02-20 14:38:03,459 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 14:38:03,460 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 14:38:03,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:03,525 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 14:38:03,534 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 14:38:03,571 INFO L290 TraceCheckUtils]: 0: Hoare triple {11729#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {11709#true} is VALID [2022-02-20 14:38:03,572 INFO L290 TraceCheckUtils]: 1: Hoare triple {11709#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11709#true} is VALID [2022-02-20 14:38:03,572 INFO L290 TraceCheckUtils]: 2: Hoare triple {11709#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {11709#true} is VALID [2022-02-20 14:38:03,572 INFO L290 TraceCheckUtils]: 3: Hoare triple {11709#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {11709#true} is VALID [2022-02-20 14:38:03,572 INFO L290 TraceCheckUtils]: 4: Hoare triple {11709#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {11709#true} is VALID [2022-02-20 14:38:03,572 INFO L290 TraceCheckUtils]: 5: Hoare triple {11709#true} assume { :end_inline_stubMoreProcessingRequired } true; {11709#true} is VALID [2022-02-20 14:38:03,573 INFO L290 TraceCheckUtils]: 6: Hoare triple {11709#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {11709#true} is VALID [2022-02-20 14:38:03,573 INFO L290 TraceCheckUtils]: 7: Hoare triple {11709#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {11709#true} is VALID [2022-02-20 14:38:03,573 INFO L290 TraceCheckUtils]: 8: Hoare triple {11709#true} assume !(1 == ~tmp_ndt_3~0#1); {11709#true} is VALID [2022-02-20 14:38:03,573 INFO L290 TraceCheckUtils]: 9: Hoare triple {11709#true} ~returnVal2~0#1 := 259; {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,574 INFO L290 TraceCheckUtils]: 10: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} assume !(~s~0 == ~NP~0); {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,574 INFO L290 TraceCheckUtils]: 11: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} assume ~s~0 == ~MPR1~0; {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,575 INFO L290 TraceCheckUtils]: 12: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,575 INFO L290 TraceCheckUtils]: 13: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} #res#1 := ~returnVal2~0#1; {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} is VALID [2022-02-20 14:38:03,575 INFO L290 TraceCheckUtils]: 14: Hoare triple {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} assume true; {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} is VALID [2022-02-20 14:38:03,576 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} {11709#true} #436#return; {11727#(and (<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|) (<= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 259))} is VALID [2022-02-20 14:38:03,577 INFO L290 TraceCheckUtils]: 0: Hoare triple {11709#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(21, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {11709#true} is VALID [2022-02-20 14:38:03,577 INFO L290 TraceCheckUtils]: 1: Hoare triple {11709#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~ret27#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11709#true} is VALID [2022-02-20 14:38:03,577 INFO L290 TraceCheckUtils]: 2: Hoare triple {11709#true} assume { :end_inline__BLAST_init } true; {11709#true} is VALID [2022-02-20 14:38:03,577 INFO L290 TraceCheckUtils]: 3: Hoare triple {11709#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {11709#true} is VALID [2022-02-20 14:38:03,590 INFO L290 TraceCheckUtils]: 4: Hoare triple {11709#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {11709#true} is VALID [2022-02-20 14:38:03,591 INFO L290 TraceCheckUtils]: 5: Hoare triple {11709#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11709#true} is VALID [2022-02-20 14:38:03,591 INFO L290 TraceCheckUtils]: 6: Hoare triple {11709#true} assume { :end_inline_stub_driver_init } true; {11709#true} is VALID [2022-02-20 14:38:03,591 INFO L290 TraceCheckUtils]: 7: Hoare triple {11709#true} assume main_~status~1#1 >= 0;main_~__cil_tmp8~0#1 := 1; {11709#true} is VALID [2022-02-20 14:38:03,595 INFO L290 TraceCheckUtils]: 8: Hoare triple {11709#true} assume !(0 == main_~__cil_tmp8~0#1);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {11709#true} is VALID [2022-02-20 14:38:03,595 INFO L290 TraceCheckUtils]: 9: Hoare triple {11709#true} assume 3 == main_~tmp_ndt_1~0#1; {11709#true} is VALID [2022-02-20 14:38:03,595 INFO L290 TraceCheckUtils]: 10: Hoare triple {11709#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {11709#true} is VALID [2022-02-20 14:38:03,596 INFO L290 TraceCheckUtils]: 11: Hoare triple {11709#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {11709#true} is VALID [2022-02-20 14:38:03,596 INFO L290 TraceCheckUtils]: 12: Hoare triple {11709#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {11709#true} is VALID [2022-02-20 14:38:03,596 INFO L290 TraceCheckUtils]: 13: Hoare triple {11709#true} assume !(~s~0 != ~NP~0); {11709#true} is VALID [2022-02-20 14:38:03,596 INFO L290 TraceCheckUtils]: 14: Hoare triple {11709#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {11709#true} is VALID [2022-02-20 14:38:03,596 INFO L290 TraceCheckUtils]: 15: Hoare triple {11709#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {11709#true} is VALID [2022-02-20 14:38:03,597 INFO L272 TraceCheckUtils]: 16: Hoare triple {11709#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {11729#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-20 14:38:03,597 INFO L290 TraceCheckUtils]: 17: Hoare triple {11729#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;havoc ~returnVal2~0#1;havoc ~compRetStatus~0#1;assume -2147483648 <= #t~nondet28#1 && #t~nondet28#1 <= 2147483647;~lcontext~0#1 := #t~nondet28#1;havoc #t~nondet28#1;havoc ~__cil_tmp7~0#1; {11709#true} is VALID [2022-02-20 14:38:03,597 INFO L290 TraceCheckUtils]: 18: Hoare triple {11709#true} assume 0 != ~compRegistered~0;assume { :begin_inline_KbFilter_Complete } true;KbFilter_Complete_#in~DeviceObject#1, KbFilter_Complete_#in~Irp#1, KbFilter_Complete_#in~Context#1 := ~DeviceObject#1, ~Irp#1, ~lcontext~0#1;havoc KbFilter_Complete_#res#1;havoc KbFilter_Complete_#t~ret34#1, KbFilter_Complete_~DeviceObject#1, KbFilter_Complete_~Irp#1, KbFilter_Complete_~Context#1, KbFilter_Complete_~event~1#1;KbFilter_Complete_~DeviceObject#1 := KbFilter_Complete_#in~DeviceObject#1;KbFilter_Complete_~Irp#1 := KbFilter_Complete_#in~Irp#1;KbFilter_Complete_~Context#1 := KbFilter_Complete_#in~Context#1;havoc KbFilter_Complete_~event~1#1;KbFilter_Complete_~event~1#1 := KbFilter_Complete_~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := KbFilter_Complete_~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet32#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet32#1 && KeSetEvent_#t~nondet32#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet32#1;havoc KeSetEvent_#t~nondet32#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11709#true} is VALID [2022-02-20 14:38:03,598 INFO L290 TraceCheckUtils]: 19: Hoare triple {11709#true} KbFilter_Complete_#t~ret34#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= KbFilter_Complete_#t~ret34#1 && KbFilter_Complete_#t~ret34#1 <= 2147483647;havoc KbFilter_Complete_#t~ret34#1;KbFilter_Complete_#res#1 := -1073741802; {11709#true} is VALID [2022-02-20 14:38:03,598 INFO L290 TraceCheckUtils]: 20: Hoare triple {11709#true} #t~ret29#1 := KbFilter_Complete_#res#1;assume { :end_inline_KbFilter_Complete } true;assume -2147483648 <= #t~ret29#1 && #t~ret29#1 <= 2147483647;~compRetStatus~0#1 := #t~ret29#1;havoc #t~ret29#1;assume { :begin_inline_stubMoreProcessingRequired } true; {11709#true} is VALID [2022-02-20 14:38:03,598 INFO L290 TraceCheckUtils]: 21: Hoare triple {11709#true} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {11709#true} is VALID [2022-02-20 14:38:03,598 INFO L290 TraceCheckUtils]: 22: Hoare triple {11709#true} assume { :end_inline_stubMoreProcessingRequired } true; {11709#true} is VALID [2022-02-20 14:38:03,598 INFO L290 TraceCheckUtils]: 23: Hoare triple {11709#true} havoc ~tmp_ndt_2~0#1;assume -2147483648 <= #t~nondet30#1 && #t~nondet30#1 <= 2147483647;~tmp_ndt_2~0#1 := #t~nondet30#1;havoc #t~nondet30#1; {11709#true} is VALID [2022-02-20 14:38:03,598 INFO L290 TraceCheckUtils]: 24: Hoare triple {11709#true} assume !