./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl2.cil-1.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl2.cil-1.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash bf75d7f1708750397c6bdac14ac08b964b10a95dcecc15b57a02c9969977c6ec --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-21 00:02:01,893 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-21 00:02:01,896 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-21 00:02:01,929 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-21 00:02:01,930 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-21 00:02:01,932 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-21 00:02:01,933 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-21 00:02:01,935 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-21 00:02:01,937 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-21 00:02:01,940 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-21 00:02:01,940 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-21 00:02:01,941 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-21 00:02:01,942 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-21 00:02:01,943 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-21 00:02:01,944 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-21 00:02:01,947 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-21 00:02:01,948 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-21 00:02:01,948 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-21 00:02:01,950 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-21 00:02:01,954 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-21 00:02:01,954 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-21 00:02:01,955 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-21 00:02:01,956 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-21 00:02:01,957 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-21 00:02:01,961 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-21 00:02:01,962 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-21 00:02:01,962 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-21 00:02:01,963 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-21 00:02:01,963 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-21 00:02:01,964 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-21 00:02:01,964 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-21 00:02:01,965 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-21 00:02:01,966 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-21 00:02:01,966 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-21 00:02:01,967 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-21 00:02:01,967 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-21 00:02:01,968 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-21 00:02:01,968 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-21 00:02:01,968 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-21 00:02:01,969 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-21 00:02:01,970 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-21 00:02:01,971 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2022-02-21 00:02:01,986 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-21 00:02:01,986 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-21 00:02:01,986 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-21 00:02:01,986 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-21 00:02:01,987 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-21 00:02:01,987 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-21 00:02:01,987 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-21 00:02:01,987 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-21 00:02:01,987 INFO L138 SettingsManager]: * Use SBE=true [2022-02-21 00:02:01,987 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-21 00:02:01,987 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-21 00:02:01,987 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-21 00:02:01,988 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-21 00:02:01,988 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-21 00:02:01,989 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-21 00:02:01,989 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-21 00:02:01,989 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-21 00:02:01,989 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-21 00:02:01,989 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-21 00:02:01,989 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-21 00:02:01,989 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-21 00:02:01,989 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> bf75d7f1708750397c6bdac14ac08b964b10a95dcecc15b57a02c9969977c6ec [2022-02-21 00:02:02,179 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-21 00:02:02,193 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-21 00:02:02,195 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-21 00:02:02,197 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-21 00:02:02,198 INFO L275 PluginConnector]: CDTParser initialized [2022-02-21 00:02:02,198 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl2.cil-1.c [2022-02-21 00:02:02,248 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/acc4973a6/bfd24070ff714d23bd89811f470826c9/FLAG2c3b319e2 [2022-02-21 00:02:02,614 INFO L306 CDTParser]: Found 1 translation units. [2022-02-21 00:02:02,620 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl2.cil-1.c [2022-02-21 00:02:02,628 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/acc4973a6/bfd24070ff714d23bd89811f470826c9/FLAG2c3b319e2 [2022-02-21 00:02:02,636 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/acc4973a6/bfd24070ff714d23bd89811f470826c9 [2022-02-21 00:02:02,638 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-21 00:02:02,638 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-21 00:02:02,644 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-21 00:02:02,644 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-21 00:02:02,646 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-21 00:02:02,647 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:02,648 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4ee672a2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02, skipping insertion in model container [2022-02-21 00:02:02,648 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:02,652 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-21 00:02:02,679 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-21 00:02:02,918 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl2.cil-1.c[29620,29633] [2022-02-21 00:02:02,920 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-21 00:02:02,927 INFO L203 MainTranslator]: Completed pre-run [2022-02-21 00:02:02,970 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ntdrivers-simplified/kbfiltr_simpl2.cil-1.c[29620,29633] [2022-02-21 00:02:02,970 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-21 00:02:02,980 INFO L208 MainTranslator]: Completed translation [2022-02-21 00:02:02,981 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02 WrapperNode [2022-02-21 00:02:02,982 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-21 00:02:02,983 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-21 00:02:02,983 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-21 00:02:02,983 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-21 00:02:02,988 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,009 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,061 INFO L137 Inliner]: procedures = 29, calls = 43, calls flagged for inlining = 10, calls inlined = 10, statements flattened = 662 [2022-02-21 00:02:03,062 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-21 00:02:03,062 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-21 00:02:03,062 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-21 00:02:03,063 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-21 00:02:03,068 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,069 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,077 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,077 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,084 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,088 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,090 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,094 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-21 00:02:03,094 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-21 00:02:03,094 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-21 00:02:03,095 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-21 00:02:03,096 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (1/1) ... [2022-02-21 00:02:03,109 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-21 00:02:03,116 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-21 00:02:03,126 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-21 00:02:03,128 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-21 00:02:03,154 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-21 00:02:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure KbFilter_Complete [2022-02-21 00:02:03,155 INFO L138 BoogieDeclarations]: Found implementation of procedure KbFilter_Complete [2022-02-21 00:02:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure stubMoreProcessingRequired [2022-02-21 00:02:03,155 INFO L138 BoogieDeclarations]: Found implementation of procedure stubMoreProcessingRequired [2022-02-21 00:02:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure KbFilter_CreateClose [2022-02-21 00:02:03,155 INFO L138 BoogieDeclarations]: Found implementation of procedure KbFilter_CreateClose [2022-02-21 00:02:03,155 INFO L130 BoogieDeclarations]: Found specification of procedure IofCompleteRequest [2022-02-21 00:02:03,156 INFO L138 BoogieDeclarations]: Found implementation of procedure IofCompleteRequest [2022-02-21 00:02:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure errorFn [2022-02-21 00:02:03,156 INFO L138 BoogieDeclarations]: Found implementation of procedure errorFn [2022-02-21 00:02:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-21 00:02:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure IofCallDriver [2022-02-21 00:02:03,156 INFO L138 BoogieDeclarations]: Found implementation of procedure IofCallDriver [2022-02-21 00:02:03,156 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-21 00:02:03,156 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-21 00:02:03,157 INFO L130 BoogieDeclarations]: Found specification of procedure KbFilter_DispatchPassThrough [2022-02-21 00:02:03,157 INFO L138 BoogieDeclarations]: Found implementation of procedure KbFilter_DispatchPassThrough [2022-02-21 00:02:03,280 INFO L234 CfgBuilder]: Building ICFG [2022-02-21 00:02:03,281 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-21 00:02:03,377 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-21 00:02:03,381 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-21 00:02:03,382 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-21 00:02:03,385 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-21 00:02:03,386 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-21 00:02:03,807 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##87: assume !false; [2022-02-21 00:02:03,808 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##86: assume false; [2022-02-21 00:02:03,808 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##63: assume !false; [2022-02-21 00:02:03,808 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##62: assume false; [2022-02-21 00:02:03,808 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##129: assume false; [2022-02-21 00:02:03,808 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##130: assume !false; [2022-02-21 00:02:03,808 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##18: assume false; [2022-02-21 00:02:03,809 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##19: assume !false; [2022-02-21 00:02:03,809 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##113: assume !false; [2022-02-21 00:02:03,809 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##112: assume false; [2022-02-21 00:02:03,822 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-21 00:02:03,841 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##12: assume !false; [2022-02-21 00:02:03,841 INFO L766 $ProcedureCfgBuilder]: dead code at ProgramPoint $Ultimate##11: assume false; [2022-02-21 00:02:03,846 INFO L275 CfgBuilder]: Performing block encoding [2022-02-21 00:02:03,853 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-21 00:02:03,853 INFO L299 CfgBuilder]: Removed 0 assume(true) statements. [2022-02-21 00:02:03,855 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.02 12:02:03 BoogieIcfgContainer [2022-02-21 00:02:03,855 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-21 00:02:03,856 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-21 00:02:03,856 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-21 00:02:03,859 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-21 00:02:03,859 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 21.02 12:02:02" (1/3) ... [2022-02-21 00:02:03,859 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@a84ad28 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 21.02 12:02:03, skipping insertion in model container [2022-02-21 00:02:03,860 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 21.02 12:02:02" (2/3) ... [2022-02-21 00:02:03,860 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@a84ad28 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 21.02 12:02:03, skipping insertion in model container [2022-02-21 00:02:03,860 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.02 12:02:03" (3/3) ... [2022-02-21 00:02:03,861 INFO L111 eAbstractionObserver]: Analyzing ICFG kbfiltr_simpl2.cil-1.c [2022-02-21 00:02:03,865 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-21 00:02:03,865 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 2 error locations. [2022-02-21 00:02:03,902 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-21 00:02:03,906 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=false, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=All, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-21 00:02:03,906 INFO L340 AbstractCegarLoop]: Starting to check reachability of 2 error locations. [2022-02-21 00:02:03,923 INFO L276 IsEmpty]: Start isEmpty. Operand has 209 states, 171 states have (on average 1.6023391812865497) internal successors, (274), 189 states have internal predecessors, (274), 28 states have call successors, (28), 7 states have call predecessors, (28), 7 states have return successors, (28), 27 states have call predecessors, (28), 28 states have call successors, (28) [2022-02-21 00:02:03,930 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 9 [2022-02-21 00:02:03,930 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:03,931 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:03,931 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:03,934 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:03,935 INFO L85 PathProgramCache]: Analyzing trace with hash -15799124, now seen corresponding path program 1 times [2022-02-21 00:02:03,941 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:03,941 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1443905165] [2022-02-21 00:02:03,941 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:03,942 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:04,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:04,085 INFO L290 TraceCheckUtils]: 0: Hoare triple {212#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {212#true} is VALID [2022-02-21 00:02:04,086 INFO L290 TraceCheckUtils]: 1: Hoare triple {212#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {214#(= |ULTIMATE.start_main_~status~1#1| 0)} is VALID [2022-02-21 00:02:04,086 INFO L290 TraceCheckUtils]: 2: Hoare triple {214#(= |ULTIMATE.start_main_~status~1#1| 0)} assume { :end_inline__BLAST_init } true; {214#(= |ULTIMATE.start_main_~status~1#1| 0)} is VALID [2022-02-21 00:02:04,087 INFO L290 TraceCheckUtils]: 3: Hoare triple {214#(= |ULTIMATE.start_main_~status~1#1| 0)} assume !(main_~status~1#1 >= 0); {213#false} is VALID [2022-02-21 00:02:04,087 INFO L290 TraceCheckUtils]: 4: Hoare triple {213#false} assume 1 == ~pended~0; {213#false} is VALID [2022-02-21 00:02:04,087 INFO L290 TraceCheckUtils]: 5: Hoare triple {213#false} assume ~s~0 == ~NP~0;~s~0 := ~NP~0; {213#false} is VALID [2022-02-21 00:02:04,088 INFO L290 TraceCheckUtils]: 6: Hoare triple {213#false} main_#res#1 := main_~status~1#1; {213#false} is VALID [2022-02-21 00:02:04,088 INFO L290 TraceCheckUtils]: 7: Hoare triple {213#false} assume !(#valid == main_old_#valid#1); {213#false} is VALID [2022-02-21 00:02:04,088 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:04,089 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:04,089 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1443905165] [2022-02-21 00:02:04,089 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1443905165] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:04,090 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:04,090 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-21 00:02:04,091 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [237387833] [2022-02-21 00:02:04,091 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:04,095 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 2.6666666666666665) internal successors, (8), 3 states have internal predecessors, (8), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 8 [2022-02-21 00:02:04,095 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:04,097 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 2.6666666666666665) internal successors, (8), 3 states have internal predecessors, (8), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:04,105 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 8 edges. 