(0 == ~tmp_ndt_2~0#1);havoc ~tmp_ndt_3~0#1;assume -2147483648 <= #t~nondet31#1 && #t~nondet31#1 <= 2147483647;~tmp_ndt_3~0#1 := #t~nondet31#1;havoc #t~nondet31#1; {11709#true} is VALID [2022-02-20 14:38:03,599 INFO L290 TraceCheckUtils]: 25: Hoare triple {11709#true} assume !(1 == ~tmp_ndt_3~0#1); {11709#true} is VALID [2022-02-20 14:38:03,599 INFO L290 TraceCheckUtils]: 26: Hoare triple {11709#true} ~returnVal2~0#1 := 259; {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,599 INFO L290 TraceCheckUtils]: 27: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} assume !(~s~0 == ~NP~0); {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,600 INFO L290 TraceCheckUtils]: 28: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} assume ~s~0 == ~MPR1~0; {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,600 INFO L290 TraceCheckUtils]: 29: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} assume 259 == ~returnVal2~0#1;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0#1; {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} is VALID [2022-02-20 14:38:03,601 INFO L290 TraceCheckUtils]: 30: Hoare triple {11730#(and (<= 259 |IofCallDriver_~returnVal2~0#1|) (<= |IofCallDriver_~returnVal2~0#1| 259))} #res#1 := ~returnVal2~0#1; {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} is VALID [2022-02-20 14:38:03,601 INFO L290 TraceCheckUtils]: 31: Hoare triple {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} assume true; {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} is VALID [2022-02-20 14:38:03,602 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {11731#(and (<= 259 |IofCallDriver_#res#1|) (<= |IofCallDriver_#res#1| 259))} {11709#true} #436#return; {11727#(and (<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|) (<= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 259))} is VALID [2022-02-20 14:38:03,602 INFO L290 TraceCheckUtils]: 33: Hoare triple {11727#(and (<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|) (<= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 259))} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {11728#(and (<= |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1| 259) (< 258 |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1|))} is VALID [2022-02-20 14:38:03,603 INFO L290 TraceCheckUtils]: 34: Hoare triple {11728#(and (<= |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1| 259) (< 258 |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1|))} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {11710#false} is VALID [2022-02-20 14:38:03,605 INFO L290 TraceCheckUtils]: 35: Hoare triple {11710#false} assume KbFilter_PnP_~status~0#1 >= 0; {11710#false} is VALID [2022-02-20 14:38:03,605 INFO L290 TraceCheckUtils]: 36: Hoare triple {11710#false} assume !(~myStatus~0 >= 0); {11710#false} is VALID [2022-02-20 14:38:03,605 INFO L290 TraceCheckUtils]: 37: Hoare triple {11710#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0;assume { :begin_inline_IofCompleteRequest } true;IofCompleteRequest_#in~Irp#1, IofCompleteRequest_#in~PriorityBoost#1 := KbFilter_PnP_~Irp#1, 0;havoc IofCompleteRequest_~Irp#1, IofCompleteRequest_~PriorityBoost#1;IofCompleteRequest_~Irp#1 := IofCompleteRequest_#in~Irp#1;IofCompleteRequest_~PriorityBoost#1 := IofCompleteRequest_#in~PriorityBoost#1; {11710#false} is VALID [2022-02-20 14:38:03,605 INFO L290 TraceCheckUtils]: 38: Hoare triple {11710#false} assume !(~s~0 == ~NP~0); {11710#false} is VALID [2022-02-20 14:38:03,605 INFO L272 TraceCheckUtils]: 39: Hoare triple {11710#false} call errorFn(); {11710#false} is VALID [2022-02-20 14:38:03,606 INFO L290 TraceCheckUtils]: 40: Hoare triple {11710#false} assume !false; {11710#false} is VALID [2022-02-20 14:38:03,606 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 14:38:03,606 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 14:38:03,606 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [845409422] [2022-02-20 14:38:03,606 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [845409422] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 14:38:03,606 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 14:38:03,606 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 14:38:03,606 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [897781237] [2022-02-20 14:38:03,606 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 14:38:03,607 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 5 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 14:38:03,607 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 14:38:03,607 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 5 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,633 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:03,633 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 14:38:03,633 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 14:38:03,634 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 14:38:03,634 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 14:38:03,634 INFO L87 Difference]: Start difference. First operand 74 states and 75 transitions. Second operand has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 5 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,791 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,791 INFO L93 Difference]: Finished difference Result 74 states and 75 transitions. [2022-02-20 14:38:03,791 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 14:38:03,791 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 5 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 41 [2022-02-20 14:38:03,791 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 14:38:03,791 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 5 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,792 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 43 transitions. [2022-02-20 14:38:03,792 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 5 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,792 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 43 transitions. [2022-02-20 14:38:03,792 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 43 transitions. [2022-02-20 14:38:03,821 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 43 edges. 