8 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:04,105 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-21 00:02:04,105 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:04,118 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-21 00:02:04,119 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:04,122 INFO L87 Difference]: Start difference. First operand has 209 states, 171 states have (on average 1.6023391812865497) internal successors, (274), 189 states have internal predecessors, (274), 28 states have call successors, (28), 7 states have call predecessors, (28), 7 states have return successors, (28), 27 states have call predecessors, (28), 28 states have call successors, (28) Second operand has 3 states, 3 states have (on average 2.6666666666666665) internal successors, (8), 3 states have internal predecessors, (8), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:04,479 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:04,480 INFO L93 Difference]: Finished difference Result 211 states and 314 transitions. [2022-02-21 00:02:04,480 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-21 00:02:04,480 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 2.6666666666666665) internal successors, (8), 3 states have internal predecessors, (8), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 8 [2022-02-21 00:02:04,480 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:04,481 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 2.6666666666666665) internal successors, (8), 3 states have internal predecessors, (8), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:04,488 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 319 transitions. [2022-02-21 00:02:04,489 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 2.6666666666666665) internal successors, (8), 3 states have internal predecessors, (8), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:04,493 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 319 transitions. [2022-02-21 00:02:04,493 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 319 transitions. [2022-02-21 00:02:04,737 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 319 edges. 319 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:04,747 INFO L225 Difference]: With dead ends: 211 [2022-02-21 00:02:04,747 INFO L226 Difference]: Without dead ends: 207 [2022-02-21 00:02:04,748 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:04,751 INFO L933 BasicCegarLoop]: 309 mSDtfsCounter, 179 mSDsluCounter, 108 mSDsCounter, 0 mSdLazyCounter, 16 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 190 SdHoareTripleChecker+Valid, 417 SdHoareTripleChecker+Invalid, 17 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 16 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:04,752 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [190 Valid, 417 Invalid, 17 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 16 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:04,764 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 207 states. [2022-02-21 00:02:04,778 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 207 to 205. [2022-02-21 00:02:04,778 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:04,779 INFO L82 GeneralOperation]: Start isEquivalent. First operand 207 states. Second operand has 205 states, 169 states have (on average 1.5739644970414202) internal successors, (266), 185 states have internal predecessors, (266), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:04,780 INFO L74 IsIncluded]: Start isIncluded. First operand 207 states. Second operand has 205 states, 169 states have (on average 1.5739644970414202) internal successors, (266), 185 states have internal predecessors, (266), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:04,781 INFO L87 Difference]: Start difference. First operand 207 states. Second operand has 205 states, 169 states have (on average 1.5739644970414202) internal successors, (266), 185 states have internal predecessors, (266), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:04,790 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:04,791 INFO L93 Difference]: Finished difference Result 207 states and 310 transitions. [2022-02-21 00:02:04,791 INFO L276 IsEmpty]: Start isEmpty. Operand 207 states and 310 transitions. [2022-02-21 00:02:04,793 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:04,793 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:04,794 INFO L74 IsIncluded]: Start isIncluded. First operand has 205 states, 169 states have (on average 1.5739644970414202) internal successors, (266), 185 states have internal predecessors, (266), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) Second operand 207 states. [2022-02-21 00:02:04,794 INFO L87 Difference]: Start difference. First operand has 205 states, 169 states have (on average 1.5739644970414202) internal successors, (266), 185 states have internal predecessors, (266), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) Second operand 207 states. [2022-02-21 00:02:04,805 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:04,806 INFO L93 Difference]: Finished difference Result 207 states and 310 transitions. [2022-02-21 00:02:04,806 INFO L276 IsEmpty]: Start isEmpty. Operand 207 states and 310 transitions. [2022-02-21 00:02:04,808 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:04,808 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:04,808 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:04,808 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:04,809 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 205 states, 169 states have (on average 1.5739644970414202) internal successors, (266), 185 states have internal predecessors, (266), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:04,816 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 205 states to 205 states and 309 transitions. [2022-02-21 00:02:04,818 INFO L78 Accepts]: Start accepts. Automaton has 205 states and 309 transitions. Word has length 8 [2022-02-21 00:02:04,818 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:04,818 INFO L470 AbstractCegarLoop]: Abstraction has 205 states and 309 transitions. [2022-02-21 00:02:04,818 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 2.6666666666666665) internal successors, (8), 3 states have internal predecessors, (8), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:04,818 INFO L276 IsEmpty]: Start isEmpty. Operand 205 states and 309 transitions. [2022-02-21 00:02:04,819 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 16 [2022-02-21 00:02:04,819 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:04,819 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:04,819 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-21 00:02:04,820 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:04,820 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:04,820 INFO L85 PathProgramCache]: Analyzing trace with hash -191249987, now seen corresponding path program 1 times [2022-02-21 00:02:04,821 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:04,821 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [41979664] [2022-02-21 00:02:04,821 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:04,821 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:04,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:04,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {1047#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {1047#true} is VALID [2022-02-21 00:02:04,865 INFO L290 TraceCheckUtils]: 1: Hoare triple {1047#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,865 INFO L290 TraceCheckUtils]: 2: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume { :end_inline__BLAST_init } true; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,866 INFO L290 TraceCheckUtils]: 3: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,866 INFO L290 TraceCheckUtils]: 4: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,867 INFO L290 TraceCheckUtils]: 5: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,867 INFO L290 TraceCheckUtils]: 6: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume { :end_inline_stub_driver_init } true; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,868 INFO L290 TraceCheckUtils]: 7: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,868 INFO L290 TraceCheckUtils]: 8: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,869 INFO L290 TraceCheckUtils]: 9: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,869 INFO L290 TraceCheckUtils]: 10: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume !(3 == main_~tmp_ndt_3~0#1);havoc main_~tmp_ndt_4~0#1;assume -2147483648 <= main_#t~nondet29#1 && main_#t~nondet29#1 <= 2147483647;main_~tmp_ndt_4~0#1 := main_#t~nondet29#1;havoc main_#t~nondet29#1; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,869 INFO L290 TraceCheckUtils]: 11: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume !(4 == main_~tmp_ndt_4~0#1);havoc main_~tmp_ndt_5~0#1;assume -2147483648 <= main_#t~nondet30#1 && main_#t~nondet30#1 <= 2147483647;main_~tmp_ndt_5~0#1 := main_#t~nondet30#1;havoc main_#t~nondet30#1; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,870 INFO L290 TraceCheckUtils]: 12: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume !(8 == main_~tmp_ndt_5~0#1); {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,870 INFO L290 TraceCheckUtils]: 13: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} main_#res#1 := -1; {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} is VALID [2022-02-21 00:02:04,871 INFO L290 TraceCheckUtils]: 14: Hoare triple {1049#(= |ULTIMATE.start_main_old_#valid#1| |#valid|)} assume !(#valid == main_old_#valid#1); {1048#false} is VALID [2022-02-21 00:02:04,871 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:04,871 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:04,871 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [41979664] [2022-02-21 00:02:04,871 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [41979664] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:04,872 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:04,872 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-21 00:02:04,872 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1240073746] [2022-02-21 00:02:04,872 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:04,873 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 2 states have (on average 7.5) internal successors, (15), 3 states have internal predecessors, (15), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 15 [2022-02-21 00:02:04,873 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:04,873 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 2 states have (on average 7.5) internal successors, (15), 3 states have internal predecessors, (15), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:04,883 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 15 edges. 15 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:04,883 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-21 00:02:04,884 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:04,884 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-21 00:02:04,884 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:04,884 INFO L87 Difference]: Start difference. First operand 205 states and 309 transitions. Second operand has 3 states, 2 states have (on average 7.5) internal successors, (15), 3 states have internal predecessors, (15), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,121 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:05,122 INFO L93 Difference]: Finished difference Result 204 states and 308 transitions. [2022-02-21 00:02:05,122 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-21 00:02:05,122 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 2 states have (on average 7.5) internal successors, (15), 3 states have internal predecessors, (15), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 15 [2022-02-21 00:02:05,122 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:05,122 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 2 states have (on average 7.5) internal successors, (15), 3 states have internal predecessors, (15), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,126 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 309 transitions. [2022-02-21 00:02:05,126 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 2 states have (on average 7.5) internal successors, (15), 3 states have internal predecessors, (15), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,134 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 309 transitions. [2022-02-21 00:02:05,135 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 309 transitions. [2022-02-21 00:02:05,347 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 309 edges. 309 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:05,350 INFO L225 Difference]: With dead ends: 204 [2022-02-21 00:02:05,350 INFO L226 Difference]: Without dead ends: 198 [2022-02-21 00:02:05,350 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:05,351 INFO L933 BasicCegarLoop]: 308 mSDtfsCounter, 199 mSDsluCounter, 64 mSDsCounter, 0 mSdLazyCounter, 21 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 210 SdHoareTripleChecker+Valid, 372 SdHoareTripleChecker+Invalid, 21 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 21 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:05,351 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [210 Valid, 372 Invalid, 21 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 21 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:05,352 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 198 states. [2022-02-21 00:02:05,357 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 198 to 198. [2022-02-21 00:02:05,357 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:05,358 INFO L82 GeneralOperation]: Start isEquivalent. First operand 198 states. Second operand has 198 states, 163 states have (on average 1.5276073619631902) internal successors, (249), 178 states have internal predecessors, (249), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:05,358 INFO L74 IsIncluded]: Start isIncluded. First operand 198 states. Second operand has 198 states, 163 states have (on average 1.5276073619631902) internal successors, (249), 178 states have internal predecessors, (249), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:05,359 INFO L87 Difference]: Start difference. First operand 198 states. Second operand has 198 states, 163 states have (on average 1.5276073619631902) internal successors, (249), 178 states have internal predecessors, (249), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:05,367 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:05,367 INFO L93 Difference]: Finished difference Result 198 states and 292 transitions. [2022-02-21 00:02:05,367 INFO L276 IsEmpty]: Start isEmpty. Operand 198 states and 292 transitions. [2022-02-21 00:02:05,368 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:05,368 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:05,369 INFO L74 IsIncluded]: Start isIncluded. First operand has 198 states, 163 states have (on average 1.5276073619631902) internal successors, (249), 178 states have internal predecessors, (249), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) Second operand 198 states. [2022-02-21 00:02:05,370 INFO L87 Difference]: Start difference. First operand has 198 states, 163 states have (on average 1.5276073619631902) internal successors, (249), 178 states have internal predecessors, (249), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) Second operand 198 states. [2022-02-21 00:02:05,378 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:05,378 INFO L93 Difference]: Finished difference Result 198 states and 292 transitions. [2022-02-21 00:02:05,378 INFO L276 IsEmpty]: Start isEmpty. Operand 198 states and 292 transitions. [2022-02-21 00:02:05,379 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:05,379 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:05,379 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:05,379 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:05,380 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 198 states, 163 states have (on average 1.5276073619631902) internal successors, (249), 178 states have internal predecessors, (249), 28 states have call successors, (28), 7 states have call predecessors, (28), 6 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-21 00:02:05,388 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 198 states to 198 states and 292 transitions. [2022-02-21 00:02:05,388 INFO L78 Accepts]: Start accepts. Automaton has 198 states and 292 transitions. Word has length 15 [2022-02-21 00:02:05,389 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:05,389 INFO L470 AbstractCegarLoop]: Abstraction has 198 states and 292 transitions. [2022-02-21 00:02:05,389 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 2 states have (on average 7.5) internal successors, (15), 3 states have internal