43 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 14:38:03,821 INFO L225 Difference]: With dead ends: 74 [2022-02-20 14:38:03,821 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 14:38:03,821 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2022-02-20 14:38:03,822 INFO L933 BasicCegarLoop]: 32 mSDtfsCounter, 3 mSDsluCounter, 140 mSDsCounter, 0 mSdLazyCounter, 26 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 3 SdHoareTripleChecker+Valid, 172 SdHoareTripleChecker+Invalid, 26 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 26 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 14:38:03,822 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [3 Valid, 172 Invalid, 26 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 26 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 14:38:03,822 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 14:38:03,822 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 14:38:03,823 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 14:38:03,823 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:38:03,823 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:38:03,823 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:38:03,823 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,823 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 14:38:03,823 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 14:38:03,823 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:03,823 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:03,823 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 14:38:03,823 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 14:38:03,823 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 14:38:03,823 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 14:38:03,824 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 14:38:03,824 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:03,824 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 14:38:03,824 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 14:38:03,824 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 14:38:03,824 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 14:38:03,824 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 14:38:03,824 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 41 [2022-02-20 14:38:03,825 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 14:38:03,825 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 14:38:03,825 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 5 states have internal predecessors, (38), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 14:38:03,825 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 14:38:03,825 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 14:38:03,827 INFO L764 garLoopResultBuilder]: Registering result SAFE for location errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 14:38:03,828 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable16 [2022-02-20 14:38:03,831 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 14:38:05,533 INFO L861 garLoopResultBuilder]: At program point errorFnENTRY(lines 577 584) the Hoare annotation is: true [2022-02-20 14:38:05,533 INFO L858 garLoopResultBuilder]: For program point errorFnFINAL(lines 577 584) no Hoare annotation was computed. [2022-02-20 14:38:05,533 INFO L858 garLoopResultBuilder]: For program point errorFnEXIT(lines 577 584) no Hoare annotation was computed. [2022-02-20 14:38:05,533 INFO L858 garLoopResultBuilder]: For program point errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION(line 581) no Hoare annotation was computed. [2022-02-20 14:38:05,533 INFO L858 garLoopResultBuilder]: For program point L201(lines 201 205) no Hoare annotation was computed. [2022-02-20 14:38:05,533 INFO L858 garLoopResultBuilder]: For program point L135(lines 135 273) no Hoare annotation was computed. [2022-02-20 14:38:05,533 INFO L858 garLoopResultBuilder]: For program point L102(lines 102 284) no Hoare annotation was computed. [2022-02-20 14:38:05,533 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 14:38:05,534 INFO L854 garLoopResultBuilder]: At program point L251(line 251) the Hoare annotation is: false [2022-02-20 14:38:05,534 INFO L858 garLoopResultBuilder]: For program point L251-1(lines 247 253) no Hoare annotation was computed. [2022-02-20 14:38:05,534 INFO L854 garLoopResultBuilder]: At program point L400(line 400) the Hoare annotation is: false [2022-02-20 14:38:05,534 INFO L854 garLoopResultBuilder]: At program point L103(lines 102 284) the Hoare annotation is: (and (<= 5 ~MPR1~0) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,534 INFO L854 garLoopResultBuilder]: At program point L70(lines 51 72) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~s~0 ~NP~0)) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,534 INFO L854 garLoopResultBuilder]: At program point L384(lines 377 417) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,534 INFO L854 garLoopResultBuilder]: At program point L285(lines 75 287) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L153(lines 153 267) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L120(lines 120 278) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L854 garLoopResultBuilder]: At program point L236(line 236) the Hoare annotation is: false [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L236-1(lines 232 238) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L550(lines 550 562) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L385(lines 369 418) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L352(lines 352 367) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L854 garLoopResultBuilder]: At program point L220(line 220) the Hoare annotation is: false [2022-02-20 14:38:05,535 INFO L854 garLoopResultBuilder]: At program point L187(lines 187 188) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~compRegistered~0 0)) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L220-1(lines 216 222) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L187-1(lines 187 188) no Hoare annotation was computed. [2022-02-20 14:38:05,535 INFO L858 garLoopResultBuilder]: For program point L171(lines 171 183) no Hoare annotation was computed. [2022-02-20 14:38:05,536 INFO L858 garLoopResultBuilder]: For program point L138(lines 138 272) no Hoare annotation was computed. [2022-02-20 14:38:05,536 INFO L858 garLoopResultBuilder]: For program point L105(lines 105 283) no Hoare annotation was computed. [2022-02-20 14:38:05,536 INFO L854 garLoopResultBuilder]: At program point L551(lines 550 562) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~compRegistered~0 0)) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,536 INFO L858 garLoopResultBuilder]: For program point L386(lines 386 415) no Hoare annotation was computed. [2022-02-20 14:38:05,536 INFO L854 garLoopResultBuilder]: At program point L353(lines 352 367) the Hoare annotation is: (and (<= 5 ~MPR1~0) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,536 INFO L858 garLoopResultBuilder]: For program point L370(lines 370 374) no Hoare annotation was computed. [2022-02-20 14:38:05,536 INFO L854 garLoopResultBuilder]: At program point L106(lines 105 283) the Hoare annotation is: (and (<= 5 ~MPR1~0) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,537 INFO L861 garLoopResultBuilder]: At program point L420(lines 288 422) the Hoare annotation is: true [2022-02-20 14:38:05,537 INFO L858 garLoopResultBuilder]: For program point L387(lines 387 414) no Hoare annotation was computed. [2022-02-20 14:38:05,537 INFO L858 garLoopResultBuilder]: For program point L156(lines 156 266) no Hoare annotation was computed. [2022-02-20 14:38:05,537 INFO L858 garLoopResultBuilder]: For program point L123(lines 123 277) no Hoare annotation was computed. [2022-02-20 14:38:05,537 INFO L854 garLoopResultBuilder]: At program point L536(lines 528 547) the Hoare annotation is: false [2022-02-20 14:38:05,537 INFO L858 garLoopResultBuilder]: For program point L404(lines 404 412) no Hoare annotation was computed. [2022-02-20 14:38:05,537 INFO L854 garLoopResultBuilder]: At program point L173(line 173) the Hoare annotation is: false [2022-02-20 14:38:05,537 INFO L854 garLoopResultBuilder]: At program point L553(lines 552 562) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~compRegistered~0 0)) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,537 INFO L858 garLoopResultBuilder]: For program point L388(lines 388 394) no Hoare annotation was computed. [2022-02-20 14:38:05,538 INFO L854 garLoopResultBuilder]: At program point L355(lines 354 367) the Hoare annotation is: (= |ULTIMATE.start_main_~status~1#1| 0) [2022-02-20 14:38:05,538 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 14:38:05,538 INFO L858 garLoopResultBuilder]: For program point L405(lines 405 407) no Hoare annotation was