predecessors, (15), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,389 INFO L276 IsEmpty]: Start isEmpty. Operand 198 states and 292 transitions. [2022-02-21 00:02:05,390 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-21 00:02:05,390 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:05,390 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:05,390 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-21 00:02:05,390 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:05,391 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:05,391 INFO L85 PathProgramCache]: Analyzing trace with hash 705160586, now seen corresponding path program 1 times [2022-02-21 00:02:05,391 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:05,391 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1265671154] [2022-02-21 00:02:05,391 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:05,391 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:05,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:05,448 INFO L290 TraceCheckUtils]: 0: Hoare triple {1850#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {1850#true} is VALID [2022-02-21 00:02:05,448 INFO L290 TraceCheckUtils]: 1: Hoare triple {1850#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {1850#true} is VALID [2022-02-21 00:02:05,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {1850#true} assume { :end_inline__BLAST_init } true; {1850#true} is VALID [2022-02-21 00:02:05,449 INFO L290 TraceCheckUtils]: 3: Hoare triple {1850#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {1850#true} is VALID [2022-02-21 00:02:05,450 INFO L290 TraceCheckUtils]: 4: Hoare triple {1850#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {1850#true} is VALID [2022-02-21 00:02:05,450 INFO L290 TraceCheckUtils]: 5: Hoare triple {1850#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,450 INFO L290 TraceCheckUtils]: 6: Hoare triple {1852#(= ~s~0 ~NP~0)} assume { :end_inline_stub_driver_init } true; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,451 INFO L290 TraceCheckUtils]: 7: Hoare triple {1852#(= ~s~0 ~NP~0)} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,451 INFO L290 TraceCheckUtils]: 8: Hoare triple {1852#(= ~s~0 ~NP~0)} assume 0 == main_~tmp_ndt_1~0#1; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,451 INFO L272 TraceCheckUtils]: 9: Hoare triple {1852#(= ~s~0 ~NP~0)} call main_#t~ret31#1 := KbFilter_CreateClose(main_~devobj~0#1, main_~pirp~0#1); {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,452 INFO L290 TraceCheckUtils]: 10: Hoare triple {1852#(= ~s~0 ~NP~0)} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;assume -2147483648 <= #t~nondet43 && #t~nondet43 <= 2147483647;~irpStack__MajorFunction~0 := #t~nondet43;havoc #t~nondet43;assume -2147483648 <= #t~nondet44 && #t~nondet44 <= 2147483647;~devExt__UpperConnectData__ClassService~0 := #t~nondet44;havoc #t~nondet44;havoc ~Irp__IoStatus__Status~1;havoc ~status~2;havoc ~tmp~0;~status~2 := ~myStatus~0; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,453 INFO L290 TraceCheckUtils]: 11: Hoare triple {1852#(= ~s~0 ~NP~0)} assume 0 == ~irpStack__MajorFunction~0; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,453 INFO L290 TraceCheckUtils]: 12: Hoare triple {1852#(= ~s~0 ~NP~0)} assume 0 == ~devExt__UpperConnectData__ClassService~0;~status~2 := -1073741436; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,454 INFO L290 TraceCheckUtils]: 13: Hoare triple {1852#(= ~s~0 ~NP~0)} ~Irp__IoStatus__Status~1 := ~status~2;~myStatus~0 := ~status~2; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,454 INFO L272 TraceCheckUtils]: 14: Hoare triple {1852#(= ~s~0 ~NP~0)} call #t~ret45 := KbFilter_DispatchPassThrough(~DeviceObject, ~Irp); {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,455 INFO L290 TraceCheckUtils]: 15: Hoare triple {1852#(= ~s~0 ~NP~0)} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;assume -2147483648 <= #t~nondet46 && #t~nondet46 <= 2147483647;~Irp__Tail__Overlay__CurrentStackLocation~1 := #t~nondet46;havoc #t~nondet46;assume -2147483648 <= #t~nondet47 && #t~nondet47 <= 2147483647;~Irp__CurrentLocation~1 := #t~nondet47;havoc #t~nondet47;assume -2147483648 <= #t~nondet48 && #t~nondet48 <= 2147483647;~DeviceObject__DeviceExtension__TopOfStack~0 := #t~nondet48;havoc #t~nondet48;havoc ~irpStack~1;havoc ~tmp~1;~irpStack~1 := ~Irp__Tail__Overlay__CurrentStackLocation~1; {1852#(= ~s~0 ~NP~0)} is VALID [2022-02-21 00:02:05,455 INFO L290 TraceCheckUtils]: 16: Hoare triple {1852#(= ~s~0 ~NP~0)} assume !(~s~0 == ~NP~0); {1851#false} is VALID [2022-02-21 00:02:05,455 INFO L272 TraceCheckUtils]: 17: Hoare triple {1851#false} call errorFn(); {1851#false} is VALID [2022-02-21 00:02:05,455 INFO L290 TraceCheckUtils]: 18: Hoare triple {1851#false} assume !false; {1851#false} is VALID [2022-02-21 00:02:05,456 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:05,456 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:05,456 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1265671154] [2022-02-21 00:02:05,456 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1265671154] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:05,456 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:05,456 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-21 00:02:05,457 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [383950942] [2022-02-21 00:02:05,457 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:05,457 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 2 states have call successors, (3), 2 states have call predecessors, (3), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-21 00:02:05,457 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:05,458 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 2 states have call successors, (3), 2 states have call predecessors, (3), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,467 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:05,468 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-21 00:02:05,468 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:05,468 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-21 00:02:05,468 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:05,468 INFO L87 Difference]: Start difference. First operand 198 states and 292 transitions. Second operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 2 states have call successors, (3), 2 states have call predecessors, (3), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,853 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:05,854 INFO L93 Difference]: Finished difference Result 263 states and 373 transitions. [2022-02-21 00:02:05,854 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-21 00:02:05,854 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 2 states have call successors, (3), 2 states have call predecessors, (3), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-21 00:02:05,854 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:05,854 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 2 states have call successors, (3), 2 states have call predecessors, (3), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,862 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 383 transitions. [2022-02-21 00:02:05,871 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 2 states have call successors, (3), 2 states have call predecessors, (3), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:05,878 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 383 transitions. [2022-02-21 00:02:05,878 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 383 transitions. [2022-02-21 00:02:06,095 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 383 edges. 383 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:06,099 INFO L225 Difference]: With dead ends: 263 [2022-02-21 00:02:06,099 INFO L226 Difference]: Without dead ends: 262 [2022-02-21 00:02:06,100 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:06,105 INFO L933 BasicCegarLoop]: 324 mSDtfsCounter, 201 mSDsluCounter, 106 mSDsCounter, 0 mSdLazyCounter, 68 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 201 SdHoareTripleChecker+Valid, 430 SdHoareTripleChecker+Invalid, 83 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 68 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:06,106 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [201 Valid, 430 Invalid, 83 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 68 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:06,108 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 262 states. [2022-02-21 00:02:06,126 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 262 to 249. [2022-02-21 00:02:06,126 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:06,128 INFO L82 GeneralOperation]: Start isEquivalent. First operand 262 states. Second operand has 249 states, 213 states have (on average 1.431924882629108) internal successors, (305), 215 states have internal predecessors, (305), 25 states have call successors, (25), 11 states have call predecessors, (25), 10 states have return successors, (27), 25 states have call predecessors, (27), 18 states have call successors, (27) [2022-02-21 00:02:06,129 INFO L74 IsIncluded]: Start isIncluded. First operand 262 states. Second operand has 249 states, 213 states have (on average 1.431924882629108) internal successors, (305), 215 states have internal predecessors, (305), 25 states have call successors, (25), 11 states have call predecessors, (25), 10 states have return successors, (27), 25 states have call predecessors, (27), 18 states have call successors, (27) [2022-02-21 00:02:06,130 INFO L87 Difference]: Start difference. First operand 262 states. Second operand has 249 states, 213 states have (on average 1.431924882629108) internal successors, (305), 215 states have internal predecessors, (305), 25 states have call successors, (25), 11 states have call predecessors, (25), 10 states have return successors, (27), 25 states have call predecessors, (27), 18 states have call successors, (27) [2022-02-21 00:02:06,137 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:06,137 INFO L93 Difference]: Finished difference Result 262 states and 372 transitions. [2022-02-21 00:02:06,138 INFO L276 IsEmpty]: Start isEmpty. Operand 262 states and 372 transitions. [2022-02-21 00:02:06,138 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:06,139 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:06,140 INFO L74 IsIncluded]: Start isIncluded. First operand has 249 states, 213 states have (on average 1.431924882629108) internal successors, (305), 215 states have internal predecessors, (305), 25 states have call successors, (25), 11 states have call predecessors, (25), 10 states have return successors, (27), 25 states have call predecessors, (27), 18 states have call successors, (27) Second operand 262 states. [2022-02-21 00:02:06,140 INFO L87 Difference]: Start difference. First operand has 249 states, 213 states have (on average 1.431924882629108) internal successors, (305), 215 states have internal predecessors, (305), 25 states have call successors, (25), 11 states have call predecessors, (25), 10 states have return successors, (27), 25 states have call predecessors, (27), 18 states have call successors, (27) Second operand 262 states. [2022-02-21 00:02:06,148 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:06,148 INFO L93 Difference]: Finished difference Result 262 states and 372 transitions. [2022-02-21 00:02:06,148 INFO L276 IsEmpty]: Start isEmpty. Operand 262 states and 372 transitions. [2022-02-21 00:02:06,150 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:06,150 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:06,150 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:06,150 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:06,152 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 249 states, 213 states have (on average 1.431924882629108) internal successors, (305), 215 states have internal predecessors, (305), 25 states have call successors, (25), 11 states have call predecessors, (25), 10 states have return successors, (27), 25 states have call predecessors, (27), 18 states have call successors, (27) [2022-02-21 00:02:06,158 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 249 states to 249 states and 357 transitions. [2022-02-21 00:02:06,158 INFO L78 Accepts]: Start accepts. Automaton has 249 states and 357 transitions. Word has length 19 [2022-02-21 00:02:06,158 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:06,158 INFO L470 AbstractCegarLoop]: Abstraction has 249 states and 357 transitions. [2022-02-21 00:02:06,159 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 2 states have call successors, (3), 2 states have call predecessors, (3), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:06,159 INFO L276 IsEmpty]: Start isEmpty. Operand 249 states and 357 transitions. [2022-02-21 00:02:06,159 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 19 [2022-02-21 00:02:06,159 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:06,160 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:06,160 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-21 00:02:06,160 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:06,161 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:06,161 INFO L85 PathProgramCache]: Analyzing trace with hash -2016043499, now seen corresponding path program 1 times [2022-02-21 00:02:06,161 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:06,161 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [946420074] [2022-02-21 00:02:06,161 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:06,161 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:06,208 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:06,233 INFO L290 TraceCheckUtils]: 0: Hoare triple {2891#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {2891#true} is VALID [2022-02-21 00:02:06,233 INFO L290 TraceCheckUtils]: 1: Hoare triple {2891#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {2891#true} is VALID [2022-02-21 00:02:06,234 INFO L290 TraceCheckUtils]: 2: Hoare triple {2891#true} assume { :end_inline__BLAST_init } true; {2891#true} is VALID [2022-02-21 00:02:06,234 INFO L290 TraceCheckUtils]: 3: Hoare triple {2891#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {2891#true} is VALID [2022-02-21 00:02:06,234 INFO L290 TraceCheckUtils]: 4: Hoare triple {2891#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {2891#true} is VALID [2022-02-21 00:02:06,234 INFO L290 TraceCheckUtils]: 5: Hoare triple {2891#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,235 INFO L290 TraceCheckUtils]: 6: Hoare triple {2893#(= ~compRegistered~0 0)} assume { :end_inline_stub_driver_init } true; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,235 INFO L290 TraceCheckUtils]: 7: Hoare triple {2893#(= ~compRegistered~0 0)} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,238 INFO L290 TraceCheckUtils]: 8: Hoare triple {2893#(= ~compRegistered~0 0)} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,238 INFO L290 TraceCheckUtils]: 9: Hoare triple {2893#(= ~compRegistered~0 0)} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,238 INFO L290 TraceCheckUtils]: 10: Hoare triple {2893#(= ~compRegistered~0 0)} assume 3 == main_~tmp_ndt_3~0#1; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,239 INFO L290 TraceCheckUtils]: 11: Hoare triple {2893#(= ~compRegistered~0 0)} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,240 INFO L290 TraceCheckUtils]: 12: Hoare triple {2893#(= ~compRegistered~0 0)} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,241 INFO L290 TraceCheckUtils]: 13: Hoare triple {2893#(= ~compRegistered~0 0)} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,242 INFO L290 TraceCheckUtils]: 14: Hoare triple {2893#(= ~compRegistered~0 0)} assume !(~s~0 != ~NP~0); {2893#(= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:06,242 INFO L290 TraceCheckUtils]: 15: Hoare triple {2893#(= ~compRegistered~0 0)} assume 0 != ~compRegistered~0; {2892#false} is VALID [2022-02-21 00:02:06,243 INFO L272 TraceCheckUtils]: 16: Hoare triple {2892#false} call errorFn(); {2892#false} is VALID [2022-02-21 00:02:06,243 INFO L290 TraceCheckUtils]: 17: Hoare triple {2892#false} assume !false; {2892#false} is VALID [2022-02-21 00:02:06,243 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:06,243 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:06,243 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [946420074] [2022-02-21 00:02:06,244 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [946420074] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:06,244 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:06,244 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-21 00:02:06,244 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1119333371] [2022-02-21 00:02:06,244 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:06,245 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.666666666666667) internal successors, (17), 3 states have internal predecessors, (17), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 18 [2022-02-21 00:02:06,245 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:06,245 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 5.666666666666667) internal successors, (17), 3 states have internal predecessors, (17), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:06,255 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 18 edges. 18 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:06,256 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-21 00:02:06,256 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:06,257 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-21 00:02:06,257 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:06,257 INFO L87 Difference]: Start difference. First operand 249 states and 357 transitions. Second operand has 3 states, 3 states have (on average 5.666666666666667) internal successors, (17), 3 states have internal predecessors, (17), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:06,467 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:06,468 INFO L93 Difference]: Finished difference Result 306 states and 428 transitions. [2022-02-21 00:02:06,468 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-21 00:02:06,468 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.666666666666667) internal successors, (17), 3 states have internal predecessors, (17), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 18 [2022-02-21 00:02:06,469 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:06,469 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.666666666666667) internal successors, (17), 3 states have internal predecessors, (17), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:06,472 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 342 transitions. [2022-02-21 00:02:06,472 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 5.666666666666667) internal successors, (17), 3 states have internal predecessors, (17), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:06,475 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 342 transitions. [2022-02-21 00:02:06,475 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 342 transitions. [2022-02-21 00:02:06,702 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 342 edges. 342 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:06,706 INFO L225 Difference]: With dead ends: 306 [2022-02-21 00:02:06,706 INFO L226 Difference]: Without dead ends: 306 [2022-02-21 00:02:06,706 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:06,707 INFO L933 BasicCegarLoop]: 268 mSDtfsCounter, 238 mSDsluCounter, 84 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 238 SdHoareTripleChecker+Valid, 352 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:06,707 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [238 Valid, 352 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:06,708 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 306 states. [2022-02-21 00:02:06,713 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 306 to 287. [2022-02-21 00:02:06,713 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:06,714 INFO L82 GeneralOperation]: Start isEquivalent. First operand 306 states. Second operand has 287 states, 253 states have (on average 1.4189723320158103) internal successors, (359), 253 states have internal predecessors, (359), 21 states have call successors, (21), 11 states have call predecessors, (21), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:06,714 INFO L74 IsIncluded]: Start isIncluded. First operand 306 states. Second operand has 287 states, 253 states have (on average 1.4189723320158103) internal successors, (359), 253 states have internal predecessors, (359), 21 states have call successors, (21), 11 states have call predecessors, (21), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:06,715 INFO L87 Difference]: Start difference. First operand 306 states. Second operand has 287 states, 253 states have (on average 1.4189723320158103) internal successors, (359), 253 states have internal predecessors, (359), 21 states have call successors, (21), 11 states have call predecessors, (21), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:06,722 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:06,723 INFO L93 Difference]: Finished difference Result 306 states and 428 transitions. [2022-02-21 00:02:06,723 INFO L276 IsEmpty]: Start isEmpty. Operand 306 states and 428 transitions. [2022-02-21 00:02:06,723 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:06,723 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:06,724 INFO L74 IsIncluded]: Start isIncluded. First operand has 287 states, 253 states have (on average 1.4189723320158103) internal successors, (359), 253 states have internal predecessors, (359), 21 states have call successors, (21), 11 states have call predecessors, (21), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 306 states. [2022-02-21 00:02:06,725 INFO L87 Difference]: Start difference. First operand has 287 states, 253 states have (on average 1.4189723320158103) internal successors, (359), 253 states have internal predecessors, (359), 21 states have call successors, (21), 11 states have call predecessors, (21), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 306 states. [2022-02-21 00:02:06,732 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:06,732 INFO L93 Difference]: Finished difference Result 306 states and 428 transitions. [2022-02-21 00:02:06,733 INFO L276 IsEmpty]: Start isEmpty. Operand 306 states and 428 transitions. [2022-02-21 00:02:06,733 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:06,733 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:06,734 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:06,734 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:06,734 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 287 states, 253 states have (on average 1.4189723320158103) internal successors, (359), 253 states have internal predecessors, (359), 21 states have call successors, (21), 11 states have call predecessors, (21), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:06,741 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 287 states to 287 states and 406 transitions. [2022-02-21 00:02:06,742 INFO L78 Accepts]: Start accepts. Automaton has 287 states and 406 transitions. Word has length 18 [2022-02-21 00:02:06,742 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:06,742 INFO L470 AbstractCegarLoop]: Abstraction has 287 states and 406 transitions. [2022-02-21 00:02:06,742 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.666666666666667) internal successors, (17), 3 states have internal predecessors, (17), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:06,742 INFO L276 IsEmpty]: Start isEmpty. Operand 287 states and 406 transitions. [2022-02-21 00:02:06,743 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-21 00:02:06,743 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:06,743 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:06,743 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-21 00:02:06,744 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:06,744 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:06,744 INFO L85 PathProgramCache]: Analyzing trace with hash 1374657914, now seen corresponding path program 1 times [2022-02-21 00:02:06,744 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:06,745 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1804639043] [2022-02-21 00:02:06,745 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:06,745 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:06,764 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:06,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {4101#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {4101#true} is VALID [2022-02-21 00:02:06,799 INFO L290 TraceCheckUtils]: 1: Hoare triple {4101#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {4101#true} is VALID [2022-02-21 00:02:06,799 INFO L290 TraceCheckUtils]: 2: Hoare triple {4101#true} assume { :end_inline__BLAST_init } true; {4101#true} is VALID [2022-02-21 00:02:06,799 INFO L290 TraceCheckUtils]: 3: Hoare triple {4101#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {4101#true} is VALID [2022-02-21 00:02:06,800 INFO L290 TraceCheckUtils]: 4: Hoare triple {4101#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {4101#true} is VALID [2022-02-21 00:02:06,800 INFO L290 TraceCheckUtils]: 5: Hoare triple {4101#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {4101#true} is VALID [2022-02-21 00:02:06,800 INFO L290 TraceCheckUtils]: 6: Hoare triple {4101#true} assume { :end_inline_stub_driver_init } true; {4101#true} is VALID [2022-02-21 00:02:06,800 INFO L290 TraceCheckUtils]: 7: Hoare triple {4101#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {4101#true} is VALID [2022-02-21 00:02:06,800 INFO L290 TraceCheckUtils]: 8: Hoare triple {4101#true} assume 0 == main_~tmp_ndt_1~0#1; {4101#true} is VALID [2022-02-21 00:02:06,800 INFO L272 TraceCheckUtils]: 9: Hoare triple {4101#true} call main_#t~ret31#1 := KbFilter_CreateClose(main_~devobj~0#1, main_~pirp~0#1); {4101#true} is VALID [2022-02-21 00:02:06,801 INFO L290 TraceCheckUtils]: 10: Hoare triple {4101#true} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;assume -2147483648 <= #t~nondet43 && #t~nondet43 <= 2147483647;~irpStack__MajorFunction~0 := #t~nondet43;havoc #t~nondet43;assume -2147483648 <= #t~nondet44 && #t~nondet44 <= 2147483647;~devExt__UpperConnectData__ClassService~0 := #t~nondet44;havoc #t~nondet44;havoc ~Irp__IoStatus__Status~1;havoc ~status~2;havoc ~tmp~0;~status~2 := ~myStatus~0; {4101#true} is VALID [2022-02-21 00:02:06,801 INFO L290 TraceCheckUtils]: 11: Hoare triple {4101#true} assume 0 == ~irpStack__MajorFunction~0; {4101#true} is VALID [2022-02-21 00:02:06,801 INFO L290 TraceCheckUtils]: 12: Hoare triple {4101#true} assume 0 == ~devExt__UpperConnectData__ClassService~0;~status~2 := -1073741436; {4101#true} is VALID [2022-02-21 00:02:06,801 INFO L290 TraceCheckUtils]: 13: Hoare triple {4101#true} ~Irp__IoStatus__Status~1 := ~status~2;~myStatus~0 := ~status~2; {4101#true} is VALID [2022-02-21 00:02:06,801 INFO L272 TraceCheckUtils]: 14: Hoare triple {4101#true} call #t~ret45 := KbFilter_DispatchPassThrough(~DeviceObject, ~Irp); {4101#true} is VALID [2022-02-21 00:02:06,801 INFO L290 TraceCheckUtils]: 15: Hoare triple {4101#true} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;assume -2147483648 <= #t~nondet46 && #t~nondet46 <= 2147483647;~Irp__Tail__Overlay__CurrentStackLocation~1 := #t~nondet46;havoc #t~nondet46;assume -2147483648 <= #t~nondet47 && #t~nondet47 <= 2147483647;~Irp__CurrentLocation~1 := #t~nondet47;havoc #t~nondet47;assume -2147483648 <= #t~nondet48 && #t~nondet48 <= 2147483647;~DeviceObject__DeviceExtension__TopOfStack~0 := #t~nondet48;havoc #t~nondet48;havoc ~irpStack~1;havoc ~tmp~1;~irpStack~1 := ~Irp__Tail__Overlay__CurrentStackLocation~1; {4101#true} is VALID [2022-02-21 00:02:06,802 INFO L290 TraceCheckUtils]: 16: Hoare triple {4101#true} assume ~s~0 == ~NP~0;~s~0 := ~SKIP1~0; {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,802 INFO L290 TraceCheckUtils]: 17: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} #t~post49 := ~Irp__CurrentLocation~1;~Irp__CurrentLocation~1 := 1 + #t~post49;havoc #t~post49;#t~post50 := ~Irp__Tail__Overlay__CurrentStackLocation~1;~Irp__Tail__Overlay__CurrentStackLocation~1 := 1 + #t~post50;havoc #t~post50; {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,803 INFO L272 TraceCheckUtils]: 18: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} call #t~ret51 := IofCallDriver(~DeviceObject__DeviceExtension__TopOfStack~0, ~Irp); {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,804 INFO L290 TraceCheckUtils]: 19: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,804 INFO L290 TraceCheckUtils]: 20: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} assume !(0 != ~compRegistered~0); {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,805 INFO L290 TraceCheckUtils]: 21: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,805 INFO L290 TraceCheckUtils]: 22: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} assume 0 == ~tmp_ndt_6~0; {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,805 INFO L290 TraceCheckUtils]: 23: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} ~returnVal2~0 := 0; {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,806 INFO L290 TraceCheckUtils]: 24: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} assume !(~s~0 == ~NP~0); {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,806 INFO L290 TraceCheckUtils]: 25: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} assume !(~s~0 == ~MPR1~0); {4103#(= ~SKIP1~0 ~s~0)} is VALID [2022-02-21 00:02:06,806 INFO L290 TraceCheckUtils]: 26: Hoare triple {4103#(= ~SKIP1~0 ~s~0)} assume !(~s~0 == ~SKIP1~0); {4102#false} is VALID [2022-02-21 00:02:06,807 INFO L272 TraceCheckUtils]: 27: Hoare triple {4102#false} call errorFn(); {4102#false} is VALID [2022-02-21 00:02:06,807 INFO L290 TraceCheckUtils]: 28: Hoare triple {4102#false} assume !false; {4102#false} is VALID [2022-02-21 00:02:06,807 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:06,807 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:06,807 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1804639043] [2022-02-21 00:02:06,807 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1804639043] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:06,808 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:06,808 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-21 00:02:06,808 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [123437313] [2022-02-21 00:02:06,808 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:06,809 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 3 states have call successors, (4), 3 states have call predecessors, (4), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 29 [2022-02-21 00:02:06,809 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:06,809 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 3 states have call successors, (4), 3 states have call predecessors, (4), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:06,825 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:06,826 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-21 00:02:06,826 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:06,826 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-21 00:02:06,826 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:06,826 INFO L87 Difference]: Start difference. First operand 287 states and 406 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 3 states have call successors, (4), 3 states have call predecessors, (4), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:07,059 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:07,060 INFO L93 Difference]: Finished difference Result 286 states and 403 transitions. [2022-02-21 00:02:07,060 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-21 00:02:07,060 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 3 states have call successors, (4), 3 states have call predecessors, (4), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 29 [2022-02-21 00:02:07,060 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:07,061 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 3 states have call successors, (4), 3 states have call predecessors, (4), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:07,063 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 285 transitions. [2022-02-21 00:02:07,064 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 3 states have call successors, (4), 3 states have call predecessors, (4), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:07,066 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 285 transitions. [2022-02-21 00:02:07,067 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 285 transitions. [2022-02-21 00:02:07,269 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 285 edges. 