computed. [2022-02-20 14:38:05,538 INFO L858 garLoopResultBuilder]: For program point L141(lines 141 271) no Hoare annotation was computed. [2022-02-20 14:38:05,538 INFO L858 garLoopResultBuilder]: For program point L108(lines 108 282) no Hoare annotation was computed. [2022-02-20 14:38:05,538 INFO L858 garLoopResultBuilder]: For program point L389(lines 389 391) no Hoare annotation was computed. [2022-02-20 14:38:05,538 INFO L858 garLoopResultBuilder]: For program point L323(lines 323 368) no Hoare annotation was computed. [2022-02-20 14:38:05,539 INFO L854 garLoopResultBuilder]: At program point L323-1(lines 297 421) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,542 INFO L854 garLoopResultBuilder]: At program point L257(lines 257 258) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~SKIP1~0 ~s~0) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,542 INFO L858 garLoopResultBuilder]: For program point L257-1(lines 257 258) no Hoare annotation was computed. [2022-02-20 14:38:05,542 INFO L858 garLoopResultBuilder]: For program point L505(lines 505 511) no Hoare annotation was computed. [2022-02-20 14:38:05,542 INFO L858 garLoopResultBuilder]: For program point L340(lines 340 345) no Hoare annotation was computed. [2022-02-20 14:38:05,542 INFO L858 garLoopResultBuilder]: For program point L340-2(lines 339 349) no Hoare annotation was computed. [2022-02-20 14:38:05,543 INFO L854 garLoopResultBuilder]: At program point L109(lines 108 282) the Hoare annotation is: (and (<= 5 ~MPR1~0) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,543 INFO L858 garLoopResultBuilder]: For program point L192(lines 192 198) no Hoare annotation was computed. [2022-02-20 14:38:05,543 INFO L858 garLoopResultBuilder]: For program point L159(lines 159 265) no Hoare annotation was computed. [2022-02-20 14:38:05,543 INFO L858 garLoopResultBuilder]: For program point L126(lines 126 276) no Hoare annotation was computed. [2022-02-20 14:38:05,543 INFO L858 garLoopResultBuilder]: For program point L192-2(lines 166 261) no Hoare annotation was computed. [2022-02-20 14:38:05,543 INFO L854 garLoopResultBuilder]: At program point L242(line 242) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~SKIP1~0 ~s~0) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,543 INFO L858 garLoopResultBuilder]: For program point L242-1(line 242) no Hoare annotation was computed. [2022-02-20 14:38:05,544 INFO L858 garLoopResultBuilder]: For program point L176(lines 176 182) no Hoare annotation was computed. [2022-02-20 14:38:05,544 INFO L858 garLoopResultBuilder]: For program point L176-1(lines 171 183) no Hoare annotation was computed. [2022-02-20 14:38:05,544 INFO L854 garLoopResultBuilder]: At program point L523(lines 523 564) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~compRegistered~0 0)) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,544 INFO L854 garLoopResultBuilder]: At program point L226(lines 226 227) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~SKIP1~0 ~s~0) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,544 INFO L858 garLoopResultBuilder]: For program point L226-1(lines 226 227) no Hoare annotation was computed. [2022-02-20 14:38:05,544 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 14:38:05,545 INFO L858 garLoopResultBuilder]: For program point L144(lines 144 270) no Hoare annotation was computed. [2022-02-20 14:38:05,545 INFO L858 garLoopResultBuilder]: For program point L111(lines 111 281) no Hoare annotation was computed. [2022-02-20 14:38:05,546 INFO L858 garLoopResultBuilder]: For program point L541(lines 541 545) no Hoare annotation was computed. [2022-02-20 14:38:05,546 INFO L858 garLoopResultBuilder]: For program point L541-1(lines 528 547) no Hoare annotation was computed. [2022-02-20 14:38:05,546 INFO L858 garLoopResultBuilder]: For program point L409(lines 409 411) no Hoare annotation was computed. [2022-02-20 14:38:05,546 INFO L854 garLoopResultBuilder]: At program point L376(lines 369 418) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,546 INFO L854 garLoopResultBuilder]: At program point L178(line 178) the Hoare annotation is: false [2022-02-20 14:38:05,546 INFO L858 garLoopResultBuilder]: For program point L162(lines 162 264) no Hoare annotation was computed. [2022-02-20 14:38:05,546 INFO L858 garLoopResultBuilder]: For program point L129(lines 129 275) no Hoare annotation was computed. [2022-02-20 14:38:05,547 INFO L854 garLoopResultBuilder]: At program point L509(line 509) the Hoare annotation is: false [2022-02-20 14:38:05,547 INFO L854 garLoopResultBuilder]: At program point L509-1(lines 501 514) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~compRegistered~0 0)) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,547 INFO L854 garLoopResultBuilder]: At program point L262(lines 166 263) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,547 INFO L854 garLoopResultBuilder]: At program point L543(line 543) the Hoare annotation is: false [2022-02-20 14:38:05,547 INFO L858 garLoopResultBuilder]: For program point L378(lines 378 382) no Hoare annotation was computed. [2022-02-20 14:38:05,547 INFO L858 garLoopResultBuilder]: For program point L147(lines 147 269) no Hoare annotation was computed. [2022-02-20 14:38:05,548 INFO L858 garLoopResultBuilder]: For program point L114(lines 114 280) no Hoare annotation was computed. [2022-02-20 14:38:05,548 INFO L854 garLoopResultBuilder]: At program point L48(lines 37 50) the Hoare annotation is: (and (<= 5 ~MPR1~0) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,548 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 14:38:05,548 INFO L858 garLoopResultBuilder]: For program point L528(lines 528 547) no Hoare annotation was computed. [2022-02-20 14:38:05,548 INFO L854 garLoopResultBuilder]: At program point L396(lines 387 414) the Hoare annotation is: (and (<= 5 ~MPR1~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0)) [2022-02-20 14:38:05,548 INFO L854 garLoopResultBuilder]: At program point L165(lines 111 281) the Hoare annotation is: (and (<= 5 ~MPR1~0) (= ~s~0 ~NP~0) (not (= ~SKIP1~0 ~NP~0)) (= ~NP~0 1) (= |ULTIMATE.start_main_~status~1#1| 0) (= |ULTIMATE.start_main_~__cil_tmp8~0#1| 1) (= ~pended~0 0) (= ~compRegistered~0 0)) [2022-02-20 14:38:05,548 INFO L858 garLoopResultBuilder]: For program point L132(lines 132 274) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L529(lines 529 534) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L232(lines 232 238) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L216(lines 216 222) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L150(lines 150 268) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L117(lines 117 279) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L398(lines 398 402) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L332(lines 332 335) no Hoare annotation was computed. [2022-02-20 14:38:05,549 INFO L858 garLoopResultBuilder]: For program point L332-2(lines 332 335) no Hoare annotation was computed. [2022-02-20 14:38:05,550 INFO L858 garLoopResultBuilder]: For program point L200(lines 200 206) no Hoare annotation was computed. [2022-02-20 14:38:05,550 INFO L854 garLoopResultBuilder]: At program point L457(lines 456 473) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~compRegistered~0 0)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~NP~0 |old(~s~0)|)) (.cse4 (not (= ~pended~0 0)))) (and (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse1) .cse2 (= ~MPR1~0 ~s~0) .cse3 .cse4) (or .cse0 (and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|)) (not .cse3) .cse2 .cse1 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4))) [2022-02-20 14:38:05,550 INFO L858 garLoopResultBuilder]: For program point L445(lines 445 448) no Hoare annotation was computed. [2022-02-20 14:38:05,550 INFO L854 garLoopResultBuilder]: At program point