285 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:07,273 INFO L225 Difference]: With dead ends: 286 [2022-02-21 00:02:07,273 INFO L226 Difference]: Without dead ends: 286 [2022-02-21 00:02:07,273 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-21 00:02:07,274 INFO L933 BasicCegarLoop]: 267 mSDtfsCounter, 25 mSDsluCounter, 202 mSDsCounter, 0 mSdLazyCounter, 48 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 25 SdHoareTripleChecker+Valid, 469 SdHoareTripleChecker+Invalid, 54 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 48 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:07,274 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [25 Valid, 469 Invalid, 54 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 48 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:07,275 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 286 states. [2022-02-21 00:02:07,284 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 286 to 286. [2022-02-21 00:02:07,284 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:07,285 INFO L82 GeneralOperation]: Start isEquivalent. First operand 286 states. Second operand has 286 states, 253 states have (on average 1.4110671936758894) internal successors, (357), 252 states have internal predecessors, (357), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:07,286 INFO L74 IsIncluded]: Start isIncluded. First operand 286 states. Second operand has 286 states, 253 states have (on average 1.4110671936758894) internal successors, (357), 252 states have internal predecessors, (357), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:07,286 INFO L87 Difference]: Start difference. First operand 286 states. Second operand has 286 states, 253 states have (on average 1.4110671936758894) internal successors, (357), 252 states have internal predecessors, (357), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:07,294 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:07,294 INFO L93 Difference]: Finished difference Result 286 states and 403 transitions. [2022-02-21 00:02:07,294 INFO L276 IsEmpty]: Start isEmpty. Operand 286 states and 403 transitions. [2022-02-21 00:02:07,295 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:07,295 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:07,296 INFO L74 IsIncluded]: Start isIncluded. First operand has 286 states, 253 states have (on average 1.4110671936758894) internal successors, (357), 252 states have internal predecessors, (357), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 286 states. [2022-02-21 00:02:07,296 INFO L87 Difference]: Start difference. First operand has 286 states, 253 states have (on average 1.4110671936758894) internal successors, (357), 252 states have internal predecessors, (357), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 286 states. [2022-02-21 00:02:07,302 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:07,303 INFO L93 Difference]: Finished difference Result 286 states and 403 transitions. [2022-02-21 00:02:07,303 INFO L276 IsEmpty]: Start isEmpty. Operand 286 states and 403 transitions. [2022-02-21 00:02:07,304 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:07,305 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:07,305 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:07,305 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:07,305 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 286 states, 253 states have (on average 1.4110671936758894) internal successors, (357), 252 states have internal predecessors, (357), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:07,311 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 286 states to 286 states and 403 transitions. [2022-02-21 00:02:07,312 INFO L78 Accepts]: Start accepts. Automaton has 286 states and 403 transitions. Word has length 29 [2022-02-21 00:02:07,313 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:07,313 INFO L470 AbstractCegarLoop]: Abstraction has 286 states and 403 transitions. [2022-02-21 00:02:07,313 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 3 states have call successors, (4), 3 states have call predecessors, (4), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:07,314 INFO L276 IsEmpty]: Start isEmpty. Operand 286 states and 403 transitions. [2022-02-21 00:02:07,314 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 34 [2022-02-21 00:02:07,314 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:07,314 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:07,315 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-21 00:02:07,315 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:07,315 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:07,316 INFO L85 PathProgramCache]: Analyzing trace with hash -889185583, now seen corresponding path program 1 times [2022-02-21 00:02:07,316 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:07,317 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [51278207] [2022-02-21 00:02:07,317 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:07,317 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:07,360 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:07,418 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:07,420 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:07,448 INFO L290 TraceCheckUtils]: 0: Hoare triple {5258#(= ~s~0 |old(~s~0)|)} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {5250#true} is VALID [2022-02-21 00:02:07,449 INFO L290 TraceCheckUtils]: 1: Hoare triple {5250#true} assume ~s~0 == ~NP~0;~s~0 := ~DC~0; {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:07,449 INFO L290 TraceCheckUtils]: 2: Hoare triple {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} assume true; {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:07,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} #743#return; {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,450 INFO L290 TraceCheckUtils]: 0: Hoare triple {5250#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {5250#true} is VALID [2022-02-21 00:02:07,451 INFO L290 TraceCheckUtils]: 1: Hoare triple {5250#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,452 INFO L290 TraceCheckUtils]: 2: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume { :end_inline__BLAST_init } true; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,452 INFO L290 TraceCheckUtils]: 3: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,453 INFO L290 TraceCheckUtils]: 4: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,453 INFO L290 TraceCheckUtils]: 5: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,454 INFO L290 TraceCheckUtils]: 6: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume { :end_inline_stub_driver_init } true; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,454 INFO L290 TraceCheckUtils]: 7: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,455 INFO L290 TraceCheckUtils]: 8: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,455 INFO L290 TraceCheckUtils]: 9: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,455 INFO L290 TraceCheckUtils]: 10: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume !(3 == main_~tmp_ndt_3~0#1);havoc main_~tmp_ndt_4~0#1;assume -2147483648 <= main_#t~nondet29#1 && main_#t~nondet29#1 <= 2147483647;main_~tmp_ndt_4~0#1 := main_#t~nondet29#1;havoc main_#t~nondet29#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,456 INFO L290 TraceCheckUtils]: 11: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume !(4 == main_~tmp_ndt_4~0#1);havoc main_~tmp_ndt_5~0#1;assume -2147483648 <= main_#t~nondet30#1 && main_#t~nondet30#1 <= 2147483647;main_~tmp_ndt_5~0#1 := main_#t~nondet30#1;havoc main_#t~nondet30#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,456 INFO L290 TraceCheckUtils]: 12: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume 8 == main_~tmp_ndt_5~0#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,459 INFO L290 TraceCheckUtils]: 13: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume { :begin_inline_KbFilter_InternIoCtl } true;KbFilter_InternIoCtl_#in~DeviceObject#1, KbFilter_InternIoCtl_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_InternIoCtl_#res#1;havoc KbFilter_InternIoCtl_#t~nondet65#1, KbFilter_InternIoCtl_#t~nondet66#1, KbFilter_InternIoCtl_#t~nondet67#1, KbFilter_InternIoCtl_#t~nondet68#1, KbFilter_InternIoCtl_#t~nondet69#1, KbFilter_InternIoCtl_#t~nondet70#1, KbFilter_InternIoCtl_#t~nondet71#1, KbFilter_InternIoCtl_#t~nondet72#1, KbFilter_InternIoCtl_#t~nondet73#1, KbFilter_InternIoCtl_#t~nondet74#1, KbFilter_InternIoCtl_#t~nondet75#1, KbFilter_InternIoCtl_#t~nondet76#1, KbFilter_InternIoCtl_#t~nondet77#1, KbFilter_InternIoCtl_#t~nondet78#1, KbFilter_InternIoCtl_#t~nondet79#1, KbFilter_InternIoCtl_#t~nondet80#1, KbFilter_InternIoCtl_#t~nondet81#1, KbFilter_InternIoCtl_#t~ret82#1, KbFilter_InternIoCtl_~DeviceObject#1, KbFilter_InternIoCtl_~Irp#1, KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1, KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__InputBufferLength~0#1, KbFilter_InternIoCtl_~sizeof__CONNECT_DATA~0#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__Type3InputBuffer~0#1, KbFilter_InternIoCtl_~sizeof__INTERNAL_I8042_HOOK_KEYBOARD~0#1, KbFilter_InternIoCtl_~hookKeyboard__InitializationRoutine~0#1, KbFilter_InternIoCtl_~hookKeyboard__IsrRoutine~0#1, KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1, KbFilter_InternIoCtl_~hookKeyboard~0#1, KbFilter_InternIoCtl_~connectData~0#1, KbFilter_InternIoCtl_~status~3#1, KbFilter_InternIoCtl_~tmp~3#1, KbFilter_InternIoCtl_~__cil_tmp17~0#1, KbFilter_InternIoCtl_~__cil_tmp18~0#1, KbFilter_InternIoCtl_~__cil_tmp19~0#1, KbFilter_InternIoCtl_~__cil_tmp20~0#1, KbFilter_InternIoCtl_~__cil_tmp21~0#1, KbFilter_InternIoCtl_~__cil_tmp22~0#1, KbFilter_InternIoCtl_~__cil_tmp23~1#1, KbFilter_InternIoCtl_~__cil_tmp24~0#1, KbFilter_InternIoCtl_~__cil_tmp25~0#1, KbFilter_InternIoCtl_~__cil_tmp26~0#1, KbFilter_InternIoCtl_~__cil_tmp27~0#1, KbFilter_InternIoCtl_~__cil_tmp28~0#1, KbFilter_InternIoCtl_~__cil_tmp29~0#1, KbFilter_InternIoCtl_~__cil_tmp30~0#1, KbFilter_InternIoCtl_~__cil_tmp31~0#1, KbFilter_InternIoCtl_~__cil_tmp32~0#1, KbFilter_InternIoCtl_~__cil_tmp33~0#1, KbFilter_InternIoCtl_~__cil_tmp34~0#1, KbFilter_InternIoCtl_~__cil_tmp35~0#1, KbFilter_InternIoCtl_~__cil_tmp36~0#1, KbFilter_InternIoCtl_~__cil_tmp37~0#1, KbFilter_InternIoCtl_~__cil_tmp38~0#1, KbFilter_InternIoCtl_~__cil_tmp39~0#1, KbFilter_InternIoCtl_~__cil_tmp40~0#1, KbFilter_InternIoCtl_~__cil_tmp41~0#1, KbFilter_InternIoCtl_~__cil_tmp42~0#1, KbFilter_InternIoCtl_~__cil_tmp43~0#1, KbFilter_InternIoCtl_~__cil_tmp44~0#1, KbFilter_InternIoCtl_~__cil_tmp45~0#1;KbFilter_InternIoCtl_~DeviceObject#1 := KbFilter_InternIoCtl_#in~DeviceObject#1;KbFilter_InternIoCtl_~Irp#1 := KbFilter_InternIoCtl_#in~Irp#1;havoc KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet65#1 && KbFilter_InternIoCtl_#t~nondet65#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1 := KbFilter_InternIoCtl_#t~nondet65#1;havoc KbFilter_InternIoCtl_#t~nondet65#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet66#1 && KbFilter_InternIoCtl_#t~nondet66#1 <= 2147483647;KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1 := KbFilter_InternIoCtl_#t~nondet66#1;havoc KbFilter_InternIoCtl_#t~nondet66#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet67#1 && KbFilter_InternIoCtl_#t~nondet67#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__InputBufferLength~0#1 := KbFilter_InternIoCtl_#t~nondet67#1;havoc KbFilter_InternIoCtl_#t~nondet67#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet68#1 && KbFilter_InternIoCtl_#t~nondet68#1 <= 2147483647;KbFilter_InternIoCtl_~sizeof__CONNECT_DATA~0#1 := KbFilter_InternIoCtl_#t~nondet68#1;havoc KbFilter_InternIoCtl_#t~nondet68#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet69#1 && KbFilter_InternIoCtl_#t~nondet69#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__Type3InputBuffer~0#1 := KbFilter_InternIoCtl_#t~nondet69#1;havoc KbFilter_InternIoCtl_#t~nondet69#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet70#1 && KbFilter_InternIoCtl_#t~nondet70#1 <= 2147483647;KbFilter_InternIoCtl_~sizeof__INTERNAL_I8042_HOOK_KEYBOARD~0#1 := KbFilter_InternIoCtl_#t~nondet70#1;havoc KbFilter_InternIoCtl_#t~nondet70#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet71#1 && KbFilter_InternIoCtl_#t~nondet71#1 <= 2147483647;KbFilter_InternIoCtl_~hookKeyboard__InitializationRoutine~0#1 := KbFilter_InternIoCtl_#t~nondet71#1;havoc KbFilter_InternIoCtl_#t~nondet71#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet72#1 && KbFilter_InternIoCtl_#t~nondet72#1 <= 2147483647;KbFilter_InternIoCtl_~hookKeyboard__IsrRoutine~0#1 := KbFilter_InternIoCtl_#t~nondet72#1;havoc KbFilter_InternIoCtl_#t~nondet72#1;havoc KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1;havoc KbFilter_InternIoCtl_~hookKeyboard~0#1;havoc KbFilter_InternIoCtl_~connectData~0#1;havoc KbFilter_InternIoCtl_~status~3#1;havoc KbFilter_InternIoCtl_~tmp~3#1;havoc KbFilter_InternIoCtl_~__cil_tmp17~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp18~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp19~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet73#1 && KbFilter_InternIoCtl_#t~nondet73#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp20~0#1 := KbFilter_InternIoCtl_#t~nondet73#1;havoc KbFilter_InternIoCtl_#t~nondet73#1;havoc KbFilter_InternIoCtl_~__cil_tmp21~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp22~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp23~1#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet74#1 && KbFilter_InternIoCtl_#t~nondet74#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp24~0#1 := KbFilter_InternIoCtl_#t~nondet74#1;havoc KbFilter_InternIoCtl_#t~nondet74#1;havoc KbFilter_InternIoCtl_~__cil_tmp25~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp26~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp27~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet75#1 && KbFilter_InternIoCtl_#t~nondet75#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp28~0#1 := KbFilter_InternIoCtl_#t~nondet75#1;havoc KbFilter_InternIoCtl_#t~nondet75#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet76#1 && KbFilter_InternIoCtl_#t~nondet76#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp29~0#1 := KbFilter_InternIoCtl_#t~nondet76#1;havoc KbFilter_InternIoCtl_#t~nondet76#1;havoc KbFilter_InternIoCtl_~__cil_tmp30~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp31~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet77#1 && KbFilter_InternIoCtl_#t~nondet77#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp32~0#1 := KbFilter_InternIoCtl_#t~nondet77#1;havoc KbFilter_InternIoCtl_#t~nondet77#1;havoc KbFilter_InternIoCtl_~__cil_tmp33~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp34~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet78#1 && KbFilter_InternIoCtl_#t~nondet78#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp35~0#1 := KbFilter_InternIoCtl_#t~nondet78#1;havoc KbFilter_InternIoCtl_#t~nondet78#1;havoc KbFilter_InternIoCtl_~__cil_tmp36~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp37~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet79#1 && KbFilter_InternIoCtl_#t~nondet79#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp38~0#1 := KbFilter_InternIoCtl_#t~nondet79#1;havoc KbFilter_InternIoCtl_#t~nondet79#1;havoc KbFilter_InternIoCtl_~__cil_tmp39~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp40~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet80#1 && KbFilter_InternIoCtl_#t~nondet80#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp41~0#1 := KbFilter_InternIoCtl_#t~nondet80#1;havoc KbFilter_InternIoCtl_#t~nondet80#1;havoc KbFilter_InternIoCtl_~__cil_tmp42~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp43~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet81#1 && KbFilter_InternIoCtl_#t~nondet81#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp44~0#1 := KbFilter_InternIoCtl_#t~nondet81#1;havoc KbFilter_InternIoCtl_#t~nondet81#1;havoc KbFilter_InternIoCtl_~__cil_tmp45~0#1;KbFilter_InternIoCtl_~status~3#1 := 0;KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1 := 0; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,461 INFO L290 TraceCheckUtils]: 14: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1 == KbFilter_InternIoCtl_~__cil_tmp20~0#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,461 INFO L290 TraceCheckUtils]: 15: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume 0 != KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1;KbFilter_InternIoCtl_~status~3#1 := -1073741757; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,462 INFO L290 TraceCheckUtils]: 16: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} assume KbFilter_InternIoCtl_~status~3#1 < 0;KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1 := KbFilter_InternIoCtl_~status~3#1;~myStatus~0 := KbFilter_InternIoCtl_~status~3#1; {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} is VALID [2022-02-21 00:02:07,462 INFO L272 TraceCheckUtils]: 17: Hoare triple {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} call IofCompleteRequest(KbFilter_InternIoCtl_~Irp#1, 0); {5258#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:07,463 INFO L290 TraceCheckUtils]: 18: Hoare triple {5258#(= ~s~0 |old(~s~0)|)} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {5250#true} is VALID [2022-02-21 00:02:07,463 INFO L290 TraceCheckUtils]: 19: Hoare triple {5250#true} assume ~s~0 == ~NP~0;~s~0 := ~DC~0; {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:07,463 INFO L290 TraceCheckUtils]: 20: Hoare triple {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} assume true; {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:07,464 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {5259#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} {5252#(and (not (= ~SKIP2~0 2)) (= 2 ~DC~0))} #743#return; {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,465 INFO L290 TraceCheckUtils]: 22: Hoare triple {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} KbFilter_InternIoCtl_#res#1 := KbFilter_InternIoCtl_~status~3#1; {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,466 INFO L290 TraceCheckUtils]: 23: Hoare triple {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} main_#t~ret35#1 := KbFilter_InternIoCtl_#res#1;assume { :end_inline_KbFilter_InternIoCtl } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~status~1#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,466 INFO L290 TraceCheckUtils]: 24: Hoare triple {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} assume !(1 == ~pended~0); {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,468 INFO L290 TraceCheckUtils]: 25: Hoare triple {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} assume !(1 == ~pended~0); {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,468 INFO L290 TraceCheckUtils]: 26: Hoare triple {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} assume ~s~0 != ~UNLOADED~0; {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,478 INFO L290 TraceCheckUtils]: 27: Hoare triple {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} assume -1 != main_~status~1#1; {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} is VALID [2022-02-21 00:02:07,479 INFO L290 TraceCheckUtils]: 28: Hoare triple {5257#(and (not (= ~SKIP2~0 2)) (= 2 ~s~0))} assume !(~s~0 != ~SKIP2~0); {5251#false} is VALID [2022-02-21 00:02:07,479 INFO L290 TraceCheckUtils]: 29: Hoare triple {5251#false} assume 1 == ~pended~0; {5251#false} is VALID [2022-02-21 00:02:07,479 INFO L290 TraceCheckUtils]: 30: Hoare triple {5251#false} assume 259 != main_~status~1#1; {5251#false} is VALID [2022-02-21 00:02:07,479 INFO L272 TraceCheckUtils]: 31: Hoare triple {5251#false} call errorFn(); {5251#false} is VALID [2022-02-21 00:02:07,479 INFO L290 TraceCheckUtils]: 32: Hoare triple {5251#false} assume !false; {5251#false} is VALID [2022-02-21 00:02:07,479 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:07,480 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:07,480 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [51278207] [2022-02-21 00:02:07,480 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [51278207] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:07,480 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:07,480 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-21 00:02:07,480 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1552553932] [2022-02-21 00:02:07,480 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:07,481 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 33 [2022-02-21 00:02:07,481 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:07,481 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:07,502 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 33 edges. 33 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:07,503 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-21 00:02:07,503 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:07,503 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-21 00:02:07,503 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:07,504 INFO L87 Difference]: Start difference. First operand 286 states and 403 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:08,307 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:08,307 INFO L93 Difference]: Finished difference Result 303 states and 422 transitions. [2022-02-21 00:02:08,307 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-21 00:02:08,308 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 33 [2022-02-21 00:02:08,308 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:08,308 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:08,310 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 301 transitions. [2022-02-21 00:02:08,310 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:08,313 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 301 transitions. [2022-02-21 00:02:08,313 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 301 transitions. [2022-02-21 00:02:08,515 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 301 edges. 301 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:08,520 INFO L225 Difference]: With dead ends: 303 [2022-02-21 00:02:08,520 INFO L226 Difference]: Without dead ends: 303 [2022-02-21 00:02:08,520 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-21 00:02:08,521 INFO L933 BasicCegarLoop]: 251 mSDtfsCounter, 318 mSDsluCounter, 561 mSDsCounter, 0 mSdLazyCounter, 210 mSolverCounterSat, 33 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 320 SdHoareTripleChecker+Valid, 812 SdHoareTripleChecker+Invalid, 243 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 33 IncrementalHoareTripleChecker+Valid, 210 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:08,521 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [320 Valid, 812 Invalid, 243 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [33 Valid, 210 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-21 00:02:08,522 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 303 states. [2022-02-21 00:02:08,525 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 303 to 296. [2022-02-21 00:02:08,526 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:08,526 INFO L82 GeneralOperation]: Start isEquivalent. First operand 303 states. Second operand has 296 states, 263 states have (on average 1.403041825095057) internal successors, (369), 261 states have internal predecessors, (369), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:08,527 INFO L74 IsIncluded]: Start isIncluded. First operand 303 states. Second operand has 296 states, 263 states have (on average 1.403041825095057) internal successors, (369), 261 states have internal predecessors, (369), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:08,527 INFO L87 Difference]: Start difference. First operand 303 states. Second operand has 296 states, 263 states have (on average 1.403041825095057) internal successors, (369), 261 states have internal predecessors, (369), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:08,532 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:08,533 INFO L93 Difference]: Finished difference Result 303 states and 422 transitions. [2022-02-21 00:02:08,533 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 422 transitions. [2022-02-21 00:02:08,533 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:08,533 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:08,534 INFO L74 IsIncluded]: Start isIncluded. First operand has 296 states, 263 states have (on average 1.403041825095057) internal successors, (369), 261 states have internal predecessors, (369), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 303 states. [2022-02-21 00:02:08,535 INFO L87 Difference]: Start difference. First operand has 296 states, 263 states have (on average 1.403041825095057) internal successors, (369), 261 states have internal predecessors, (369), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 303 states. [2022-02-21 00:02:08,540 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:08,540 INFO L93 Difference]: Finished difference Result 303 states and 422 transitions. [2022-02-21 00:02:08,540 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 422 transitions. [2022-02-21 00:02:08,541 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:08,541 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:08,541 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:08,541 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:08,542 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 296 states, 263 states have (on average 1.403041825095057) internal successors, (369), 261 states have internal predecessors, (369), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:08,547 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 296 states to 296 states and 415 transitions. [2022-02-21 00:02:08,547 INFO L78 Accepts]: Start accepts. Automaton has 296 states and 415 transitions. Word has length 33 [2022-02-21 00:02:08,547 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:08,548 INFO L470 AbstractCegarLoop]: Abstraction has 296 states and 415 transitions. [2022-02-21 00:02:08,548 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:08,548 INFO L276 IsEmpty]: Start isEmpty. Operand 296 states and 415 transitions. [2022-02-21 00:02:08,549 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-21 00:02:08,549 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:08,549 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:08,549 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-21 00:02:08,549 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:08,549 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:08,550 INFO L85 PathProgramCache]: Analyzing trace with hash 2121154083, now seen corresponding path program 1 times [2022-02-21 00:02:08,550 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:08,550 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1027223307] [2022-02-21 00:02:08,550 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:08,550 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:08,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:08,669 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:08,671 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:08,703 INFO L290 TraceCheckUtils]: 0: Hoare triple {6482#(= ~s~0 |old(~s~0)|)} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {6474#true} is VALID [2022-02-21 00:02:08,704 INFO L290 TraceCheckUtils]: 1: Hoare triple {6474#true} assume ~s~0 == ~NP~0;~s~0 := ~DC~0; {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:08,704 INFO L290 TraceCheckUtils]: 2: Hoare triple {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} assume true; {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:08,705 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} #743#return; {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,705 INFO L290 TraceCheckUtils]: 0: Hoare triple {6474#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {6474#true} is VALID [2022-02-21 00:02:08,706 INFO L290 TraceCheckUtils]: 1: Hoare triple {6474#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,706 INFO L290 TraceCheckUtils]: 2: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume { :end_inline__BLAST_init } true; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,707 INFO L290 TraceCheckUtils]: 3: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,707 INFO L290 TraceCheckUtils]: 4: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,708 INFO L290 TraceCheckUtils]: 5: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,708 INFO L290 TraceCheckUtils]: 6: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume { :end_inline_stub_driver_init } true; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,709 INFO L290 TraceCheckUtils]: 7: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,709 INFO L290 TraceCheckUtils]: 8: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,710 INFO L290 TraceCheckUtils]: 9: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,710 INFO L290 TraceCheckUtils]: 10: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume !(3 == main_~tmp_ndt_3~0#1);havoc main_~tmp_ndt_4~0#1;assume -2147483648 <= main_#t~nondet29#1 && main_#t~nondet29#1 <= 2147483647;main_~tmp_ndt_4~0#1 := main_#t~nondet29#1;havoc main_#t~nondet29#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,710 INFO L290 TraceCheckUtils]: 11: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume !(4 == main_~tmp_ndt_4~0#1);havoc main_~tmp_ndt_5~0#1;assume -2147483648 <= main_#t~nondet30#1 && main_#t~nondet30#1 <= 2147483647;main_~tmp_ndt_5~0#1 := main_#t~nondet30#1;havoc main_#t~nondet30#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,711 INFO L290 TraceCheckUtils]: 12: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume 8 == main_~tmp_ndt_5~0#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,712 INFO L290 TraceCheckUtils]: 13: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume { :begin_inline_KbFilter_InternIoCtl } true;KbFilter_InternIoCtl_#in~DeviceObject#1, KbFilter_InternIoCtl_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_InternIoCtl_#res#1;havoc KbFilter_InternIoCtl_#t~nondet65#1, KbFilter_InternIoCtl_#t~nondet66#1, KbFilter_InternIoCtl_#t~nondet67#1, KbFilter_InternIoCtl_#t~nondet68#1, KbFilter_InternIoCtl_#t~nondet69#1, KbFilter_InternIoCtl_#t~nondet70#1, KbFilter_InternIoCtl_#t~nondet71#1, KbFilter_InternIoCtl_#t~nondet72#1, KbFilter_InternIoCtl_#t~nondet73#1, KbFilter_InternIoCtl_#t~nondet74#1, KbFilter_InternIoCtl_#t~nondet75#1, KbFilter_InternIoCtl_#t~nondet76#1, KbFilter_InternIoCtl_#t~nondet77#1, KbFilter_InternIoCtl_#t~nondet78#1, KbFilter_InternIoCtl_#t~nondet79#1, KbFilter_InternIoCtl_#t~nondet80#1, KbFilter_InternIoCtl_#t~nondet81#1, KbFilter_InternIoCtl_#t~ret82#1, KbFilter_InternIoCtl_~DeviceObject#1, KbFilter_InternIoCtl_~Irp#1, KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1, KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__InputBufferLength~0#1, KbFilter_InternIoCtl_~sizeof__CONNECT_DATA~0#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__Type3InputBuffer~0#1, KbFilter_InternIoCtl_~sizeof__INTERNAL_I8042_HOOK_KEYBOARD~0#1, KbFilter_InternIoCtl_~hookKeyboard__InitializationRoutine~0#1, KbFilter_InternIoCtl_~hookKeyboard__IsrRoutine~0#1, KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1, KbFilter_InternIoCtl_~hookKeyboard~0#1, KbFilter_InternIoCtl_~connectData~0#1, KbFilter_InternIoCtl_~status~3#1, KbFilter_InternIoCtl_~tmp~3#1, KbFilter_InternIoCtl_~__cil_tmp17~0#1, KbFilter_InternIoCtl_~__cil_tmp18~0#1, KbFilter_InternIoCtl_~__cil_tmp19~0#1, KbFilter_InternIoCtl_~__cil_tmp20~0#1, KbFilter_InternIoCtl_~__cil_tmp21~0#1, KbFilter_InternIoCtl_~__cil_tmp22~0#1, KbFilter_InternIoCtl_~__cil_tmp23~1#1, KbFilter_InternIoCtl_~__cil_tmp24~0#1, KbFilter_InternIoCtl_~__cil_tmp25~0#1, KbFilter_InternIoCtl_~__cil_tmp26~0#1, KbFilter_InternIoCtl_~__cil_tmp27~0#1, KbFilter_InternIoCtl_~__cil_tmp28~0#1, KbFilter_InternIoCtl_~__cil_tmp29~0#1, KbFilter_InternIoCtl_~__cil_tmp30~0#1, KbFilter_InternIoCtl_~__cil_tmp31~0#1, KbFilter_InternIoCtl_~__cil_tmp32~0#1, KbFilter_InternIoCtl_~__cil_tmp33~0#1, KbFilter_InternIoCtl_~__cil_tmp34~0#1, KbFilter_InternIoCtl_~__cil_tmp35~0#1, KbFilter_InternIoCtl_~__cil_tmp36~0#1, KbFilter_InternIoCtl_~__cil_tmp37~0#1, KbFilter_InternIoCtl_~__cil_tmp38~0#1, KbFilter_InternIoCtl_~__cil_tmp39~0#1, KbFilter_InternIoCtl_~__cil_tmp40~0#1, KbFilter_InternIoCtl_~__cil_tmp41~0#1, KbFilter_InternIoCtl_~__cil_tmp42~0#1, KbFilter_InternIoCtl_~__cil_tmp43~0#1, KbFilter_InternIoCtl_~__cil_tmp44~0#1, KbFilter_InternIoCtl_~__cil_tmp45~0#1;KbFilter_InternIoCtl_~DeviceObject#1 := KbFilter_InternIoCtl_#in~DeviceObject#1;KbFilter_InternIoCtl_~Irp#1 := KbFilter_InternIoCtl_#in~Irp#1;havoc KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet65#1 && KbFilter_InternIoCtl_#t~nondet65#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1 := KbFilter_InternIoCtl_#t~nondet65#1;havoc KbFilter_InternIoCtl_#t~nondet65#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet66#1 && KbFilter_InternIoCtl_#t~nondet66#1 <= 2147483647;KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1 := KbFilter_InternIoCtl_#t~nondet66#1;havoc KbFilter_InternIoCtl_#t~nondet66#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet67#1 && KbFilter_InternIoCtl_#t~nondet67#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__InputBufferLength~0#1 := KbFilter_InternIoCtl_#t~nondet67#1;havoc KbFilter_InternIoCtl_#t~nondet67#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet68#1 && KbFilter_InternIoCtl_#t~nondet68#1 <= 2147483647;KbFilter_InternIoCtl_~sizeof__CONNECT_DATA~0#1 := KbFilter_InternIoCtl_#t~nondet68#1;havoc KbFilter_InternIoCtl_#t~nondet68#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet69#1 && KbFilter_InternIoCtl_#t~nondet69#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__Type3InputBuffer~0#1 := KbFilter_InternIoCtl_#t~nondet69#1;havoc KbFilter_InternIoCtl_#t~nondet69#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet70#1 && KbFilter_InternIoCtl_#t~nondet70#1 <= 2147483647;KbFilter_InternIoCtl_~sizeof__INTERNAL_I8042_HOOK_KEYBOARD~0#1 := KbFilter_InternIoCtl_#t~nondet70#1;havoc KbFilter_InternIoCtl_#t~nondet70#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet71#1 && KbFilter_InternIoCtl_#t~nondet71#1 <= 2147483647;KbFilter_InternIoCtl_~hookKeyboard__InitializationRoutine~0#1 := KbFilter_InternIoCtl_#t~nondet71#1;havoc KbFilter_InternIoCtl_#t~nondet71#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet72#1 && KbFilter_InternIoCtl_#t~nondet72#1 <= 2147483647;KbFilter_InternIoCtl_~hookKeyboard__IsrRoutine~0#1 := KbFilter_InternIoCtl_#t~nondet72#1;havoc KbFilter_InternIoCtl_#t~nondet72#1;havoc KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1;havoc KbFilter_InternIoCtl_~hookKeyboard~0#1;havoc KbFilter_InternIoCtl_~connectData~0#1;havoc KbFilter_InternIoCtl_~status~3#1;havoc KbFilter_InternIoCtl_~tmp~3#1;havoc KbFilter_InternIoCtl_~__cil_tmp17~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp18~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp19~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet73#1 && KbFilter_InternIoCtl_#t~nondet73#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp20~0#1 := KbFilter_InternIoCtl_#t~nondet73#1;havoc KbFilter_InternIoCtl_#t~nondet73#1;havoc KbFilter_InternIoCtl_~__cil_tmp21~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp22~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp23~1#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet74#1 && KbFilter_InternIoCtl_#t~nondet74#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp24~0#1 := KbFilter_InternIoCtl_#t~nondet74#1;havoc KbFilter_InternIoCtl_#t~nondet74#1;havoc KbFilter_InternIoCtl_~__cil_tmp25~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp26~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp27~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet75#1 && KbFilter_InternIoCtl_#t~nondet75#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp28~0#1 := KbFilter_InternIoCtl_#t~nondet75#1;havoc KbFilter_InternIoCtl_#t~nondet75#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet76#1 && KbFilter_InternIoCtl_#t~nondet76#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp29~0#1 := KbFilter_InternIoCtl_#t~nondet76#1;havoc KbFilter_InternIoCtl_#t~nondet76#1;havoc KbFilter_InternIoCtl_~__cil_tmp30~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp31~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet77#1 && KbFilter_InternIoCtl_#t~nondet77#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp32~0#1 := KbFilter_InternIoCtl_#t~nondet77#1;havoc KbFilter_InternIoCtl_#t~nondet77#1;havoc KbFilter_InternIoCtl_~__cil_tmp33~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp34~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet78#1 && KbFilter_InternIoCtl_#t~nondet78#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp35~0#1 := KbFilter_InternIoCtl_#t~nondet78#1;havoc KbFilter_InternIoCtl_#t~nondet78#1;havoc