L573(lines 565 575) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~compRegistered~0 0)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~NP~0 |old(~s~0)|)) (.cse4 (not (= ~pended~0 0)))) (and (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse1) (and (= ~setEventCalled~0 1) (= ~s~0 |old(~s~0)|)) .cse2 .cse3 .cse4) (or .cse0 (not .cse3) .cse2 .cse1 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4))) [2022-02-20 14:38:05,550 INFO L858 garLoopResultBuilder]: For program point L445-2(lines 445 448) no Hoare annotation was computed. [2022-02-20 14:38:05,550 INFO L854 garLoopResultBuilder]: At program point IofCallDriverENTRY(lines 437 500) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse1 (and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))) (.cse4 (= ~compRegistered~0 0)) (.cse3 (not (<= 5 ~MPR1~0))) (.cse2 (= ~NP~0 |old(~s~0)|)) (.cse5 (not (= ~pended~0 0)))) (and (or (= ~SKIP1~0 ~NP~0) .cse0 .cse1 (not .cse2) .cse3 .cse4 .cse5) (or .cse0 .cse1 (not .cse4) .cse3 .cse2 (not (= ~SKIP1~0 |old(~s~0)|)) .cse5))) [2022-02-20 14:38:05,551 INFO L854 garLoopResultBuilder]: At program point L520(lines 515 522) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~compRegistered~0 0)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~NP~0 |old(~s~0)|)) (.cse4 (not (= ~pended~0 0)))) (and (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse1) (and (= ~setEventCalled~0 1) (= ~s~0 |old(~s~0)|)) .cse2 .cse3 .cse4) (or .cse0 (not .cse3) .cse2 .cse1 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4))) [2022-02-20 14:38:05,551 INFO L858 garLoopResultBuilder]: For program point IofCallDriverFINAL(lines 437 500) no Hoare annotation was computed. [2022-02-20 14:38:05,551 INFO L858 garLoopResultBuilder]: For program point L479(lines 479 496) no Hoare annotation was computed. [2022-02-20 14:38:05,552 INFO L854 garLoopResultBuilder]: At program point L471(lines 444 499) the Hoare annotation is: (let ((.cse5 (<= |IofCallDriver_~returnVal2~0#1| 0)) (.cse2 (not (= ~NP~0 1))) (.cse0 (= 259 |IofCallDriver_~returnVal2~0#1|)) (.cse6 (= ~compRegistered~0 0)) (.cse4 (not (<= 5 ~MPR1~0))) (.cse3 (= ~NP~0 |old(~s~0)|)) (.cse7 (not (= ~pended~0 0)))) (and (let ((.cse1 (= ~MPR1~0 ~s~0))) (or (and (= ~setEventCalled~0 1) .cse0 .cse1) (= ~SKIP1~0 ~NP~0) .cse2 (not .cse3) .cse4 (and .cse5 .cse1) .cse6 .cse7)) (let ((.cse8 (= ~setEventCalled~0 |old(~setEventCalled~0)|)) (.cse9 (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|)) (.cse10 (= ~s~0 |old(~s~0)|))) (or (and .cse8 .cse5 .cse9 .cse10) .cse2 (and .cse8 .cse0 .cse9 .cse10) (not .cse6) .cse4 .cse3 (not (= ~SKIP1~0 |old(~s~0)|)) .cse7)))) [2022-02-20 14:38:05,552 INFO L858 garLoopResultBuilder]: For program point IofCallDriverEXIT(lines 437 500) no Hoare annotation was computed. [2022-02-20 14:38:05,552 INFO L854 garLoopResultBuilder]: At program point L459(lines 458 473) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~compRegistered~0 0)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~NP~0 |old(~s~0)|)) (.cse4 (not (= ~pended~0 0)))) (and (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse1) .cse2 (and (= ~setEventCalled~0 1) (= ~MPR1~0 ~s~0)) .cse3 .cse4) (or .cse0 (and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|)) (not .cse3) .cse2 .cse1 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4))) [2022-02-20 14:38:05,552 INFO L858 garLoopResultBuilder]: For program point L488(lines 488 495) no Hoare annotation was computed. [2022-02-20 14:38:05,552 INFO L858 garLoopResultBuilder]: For program point L451(lines 451 474) no Hoare annotation was computed. [2022-02-20 14:38:05,552 INFO L858 garLoopResultBuilder]: For program point L480(lines 480 486) no Hoare annotation was computed. [2022-02-20 14:38:05,552 INFO L854 garLoopResultBuilder]: At program point L431(line 431) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~NP~0 |old(~s~0)|)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~compRegistered~0 0)) (.cse4 (not (= ~pended~0 0)))) (and (or .cse0 (not .cse1) .cse2 .cse3 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4) (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse3) .cse2 .cse1 .cse4))) [2022-02-20 14:38:05,552 INFO L854 garLoopResultBuilder]: At program point L431-1(lines 423 436) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~compRegistered~0 0)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~NP~0 |old(~s~0)|)) (.cse4 (not (= ~pended~0 0)))) (and (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse1) .cse2 (and (= ~setEventCalled~0 1) (= ~MPR1~0 ~s~0)) .cse3 .cse4) (or .cse0 (not .cse3) .cse2 .cse1 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4))) [2022-02-20 14:38:05,552 INFO L854 garLoopResultBuilder]: At program point L493(line 493) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~NP~0 |old(~s~0)|)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~compRegistered~0 0)) (.cse4 (not (= ~pended~0 0)))) (and (or .cse0 (not .cse1) .cse2 .cse3 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4) (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse3) .cse2 .cse1 .cse4))) [2022-02-20 14:38:05,553 INFO L858 garLoopResultBuilder]: For program point L493-1(lines 475 497) no Hoare annotation was computed. [2022-02-20 14:38:05,553 INFO L858 garLoopResultBuilder]: For program point L427(lines 427 433) no Hoare annotation was computed. [2022-02-20 14:38:05,553 INFO L858 garLoopResultBuilder]: For program point L456(lines 456 473) no Hoare annotation was computed. [2022-02-20 14:38:05,553 INFO L854 garLoopResultBuilder]: At program point L452(lines 451 474) the Hoare annotation is: (let ((.cse0 (not (= ~NP~0 1))) (.cse3 (= ~compRegistered~0 0)) (.cse2 (not (<= 5 ~MPR1~0))) (.cse1 (= ~NP~0 |old(~s~0)|)) (.cse4 (not (= ~pended~0 0)))) (and (or (= ~SKIP1~0 ~NP~0) .cse0 (not .cse1) .cse2 (= ~MPR1~0 ~s~0) .cse3 .cse4) (or .cse0 (and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|)) (not .cse3) .cse2 .cse1 (not (= ~SKIP1~0 |old(~s~0)|)) .cse4))) [2022-02-20 14:38:05,556 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 14:38:05,557 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 14:38:05,559 WARN L170 areAnnotationChecker]: errorFnErr0ASSERT_VIOLATIONERROR_FUNCTION has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnFINAL has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: L445 has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnFINAL has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: L445 has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: L445 has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: errorFnEXIT has no Hoare annotation [2022-02-20 14:38:05,560 WARN L170 areAnnotationChecker]: L323 has no Hoare annotation [2022-02-20 14:38:05,563 WARN L170 areAnnotationChecker]: L445-2 has no Hoare annotation [2022-02-20 14:38:05,563 WARN L170 areAnnotationChecker]: L176-1 has no Hoare annotation [2022-02-20 14:38:05,563 WARN L170 areAnnotationChecker]: L541-1 has no Hoare annotation [2022-02-20 14:38:05,563 WARN L170 areAnnotationChecker]: L220-1 has no Hoare annotation [2022-02-20 14:38:05,563 WARN L170 areAnnotationChecker]: L236-1 has no Hoare annotation [2022-02-20 14:38:05,563 WARN L170 areAnnotationChecker]: L251-1 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L385 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L445-2 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L493-1 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L323 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L323 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L427 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L451 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L451 has no Hoare annotation [2022-02-20 14:38:05,564 WARN L170 areAnnotationChecker]: L187-1 has no Hoare annotation [2022-02-20 14:38:05,565 WARN L170 areAnnotationChecker]: L550 has no Hoare annotation [2022-02-20 14:38:05,565 WARN L170 areAnnotationChecker]: L550 has no Hoare annotation [2022-02-20 14:38:05,566 WARN L170 areAnnotationChecker]: L226-1 has no Hoare annotation [2022-02-20 14:38:05,567 WARN L170 areAnnotationChecker]: L242-1 has no Hoare annotation [2022-02-20 14:38:05,568 WARN L170 areAnnotationChecker]: L257-1 has no Hoare annotation [2022-02-20 14:38:05,569 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 14:38:05,569 WARN L170 areAnnotationChecker]: IofCallDriverFINAL has no Hoare annotation [2022-02-20 14:38:05,569 WARN L170 areAnnotationChecker]: L332 has no Hoare annotation [2022-02-20 14:38:05,569 WARN L170 areAnnotationChecker]: L332 has no Hoare annotation [2022-02-20 14:38:05,569 WARN L170 areAnnotationChecker]: L370 has no Hoare annotation [2022-02-20 14:38:05,570 WARN L170 areAnnotationChecker]: L427 has no Hoare annotation [2022-02-20 14:38:05,570 WARN L170 areAnnotationChecker]: L427 has no Hoare annotation [2022-02-20 14:38:05,571 WARN L170 areAnnotationChecker]: L456 has no Hoare annotation [2022-02-20 14:38:05,571 WARN L170 areAnnotationChecker]: L456 has no Hoare annotation [2022-02-20 14:38:05,571 WARN L170 areAnnotationChecker]: L187-1 has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: L226-1 has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: L242-1 has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: L257-1 has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: IofCallDriverEXIT has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: IofCallDriverEXIT has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: IofCallDriverEXIT has no Hoare annotation [2022-02-20 14:38:05,573 WARN L170 areAnnotationChecker]: IofCallDriverEXIT has no Hoare annotation [2022-02-20 14:38:05,574 WARN L170 areAnnotationChecker]: L332-2 has no Hoare annotation [2022-02-20 14:38:05,574 WARN L170 areAnnotationChecker]: L370 has no Hoare annotation [2022-02-20 14:38:05,574 WARN L170 areAnnotationChecker]: L370 has no Hoare annotation [2022-02-20 14:38:05,574 WARN L170 areAnnotationChecker]: L378 has no Hoare annotation [2022-02-20 14:38:05,575 WARN L170 areAnnotationChecker]: L493-1 has no Hoare annotation [2022-02-20 14:38:05,575 WARN L170 areAnnotationChecker]: L479 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L192 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L192 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L192-2 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L340 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L378 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L378 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L386 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L385 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L479 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L479 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L528 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L528 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L192-2 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L192-2 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L340 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L340 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L386 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L386 has no Hoare annotation [2022-02-20 14:38:05,577 WARN L170 areAnnotationChecker]: L480 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L480 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L488 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L488 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L529 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L529 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L541-1 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L541 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L201 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L201 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L200 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L340-2 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L340-2 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L387 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L387 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L493-1 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L541 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L541 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L505 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L505 has no Hoare annotation [2022-02-20 14:38:05,578 WARN L170 areAnnotationChecker]: L352 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L352 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L388 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L388 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L398 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L404 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L541-1 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L102 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L389 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L389 has no Hoare annotation [2022-02-20 14:38:05,579 WARN L170 areAnnotationChecker]: L398 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L398 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L404 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L404 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L102 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L102 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L385 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L405 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L405 has no Hoare annotation [2022-02-20 14:38:05,580 WARN L170 areAnnotationChecker]: L409 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L409 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L171 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L105 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L105 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L171 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L171 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L216 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L108 has no Hoare annotation [2022-02-20 14:38:05,581 WARN L170 areAnnotationChecker]: L108 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L176-1 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L176 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L176 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L216 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L216 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L232 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L111 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L111 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L176-1 has no Hoare annotation [2022-02-20 14:38:05,582 WARN L170 areAnnotationChecker]: L220-1 has no Hoare annotation [2022-02-20 14:38:05,583 WARN L170 areAnnotationChecker]: L232 has no Hoare annotation [2022-02-20 14:38:05,583 WARN L170 areAnnotationChecker]: L232 has no Hoare annotation [2022-02-20 14:38:05,583 WARN L170 areAnnotationChecker]: L251-1 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L114 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L114 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L236-1 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L251-1 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L117 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L117 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L120 has no Hoare annotation [2022-02-20 14:38:05,584 WARN L170 areAnnotationChecker]: L120 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L123 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L123 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L126 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L126 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L129 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L129 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L132 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L132 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L135 has no Hoare annotation [2022-02-20 14:38:05,585 WARN L170 areAnnotationChecker]: L135 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L138 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L138 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L141 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L141 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L144 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L144 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L147 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L147 has no Hoare annotation [2022-02-20 14:38:05,586 WARN L170 areAnnotationChecker]: L150 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L150 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L153 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L153 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L156 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L156 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L159 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L159 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L162 has no Hoare annotation [2022-02-20 14:38:05,587 WARN L170 areAnnotationChecker]: L162 has no Hoare annotation [2022-02-20 14:38:05,588 INFO L163 areAnnotationChecker]: CFG has 27 edges. 27 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 14:38:05,617 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 02:38:05 BoogieIcfgContainer [2022-02-20 14:38:05,618 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 14:38:05,618 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 14:38:05,618 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 14:38:05,619 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 14:38:05,619 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 02:37:52" (3/4) ... [2022-02-20 14:38:05,622 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 14:38:05,626 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure errorFn [2022-02-20 14:38:05,626 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure IofCallDriver [2022-02-20 14:38:05,634 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 23 nodes and edges [2022-02-20 14:38:05,635 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 14:38:05,636 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 3 nodes and edges [2022-02-20 14:38:05,636 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 14:38:05,664 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || (setEventCalled == 1 && MPR1 == s)) || compRegistered == 0) || !(pended == 0)) && (((((!(NP == 1) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) [2022-02-20 14:38:05,666 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || MPR1 == s) || compRegistered == 0) || !(pended == 0)) && ((((((!(NP == 1) || ((setEventCalled == \old(setEventCalled) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) [2022-02-20 14:38:05,666 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((((setEventCalled == 1 && 259 == returnVal2) && MPR1 == s) || SKIP1 == NP) || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || (returnVal2 <= 0 && MPR1 == s)) || compRegistered == 0) || !(pended == 0)) && ((((((((((setEventCalled == \old(setEventCalled) && returnVal2 <= 0) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s)) || !(NP == 1)) || (((setEventCalled == \old(setEventCalled) && 259 == returnVal2) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) [2022-02-20 14:38:05,670 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || MPR1 == s) || compRegistered == 0) || !(pended == 0)) && ((((((!(NP == 1) || ((setEventCalled == \old(setEventCalled) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) [2022-02-20 14:38:05,670 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || (setEventCalled == 1 && MPR1 == s)) || compRegistered == 0) || !(pended == 0)) && ((((((!(NP == 1) || ((setEventCalled == \old(setEventCalled) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) [2022-02-20 14:38:05,674 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || (setEventCalled == 1 && s == \old(s))) || !(5 <= MPR1)) || compRegistered == 0) || !(pended == 0)) && (((((!(NP == 1) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) [2022-02-20 14:38:05,674 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || (setEventCalled == 1 && s == \old(s))) || !(5 <= MPR1)) || compRegistered == 0) || !(pended == 0)) && (((((!(NP == 1) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) [2022-02-20 14:38:05,729 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 14:38:05,729 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 14:38:05,731 INFO L158 Benchmark]: Toolchain (without parser) took 14973.04ms. Allocated memory was 102.8MB in the beginning and 148.9MB in the end (delta: 46.1MB). Free memory was 65.3MB in the beginning and 101.0MB in the end (delta: -35.6MB). Peak memory consumption was 8.6MB. Max. memory is 16.1GB. [2022-02-20 14:38:05,732 INFO L158 Benchmark]: CDTParser took 0.21ms. Allocated memory is still 102.8MB. Free memory is still 82.7MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 14:38:05,732 INFO L158 Benchmark]: CACSL2BoogieTranslator took 387.69ms. Allocated memory is still 102.8MB. Free memory was 65.1MB in the beginning and 73.1MB in the end (delta: -8.0MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-20 14:38:05,732 INFO L158 Benchmark]: Boogie Procedure Inliner took 61.69ms. Allocated memory is still 102.8MB. Free memory was 73.1MB in the beginning and 69.7MB in the end (delta: 3.4MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 14:38:05,733 INFO L158 Benchmark]: Boogie Preprocessor took 42.44ms. Allocated memory is still 102.8MB. Free memory was 69.7MB in the beginning and 67.6MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 14:38:05,733 INFO L158 Benchmark]: RCFGBuilder took 775.25ms. Allocated memory is still 102.8MB. Free memory was 67.6MB in the beginning and 71.6MB in the end (delta: -4.1MB). Peak memory consumption was 28.2MB. Max. memory is 16.1GB. [2022-02-20 14:38:05,733 INFO L158 Benchmark]: TraceAbstraction took 13583.72ms. Allocated memory was 102.8MB in the beginning and 148.9MB in the end (delta: 46.1MB). Free memory was 71.1MB in the beginning and 108.3MB in the end (delta: -37.2MB). Peak memory consumption was 81.4MB. Max. memory is 16.1GB. [2022-02-20 14:38:05,733 INFO L158 Benchmark]: Witness Printer took 111.19ms. Allocated memory is still 148.9MB. Free memory was 108.3MB in the beginning and 101.0MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 14:38:05,739 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.21ms. Allocated memory is still 102.8MB. Free memory is still 82.7MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 387.69ms. Allocated memory is still 102.8MB. Free memory was 65.1MB in the beginning and 73.1MB in the end (delta: -8.0MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 61.69ms. Allocated memory is still 102.8MB. Free memory was 73.1MB in the beginning and 69.7MB in the end (delta: 3.4MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 42.44ms. Allocated memory is still 102.8MB. Free memory was 69.7MB in the beginning and 67.6MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 775.25ms. Allocated memory is still 102.8MB. Free memory was 67.6MB in the beginning and 71.6MB in the end (delta: -4.1MB). Peak memory consumption was 28.2MB. Max. memory is 16.1GB. * TraceAbstraction took 13583.72ms. Allocated memory was 102.8MB in the beginning and 148.9MB in the end (delta: 46.1MB). Free memory was 71.1MB in the beginning and 108.3MB in the end (delta: -37.2MB). Peak memory consumption was 81.4MB. Max. memory is 16.1GB. * Witness Printer took 111.19ms. Allocated memory is still 148.9MB. Free memory was 108.3MB in the beginning and 101.0MB in the end (delta: 7.