KbFilter_InternIoCtl_~__cil_tmp36~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp37~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet79#1 && KbFilter_InternIoCtl_#t~nondet79#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp38~0#1 := KbFilter_InternIoCtl_#t~nondet79#1;havoc KbFilter_InternIoCtl_#t~nondet79#1;havoc KbFilter_InternIoCtl_~__cil_tmp39~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp40~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet80#1 && KbFilter_InternIoCtl_#t~nondet80#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp41~0#1 := KbFilter_InternIoCtl_#t~nondet80#1;havoc KbFilter_InternIoCtl_#t~nondet80#1;havoc KbFilter_InternIoCtl_~__cil_tmp42~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp43~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet81#1 && KbFilter_InternIoCtl_#t~nondet81#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp44~0#1 := KbFilter_InternIoCtl_#t~nondet81#1;havoc KbFilter_InternIoCtl_#t~nondet81#1;havoc KbFilter_InternIoCtl_~__cil_tmp45~0#1;KbFilter_InternIoCtl_~status~3#1 := 0;KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1 := 0; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,712 INFO L290 TraceCheckUtils]: 14: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1 == KbFilter_InternIoCtl_~__cil_tmp20~0#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,713 INFO L290 TraceCheckUtils]: 15: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume 0 != KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1;KbFilter_InternIoCtl_~status~3#1 := -1073741757; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,713 INFO L290 TraceCheckUtils]: 16: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} assume KbFilter_InternIoCtl_~status~3#1 < 0;KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1 := KbFilter_InternIoCtl_~status~3#1;~myStatus~0 := KbFilter_InternIoCtl_~status~3#1; {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,714 INFO L272 TraceCheckUtils]: 17: Hoare triple {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} call IofCompleteRequest(KbFilter_InternIoCtl_~Irp#1, 0); {6482#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:08,714 INFO L290 TraceCheckUtils]: 18: Hoare triple {6482#(= ~s~0 |old(~s~0)|)} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {6474#true} is VALID [2022-02-21 00:02:08,714 INFO L290 TraceCheckUtils]: 19: Hoare triple {6474#true} assume ~s~0 == ~NP~0;~s~0 := ~DC~0; {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:08,715 INFO L290 TraceCheckUtils]: 20: Hoare triple {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} assume true; {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} is VALID [2022-02-21 00:02:08,715 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {6483#(and (or (not (<= ~s~0 1)) (<= ~DC~0 ~s~0)) (or (<= ~s~0 ~DC~0) (<= ~s~0 2)))} {6476#(and (= 2 ~DC~0) (not (= ~IPC~0 2)))} #743#return; {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,716 INFO L290 TraceCheckUtils]: 22: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} KbFilter_InternIoCtl_#res#1 := KbFilter_InternIoCtl_~status~3#1; {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,716 INFO L290 TraceCheckUtils]: 23: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} main_#t~ret35#1 := KbFilter_InternIoCtl_#res#1;assume { :end_inline_KbFilter_InternIoCtl } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~status~1#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,716 INFO L290 TraceCheckUtils]: 24: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} assume !(1 == ~pended~0); {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,717 INFO L290 TraceCheckUtils]: 25: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} assume !(1 == ~pended~0); {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,717 INFO L290 TraceCheckUtils]: 26: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} assume ~s~0 != ~UNLOADED~0; {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,718 INFO L290 TraceCheckUtils]: 27: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} assume -1 != main_~status~1#1; {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,718 INFO L290 TraceCheckUtils]: 28: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} assume ~s~0 != ~SKIP2~0; {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} is VALID [2022-02-21 00:02:08,718 INFO L290 TraceCheckUtils]: 29: Hoare triple {6481#(and (= 2 ~s~0) (not (= ~IPC~0 2)))} assume !(~s~0 != ~IPC~0); {6475#false} is VALID [2022-02-21 00:02:08,718 INFO L290 TraceCheckUtils]: 30: Hoare triple {6475#false} assume 1 == ~pended~0; {6475#false} is VALID [2022-02-21 00:02:08,718 INFO L290 TraceCheckUtils]: 31: Hoare triple {6475#false} assume 259 != main_~status~1#1; {6475#false} is VALID [2022-02-21 00:02:08,719 INFO L272 TraceCheckUtils]: 32: Hoare triple {6475#false} call errorFn(); {6475#false} is VALID [2022-02-21 00:02:08,719 INFO L290 TraceCheckUtils]: 33: Hoare triple {6475#false} assume !false; {6475#false} is VALID [2022-02-21 00:02:08,719 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:08,719 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:08,719 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1027223307] [2022-02-21 00:02:08,720 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1027223307] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:08,720 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:08,720 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-21 00:02:08,720 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1723295060] [2022-02-21 00:02:08,720 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:08,720 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-21 00:02:08,721 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:08,721 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:08,740 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:08,740 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-21 00:02:08,740 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:08,741 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-21 00:02:08,741 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:08,741 INFO L87 Difference]: Start difference. First operand 296 states and 415 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:09,360 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:09,360 INFO L93 Difference]: Finished difference Result 303 states and 421 transitions. [2022-02-21 00:02:09,360 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-21 00:02:09,361 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-21 00:02:09,361 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:09,361 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:09,363 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 300 transitions. [2022-02-21 00:02:09,363 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:09,364 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 300 transitions. [2022-02-21 00:02:09,365 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 300 transitions. [2022-02-21 00:02:09,564 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 300 edges. 300 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:09,572 INFO L225 Difference]: With dead ends: 303 [2022-02-21 00:02:09,573 INFO L226 Difference]: Without dead ends: 303 [2022-02-21 00:02:09,573 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-21 00:02:09,573 INFO L933 BasicCegarLoop]: 252 mSDtfsCounter, 327 mSDsluCounter, 373 mSDsCounter, 0 mSdLazyCounter, 138 mSolverCounterSat, 36 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 329 SdHoareTripleChecker+Valid, 625 SdHoareTripleChecker+Invalid, 174 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 36 IncrementalHoareTripleChecker+Valid, 138 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:09,574 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [329 Valid, 625 Invalid, 174 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [36 Valid, 138 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:09,574 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 303 states. [2022-02-21 00:02:09,579 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 303 to 297. [2022-02-21 00:02:09,579 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:09,580 INFO L82 GeneralOperation]: Start isEquivalent. First operand 303 states. Second operand has 297 states, 264 states have (on average 1.4015151515151516) internal successors, (370), 262 states have internal predecessors, (370), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:09,581 INFO L74 IsIncluded]: Start isIncluded. First operand 303 states. Second operand has 297 states, 264 states have (on average 1.4015151515151516) internal successors, (370), 262 states have internal predecessors, (370), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:09,581 INFO L87 Difference]: Start difference. First operand 303 states. Second operand has 297 states, 264 states have (on average 1.4015151515151516) internal successors, (370), 262 states have internal predecessors, (370), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:09,591 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:09,592 INFO L93 Difference]: Finished difference Result 303 states and 421 transitions. [2022-02-21 00:02:09,592 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 421 transitions. [2022-02-21 00:02:09,593 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:09,593 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:09,594 INFO L74 IsIncluded]: Start isIncluded. First operand has 297 states, 264 states have (on average 1.4015151515151516) internal successors, (370), 262 states have internal predecessors, (370), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 303 states. [2022-02-21 00:02:09,595 INFO L87 Difference]: Start difference. First operand has 297 states, 264 states have (on average 1.4015151515151516) internal successors, (370), 262 states have internal predecessors, (370), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) Second operand 303 states. [2022-02-21 00:02:09,601 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:09,601 INFO L93 Difference]: Finished difference Result 303 states and 421 transitions. [2022-02-21 00:02:09,601 INFO L276 IsEmpty]: Start isEmpty. Operand 303 states and 421 transitions. [2022-02-21 00:02:09,602 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:09,602 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:09,602 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:09,602 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:09,603 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 297 states, 264 states have (on average 1.4015151515151516) internal successors, (370), 262 states have internal predecessors, (370), 20 states have call successors, (20), 11 states have call predecessors, (20), 12 states have return successors, (26), 23 states have call predecessors, (26), 16 states have call successors, (26) [2022-02-21 00:02:09,608 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 297 states to 297 states and 416 transitions. [2022-02-21 00:02:09,608 INFO L78 Accepts]: Start accepts. Automaton has 297 states and 416 transitions. Word has length 34 [2022-02-21 00:02:09,609 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:09,609 INFO L470 AbstractCegarLoop]: Abstraction has 297 states and 416 transitions. [2022-02-21 00:02:09,609 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:09,609 INFO L276 IsEmpty]: Start isEmpty. Operand 297 states and 416 transitions. [2022-02-21 00:02:09,612 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-21 00:02:09,612 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:09,612 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:09,612 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-21 00:02:09,612 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:09,613 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:09,613 INFO L85 PathProgramCache]: Analyzing trace with hash -1780979361, now seen corresponding path program 1 times [2022-02-21 00:02:09,613 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:09,613 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1347821203] [2022-02-21 00:02:09,613 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:09,613 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:09,634 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:09,656 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:09,661 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:09,673 INFO L290 TraceCheckUtils]: 0: Hoare triple {7711#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {7699#true} is VALID [2022-02-21 00:02:09,674 INFO L290 TraceCheckUtils]: 1: Hoare triple {7699#true} assume !(0 != ~compRegistered~0); {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,674 INFO L290 TraceCheckUtils]: 2: Hoare triple {7712#(<= ~compRegistered~0 0)} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,675 INFO L290 TraceCheckUtils]: 3: Hoare triple {7712#(<= ~compRegistered~0 0)} assume 0 == ~tmp_ndt_6~0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,675 INFO L290 TraceCheckUtils]: 4: Hoare triple {7712#(<= ~compRegistered~0 0)} ~returnVal2~0 := 0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,675 INFO L290 TraceCheckUtils]: 5: Hoare triple {7712#(<= ~compRegistered~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,675 INFO L290 TraceCheckUtils]: 6: Hoare triple {7712#(<= ~compRegistered~0 0)} #res := ~returnVal2~0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,676 INFO L290 TraceCheckUtils]: 7: Hoare triple {7712#(<= ~compRegistered~0 0)} assume true; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,677 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {7712#(<= ~compRegistered~0 0)} {7701#(= ~compRegistered~0 1)} #717#return; {7700#false} is VALID [2022-02-21 00:02:09,677 INFO L290 TraceCheckUtils]: 0: Hoare triple {7699#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {7699#true} is VALID [2022-02-21 00:02:09,677 INFO L290 TraceCheckUtils]: 1: Hoare triple {7699#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {7699#true} is VALID [2022-02-21 00:02:09,677 INFO L290 TraceCheckUtils]: 2: Hoare triple {7699#true} assume { :end_inline__BLAST_init } true; {7699#true} is VALID [2022-02-21 00:02:09,677 INFO L290 TraceCheckUtils]: 3: Hoare triple {7699#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {7699#true} is VALID [2022-02-21 00:02:09,677 INFO L290 TraceCheckUtils]: 4: Hoare triple {7699#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {7699#true} is VALID [2022-02-21 00:02:09,678 INFO L290 TraceCheckUtils]: 5: Hoare triple {7699#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {7699#true} is VALID [2022-02-21 00:02:09,678 INFO L290 TraceCheckUtils]: 6: Hoare triple {7699#true} assume { :end_inline_stub_driver_init } true; {7699#true} is VALID [2022-02-21 00:02:09,678 INFO L290 TraceCheckUtils]: 7: Hoare triple {7699#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {7699#true} is VALID [2022-02-21 00:02:09,678 INFO L290 TraceCheckUtils]: 8: Hoare triple {7699#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {7699#true} is VALID [2022-02-21 00:02:09,678 INFO L290 TraceCheckUtils]: 9: Hoare triple {7699#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {7699#true} is VALID [2022-02-21 00:02:09,678 INFO L290 TraceCheckUtils]: 10: Hoare triple {7699#true} assume 3 == main_~tmp_ndt_3~0#1; {7699#true} is VALID [2022-02-21 00:02:09,679 INFO L290 TraceCheckUtils]: 11: Hoare triple {7699#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {7699#true} is VALID [2022-02-21 00:02:09,679 INFO L290 TraceCheckUtils]: 12: Hoare triple {7699#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {7699#true} is VALID [2022-02-21 00:02:09,679 INFO L290 TraceCheckUtils]: 13: Hoare triple {7699#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {7699#true} is VALID [2022-02-21 00:02:09,679 INFO L290 TraceCheckUtils]: 14: Hoare triple {7699#true} assume !(~s~0 != ~NP~0); {7699#true} is VALID [2022-02-21 00:02:09,679 INFO L290 TraceCheckUtils]: 15: Hoare triple {7699#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {7701#(= ~compRegistered~0 1)} is VALID [2022-02-21 00:02:09,695 INFO L290 TraceCheckUtils]: 16: Hoare triple {7701#(= ~compRegistered~0 1)} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {7701#(= ~compRegistered~0 1)} is VALID [2022-02-21 00:02:09,696 INFO L272 TraceCheckUtils]: 17: Hoare triple {7701#(= ~compRegistered~0 1)} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {7711#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:09,696 INFO L290 TraceCheckUtils]: 18: Hoare triple {7711#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {7699#true} is VALID [2022-02-21 00:02:09,697 INFO L290 TraceCheckUtils]: 19: Hoare triple {7699#true} assume !(0 != ~compRegistered~0); {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,697 INFO L290 TraceCheckUtils]: 20: Hoare triple {7712#(<= ~compRegistered~0 0)} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,697 INFO L290 TraceCheckUtils]: 21: Hoare triple {7712#(<= ~compRegistered~0 0)} assume 0 == ~tmp_ndt_6~0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,697 INFO L290 TraceCheckUtils]: 22: Hoare triple {7712#(<= ~compRegistered~0 0)} ~returnVal2~0 := 0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,698 INFO L290 TraceCheckUtils]: 23: Hoare triple {7712#(<= ~compRegistered~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,698 INFO L290 TraceCheckUtils]: 24: Hoare triple {7712#(<= ~compRegistered~0 0)} #res := ~returnVal2~0; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,698 INFO L290 TraceCheckUtils]: 25: Hoare triple {7712#(<= ~compRegistered~0 0)} assume true; {7712#(<= ~compRegistered~0 0)} is VALID [2022-02-21 00:02:09,699 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {7712#(<= ~compRegistered~0 0)} {7701#(= ~compRegistered~0 1)} #717#return; {7700#false} is VALID [2022-02-21 00:02:09,699 INFO L290 TraceCheckUtils]: 27: Hoare triple {7700#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {7700#false} is VALID [2022-02-21 00:02:09,699 INFO L290 TraceCheckUtils]: 28: Hoare triple {7700#false} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet41#1, KeWaitForSingleObject_~tmp_ndt_8~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {7700#false} is VALID [2022-02-21 00:02:09,699 INFO L290 TraceCheckUtils]: 29: Hoare triple {7700#false} assume !(~s~0 == ~MPR3~0); {7700#false} is VALID [2022-02-21 00:02:09,700 INFO L290 TraceCheckUtils]: 30: Hoare triple {7700#false} assume !(1 == ~customIrp~0); {7700#false} is VALID [2022-02-21 00:02:09,700 INFO L290 TraceCheckUtils]: 31: Hoare triple {7700#false} assume ~s~0 == ~MPR3~0; {7700#false} is VALID [2022-02-21 00:02:09,700 INFO L272 TraceCheckUtils]: 32: Hoare triple {7700#false} call errorFn(); {7700#false} is VALID [2022-02-21 00:02:09,700 INFO L290 TraceCheckUtils]: 33: Hoare triple {7700#false} assume !false; {7700#false} is VALID [2022-02-21 00:02:09,700 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:09,700 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:09,700 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1347821203] [2022-02-21 00:02:09,700 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1347821203] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:09,700 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:09,700 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-21 00:02:09,700 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [514220038] [2022-02-21 00:02:09,700 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:09,701 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 4 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-21 00:02:09,701 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:09,701 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.2) internal successors, (31), 4 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:09,724 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:09,724 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-21 00:02:09,724 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:09,724 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-21 00:02:09,724 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-21 00:02:09,725 INFO L87 Difference]: Start difference. First operand 297 states and 416 transitions. Second operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 4 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:10,356 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:10,357 INFO L93 Difference]: Finished difference Result 278 states and 380 transitions. [2022-02-21 00:02:10,357 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-21 00:02:10,358 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 4 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-21 00:02:10,358 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:10,358 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 4 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:10,360 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 305 transitions. [2022-02-21 00:02:10,360 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 4 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:10,363 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 305 transitions. [2022-02-21 00:02:10,364 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 305 transitions. [2022-02-21 00:02:10,567 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 305 edges. 305 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:10,571 INFO L225 Difference]: With dead ends: 278 [2022-02-21 00:02:10,571 INFO L226 Difference]: Without dead ends: 278 [2022-02-21 00:02:10,572 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-02-21 00:02:10,572 INFO L933 BasicCegarLoop]: 288 mSDtfsCounter, 313 mSDsluCounter, 443 mSDsCounter, 0 mSdLazyCounter, 133 mSolverCounterSat, 30 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 313 SdHoareTripleChecker+Valid, 731 SdHoareTripleChecker+Invalid, 163 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 30 IncrementalHoareTripleChecker+Valid, 133 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:10,572 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [313 Valid, 731 Invalid, 163 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [30 Valid, 133 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:10,573 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 278 states. [2022-02-21 00:02:10,576 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 278 to 264. [2022-02-21 00:02:10,576 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:10,577 INFO L82 GeneralOperation]: Start isEquivalent. First operand 278 states. Second operand has 264 states, 233 states have (on average 1.390557939914163) internal successors, (324), 231 states have internal predecessors, (324), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:10,577 INFO L74 IsIncluded]: Start isIncluded. First operand 278 states. Second operand has 264 states, 233 states have (on average 1.390557939914163) internal successors, (324), 231 states have internal predecessors, (324), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:10,578 INFO L87 Difference]: Start difference. First operand 278 states. Second operand has 264 states, 233 states have (on average 1.390557939914163) internal successors, (324), 231 states have internal predecessors, (324), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:10,583 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:10,583 INFO L93 Difference]: Finished difference Result 278 states and 380 transitions. [2022-02-21 00:02:10,583 INFO L276 IsEmpty]: Start isEmpty. Operand 278 states and 380 transitions. [2022-02-21 00:02:10,583 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:10,584 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:10,585 INFO L74 IsIncluded]: Start isIncluded. First operand has 264 states, 233 states have (on average 1.390557939914163) internal successors, (324), 231 states have internal predecessors, (324), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) Second operand 278 states. [2022-02-21 00:02:10,585 INFO L87 Difference]: Start difference. First operand has 264 states, 233 states have (on average 1.390557939914163) internal successors, (324), 231 states have internal predecessors, (324), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) Second operand 278 states. [2022-02-21 00:02:10,590 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:10,590 INFO L93 Difference]: Finished difference Result 278 states and 380 transitions. [2022-02-21 00:02:10,590 INFO L276 IsEmpty]: Start isEmpty. Operand 278 states and 380 transitions. [2022-02-21 00:02:10,590 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:10,591 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:10,591 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:10,591 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:10,591 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 264 states, 233 states have (on average 1.390557939914163) internal successors, (324), 231 states have internal predecessors, (324), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:10,595 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 264 states to 264 states and 365 transitions. [2022-02-21 00:02:10,596 INFO L78 Accepts]: Start accepts. Automaton has 264 states and 365 transitions. Word has length 34 [2022-02-21 00:02:10,596 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:10,596 INFO L470 AbstractCegarLoop]: Abstraction has 264 states and 365 transitions. [2022-02-21 00:02:10,596 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 4 states have internal predecessors, (31), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:10,596 INFO L276 IsEmpty]: Start isEmpty. Operand 264 states and 365 transitions. [2022-02-21 00:02:10,597 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-21 00:02:10,597 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:10,597 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:10,597 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-21 00:02:10,597 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:10,598 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:10,598 INFO L85 PathProgramCache]: Analyzing trace with hash -2069817079, now seen corresponding path program 1 times [2022-02-21 00:02:10,598 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:10,598 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [943837261] [2022-02-21 00:02:10,598 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:10,598 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:10,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:10,627 INFO L290 TraceCheckUtils]: 0: Hoare triple {8819#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {8819#true} is VALID [2022-02-21 00:02:10,628 INFO L290 TraceCheckUtils]: 1: Hoare triple {8819#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,628 INFO L290 TraceCheckUtils]: 2: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume { :end_inline__BLAST_init } true; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,629 INFO L290 TraceCheckUtils]: 3: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,629 INFO L290 TraceCheckUtils]: 4: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,629 INFO L290 TraceCheckUtils]: 5: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,629 INFO L290 TraceCheckUtils]: 6: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume { :end_inline_stub_driver_init } true; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,630 INFO L290 TraceCheckUtils]: 7: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,630 INFO L290 TraceCheckUtils]: 8: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,630 INFO L290 TraceCheckUtils]: 9: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,630 INFO L290 TraceCheckUtils]: 10: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume !(3 == main_~tmp_ndt_3~0#1);havoc main_~tmp_ndt_4~0#1;assume -2147483648 <= main_#t~nondet29#1 && main_#t~nondet29#1 <= 2147483647;main_~tmp_ndt_4~0#1 := main_#t~nondet29#1;havoc main_#t~nondet29#1; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,631 INFO L290 TraceCheckUtils]: 11: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume 4 == main_~tmp_ndt_4~0#1; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,631 INFO L290 TraceCheckUtils]: 12: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume { :begin_inline_KbFilter_Power } true;KbFilter_Power_#in~DeviceObject#1, KbFilter_Power_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_Power_#res#1;havoc KbFilter_Power_#t~nondet52#1, KbFilter_Power_#t~nondet53#1, KbFilter_Power_#t~nondet54#1, KbFilter_Power_#t~nondet55#1, KbFilter_Power_#t~nondet56#1, KbFilter_Power_#t~nondet57#1, KbFilter_Power_#t~post58#1, KbFilter_Power_#t~post59#1, KbFilter_Power_#t~ret60#1, KbFilter_Power_~DeviceObject#1, KbFilter_Power_~Irp#1, KbFilter_Power_~irpStack__MinorFunction~1#1, KbFilter_Power_~devExt__DeviceState~0#1, KbFilter_Power_~powerState__DeviceState~0#1, KbFilter_Power_~Irp__CurrentLocation~2#1, KbFilter_Power_~Irp__Tail__Overlay__CurrentStackLocation~2#1, KbFilter_Power_~devExt__TopOfStack~1#1, KbFilter_Power_~powerType~0#1, KbFilter_Power_~tmp~2#1;KbFilter_Power_~DeviceObject#1 := KbFilter_Power_#in~DeviceObject#1;KbFilter_Power_~Irp#1 := KbFilter_Power_#in~Irp#1;assume -2147483648 <= KbFilter_Power_#t~nondet52#1 && KbFilter_Power_#t~nondet52#1 <= 2147483647;KbFilter_Power_~irpStack__MinorFunction~1#1 := KbFilter_Power_#t~nondet52#1;havoc KbFilter_Power_#t~nondet52#1;havoc KbFilter_Power_~devExt__DeviceState~0#1;assume -2147483648 <= KbFilter_Power_#t~nondet53#1 && KbFilter_Power_#t~nondet53#1 <= 2147483647;KbFilter_Power_~powerState__DeviceState~0#1 := KbFilter_Power_#t~nondet53#1;havoc KbFilter_Power_#t~nondet53#1;assume -2147483648 <= KbFilter_Power_#t~nondet54#1 && KbFilter_Power_#t~nondet54#1 <= 2147483647;KbFilter_Power_~Irp__CurrentLocation~2#1 := KbFilter_Power_#t~nondet54#1;havoc KbFilter_Power_#t~nondet54#1;assume -2147483648 <= KbFilter_Power_#t~nondet55#1 && KbFilter_Power_#t~nondet55#1 <= 2147483647;KbFilter_Power_~Irp__Tail__Overlay__CurrentStackLocation~2#1 := KbFilter_Power_#t~nondet55#1;havoc KbFilter_Power_#t~nondet55#1;assume -2147483648 <= KbFilter_Power_#t~nondet56#1 && KbFilter_Power_#t~nondet56#1 <= 2147483647;KbFilter_Power_~devExt__TopOfStack~1#1 := KbFilter_Power_#t~nondet56#1;havoc KbFilter_Power_#t~nondet56#1;assume -2147483648 <= KbFilter_Power_#t~nondet57#1 && KbFilter_Power_#t~nondet57#1 <= 2147483647;KbFilter_Power_~powerType~0#1 := KbFilter_Power_#t~nondet57#1;havoc KbFilter_Power_#t~nondet57#1;havoc KbFilter_Power_~tmp~2#1; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,631 INFO L290 TraceCheckUtils]: 13: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume 2 == KbFilter_Power_~irpStack__MinorFunction~1#1; {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,632 INFO L290 TraceCheckUtils]: 14: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume !(KbFilter_Power_~powerType~0#1 == ~DevicePowerState~0); {8821#(not (= ~SKIP1~0 ~NP~0))} is VALID [2022-02-21 00:02:10,632 INFO L290 TraceCheckUtils]: 15: Hoare triple {8821#(not (= ~SKIP1~0 ~NP~0))} assume ~s~0 == ~NP~0;~s~0 := ~SKIP1~0; {8822#(not (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:10,632 INFO L290 TraceCheckUtils]: 16: Hoare triple {8822#(not (= ~s~0 ~NP~0))} KbFilter_Power_#t~post58#1 := KbFilter_Power_~Irp__CurrentLocation~2#1;KbFilter_Power_~Irp__CurrentLocation~2#1 := 1 + KbFilter_Power_#t~post58#1;havoc KbFilter_Power_#t~post58#1;KbFilter_Power_#t~post59#1 := KbFilter_Power_~Irp__Tail__Overlay__CurrentStackLocation~2#1;KbFilter_Power_~Irp__Tail__Overlay__CurrentStackLocation~2#1 := 1 + KbFilter_Power_#t~post59#1;havoc KbFilter_Power_#t~post59#1;assume { :begin_inline_PoCallDriver } true;PoCallDriver_#in~DeviceObject#1, PoCallDriver_#in~Irp#1 := KbFilter_Power_~devExt__TopOfStack~1#1, KbFilter_Power_~Irp#1;havoc PoCallDriver_#res#1;havoc PoCallDriver_#t~nondet61#1, PoCallDriver_#t~ret62#1, PoCallDriver_#t~nondet63#1, PoCallDriver_#t~nondet64#1, PoCallDriver_~tmp_ndt_10~0#1, PoCallDriver_~tmp_ndt_9~0#1, PoCallDriver_~DeviceObject#1, PoCallDriver_~Irp#1, PoCallDriver_~compRetStatus~1#1, PoCallDriver_~returnVal~0#1, PoCallDriver_~lcontext~1#1, PoCallDriver_~__cil_tmp7~1#1, PoCallDriver_~__cil_tmp8~1#1;PoCallDriver_~DeviceObject#1 := PoCallDriver_#in~DeviceObject#1;PoCallDriver_~Irp#1 := PoCallDriver_#in~Irp#1;havoc PoCallDriver_~compRetStatus~1#1;havoc PoCallDriver_~returnVal~0#1;assume -2147483648 <= PoCallDriver_#t~nondet61#1 && PoCallDriver_#t~nondet61#1 <= 2147483647;PoCallDriver_~lcontext~1#1 := PoCallDriver_#t~nondet61#1;havoc PoCallDriver_#t~nondet61#1;havoc PoCallDriver_~__cil_tmp7~1#1;havoc PoCallDriver_~__cil_tmp8~1#1; {8822#(not (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:10,633 INFO L290 TraceCheckUtils]: 17: Hoare triple {8822#(not (= ~s~0 ~NP~0))} assume !(0 != ~compRegistered~0); {8822#(not (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:10,633 INFO L290 TraceCheckUtils]: 18: Hoare triple {8822#(not (= ~s~0 ~NP~0))} havoc PoCallDriver_~tmp_ndt_9~0#1;assume -2147483648 <= PoCallDriver_#t~nondet63#1 && PoCallDriver_#t~nondet63#1 <= 2147483647;PoCallDriver_~tmp_ndt_9~0#1 := PoCallDriver_#t~nondet63#1;havoc PoCallDriver_#t~nondet63#1; {8822#(not (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:10,633 INFO L290 TraceCheckUtils]: 19: Hoare triple {8822#(not (= ~s~0 ~NP~0))} assume 0 == PoCallDriver_~tmp_ndt_9~0#1; {8822#(not (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:10,633 INFO L290 TraceCheckUtils]: 20: Hoare triple {8822#(not (= ~s~0 ~NP~0))} PoCallDriver_~returnVal~0#1 := 0; {8822#(not (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:10,635 INFO L290 TraceCheckUtils]: 21: Hoare triple {8822#(not (= ~s~0 ~NP~0))} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := PoCallDriver_~returnVal~0#1; {8820#false} is VALID [2022-02-21 00:02:10,635 INFO L290 TraceCheckUtils]: 22: Hoare triple {8820#false} PoCallDriver_#res#1 := PoCallDriver_~returnVal~0#1; {8820#false} is VALID [2022-02-21 00:02:10,635 INFO L290 TraceCheckUtils]: 23: Hoare triple {8820#false} KbFilter_Power_#t~ret60#1 := PoCallDriver_#res#1;assume { :end_inline_PoCallDriver } true;assume -2147483648 <= KbFilter_Power_#t~ret60#1 && KbFilter_Power_#t~ret60#1 <= 2147483647;KbFilter_Power_~tmp~2#1 := KbFilter_Power_#t~ret60#1;havoc KbFilter_Power_#t~ret60#1;KbFilter_Power_#res#1 := KbFilter_Power_~tmp~2#1; {8820#false} is VALID [2022-02-21 00:02:10,635 INFO L290 TraceCheckUtils]: 24: Hoare triple {8820#false} main_#t~ret34#1 := KbFilter_Power_#res#1;assume { :end_inline_KbFilter_Power } true;assume -2147483648 <= main_#t~ret34#1 && main_#t~ret34#1 <= 2147483647;main_~status~1#1 := main_#t~ret34#1;havoc main_#t~ret34#1; {8820#false} is VALID [2022-02-21 00:02:10,635 INFO L290 TraceCheckUtils]: 25: Hoare triple {8820#false} assume !(1 == ~pended~0); {8820#false} is VALID [2022-02-21 00:02:10,635 INFO L290 TraceCheckUtils]: 26: Hoare triple {8820#false} assume !(1 == ~pended~0); {8820#false} is VALID [2022-02-21 00:02:10,635 INFO L290 TraceCheckUtils]: 27: Hoare triple {8820#false} assume ~s~0 != ~UNLOADED~0; {8820#false} is