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 581]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 3 procedures, 121 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 13.5s, OverallIterations: 17, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 8.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 1.7s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1428 SdHoareTripleChecker+Valid, 0.9s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1419 mSDsluCounter, 6295 SdHoareTripleChecker+Invalid, 0.9s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4006 mSDsCounter, 175 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1098 IncrementalHoareTripleChecker+Invalid, 1273 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 175 mSolverCounterUnsat, 2289 mSDtfsCounter, 1098 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 135 GetRequests, 61 SyntacticMatches, 1 SemanticMatches, 73 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 33 ImplicationChecksByTransitivity, 0.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=162occurred in iteration=12, InterpolantAutomatonStates: 93, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.7s AutomataMinimizationTime, 17 MinimizatonAttempts, 163 StatesRemovedByMinimization, 10 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 43 LocationsWithAnnotation, 173 PreInvPairs, 233 NumberOfFragments, 1125 HoareAnnotationTreeSize, 173 FomulaSimplifications, 367 FormulaSimplificationTreeSizeReduction, 0.2s HoareSimplificationTime, 43 FomulaSimplificationsInter, 3241 FormulaSimplificationTreeSizeReductionInter, 1.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.3s InterpolantComputationTime, 573 NumberOfCodeBlocks, 573 NumberOfCodeBlocksAsserted, 17 NumberOfCheckSat, 556 ConstructedInterpolants, 0 QuantifiedInterpolants, 1297 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 17 InterpolantComputations, 17 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 354]: Loop Invariant Derived loop invariant: status == 0 - InvariantResult [Line: 288]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 423]: Loop Invariant Derived loop invariant: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || (setEventCalled == 1 && MPR1 == s)) || compRegistered == 0) || !(pended == 0)) && (((((!(NP == 1) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) - InvariantResult [Line: 444]: Loop Invariant Derived loop invariant: (((((((((setEventCalled == 1 && 259 == returnVal2) && MPR1 == s) || SKIP1 == NP) || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || (returnVal2 <= 0 && MPR1 == s)) || compRegistered == 0) || !(pended == 0)) && ((((((((((setEventCalled == \old(setEventCalled) && returnVal2 <= 0) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s)) || !(NP == 1)) || (((setEventCalled == \old(setEventCalled) && 259 == returnVal2) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) - InvariantResult [Line: 458]: Loop Invariant Derived loop invariant: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || (setEventCalled == 1 && MPR1 == s)) || compRegistered == 0) || !(pended == 0)) && ((((((!(NP == 1) || ((setEventCalled == \old(setEventCalled) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) - InvariantResult [Line: 369]: Loop Invariant Derived loop invariant: (((5 <= MPR1 && !(SKIP1 == NP)) && NP == 1) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 108]: Loop Invariant Derived loop invariant: ((((((5 <= MPR1 && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0) && compRegistered == 0 - InvariantResult [Line: 552]: Loop Invariant Derived loop invariant: (((((((5 <= MPR1 && !(compRegistered == 0)) && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && 259 <= status) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 111]: Loop Invariant Derived loop invariant: ((((((5 <= MPR1 && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0) && compRegistered == 0 - InvariantResult [Line: 523]: Loop Invariant Derived loop invariant: (((((((5 <= MPR1 && !(compRegistered == 0)) && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && 259 <= status) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 75]: Loop Invariant Derived loop invariant: ((((5 <= MPR1 && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 501]: Loop Invariant Derived loop invariant: (((((5 <= MPR1 && !(compRegistered == 0)) && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 37]: Loop Invariant Derived loop invariant: (((((5 <= MPR1 && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && pended == 0) && compRegistered == 0 - InvariantResult [Line: 105]: Loop Invariant Derived loop invariant: ((((((5 <= MPR1 && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0) && compRegistered == 0 - InvariantResult [Line: 102]: Loop Invariant Derived loop invariant: ((((((5 <= MPR1 && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0) && compRegistered == 0 - InvariantResult [Line: 387]: Loop Invariant Derived loop invariant: (((5 <= MPR1 && !(SKIP1 == NP)) && NP == 1) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 297]: Loop Invariant Derived loop invariant: (((5 <= MPR1 && !(SKIP1 == NP)) && NP == 1) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 166]: Loop Invariant Derived loop invariant: ((((5 <= MPR1 && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 352]: Loop Invariant Derived loop invariant: ((((((5 <= MPR1 && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && __cil_tmp8 == 1) && pended == 0) && compRegistered == 0 - InvariantResult [Line: 515]: Loop Invariant Derived loop invariant: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || (setEventCalled == 1 && s == \old(s))) || !(5 <= MPR1)) || compRegistered == 0) || !(pended == 0)) && (((((!(NP == 1) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) - InvariantResult [Line: 565]: Loop Invariant Derived loop invariant: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || (setEventCalled == 1 && s == \old(s))) || !(5 <= MPR1)) || compRegistered == 0) || !(pended == 0)) && (((((!(NP == 1) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) - InvariantResult [Line: 451]: Loop Invariant Derived loop invariant: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || MPR1 == s) || compRegistered == 0) || !(pended == 0)) && ((((((!(NP == 1) || ((setEventCalled == \old(setEventCalled) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) - InvariantResult [Line: 550]: Loop Invariant Derived loop invariant: (((((((5 <= MPR1 && !(compRegistered == 0)) && s == NP) && !(SKIP1 == NP)) && NP == 1) && status == 0) && 259 <= status) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 456]: Loop Invariant Derived loop invariant: ((((((SKIP1 == NP || !(NP == 1)) || !(NP == \old(s))) || !(5 <= MPR1)) || MPR1 == s) || compRegistered == 0) || !(pended == 0)) && ((((((!(NP == 1) || ((setEventCalled == \old(setEventCalled) && lowerDriverReturn == \old(lowerDriverReturn)) && s == \old(s))) || !(compRegistered == 0)) || !(5 <= MPR1)) || NP == \old(s)) || !(SKIP1 == \old(s))) || !(pended == 0)) - InvariantResult [Line: 377]: Loop Invariant Derived loop invariant: (((5 <= MPR1 && !(SKIP1 == NP)) && NP == 1) && __cil_tmp8 == 1) && pended == 0 - InvariantResult [Line: 528]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 51]: Loop Invariant Derived loop invariant: (((((5 <= MPR1 && !(s == NP)) && !(SKIP1 == NP)) && NP == 1) && status == 0) && pended == 0) && compRegistered == 0 RESULT: Ultimate proved your program to be correct! [2022-02-20 14:38:05,796 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE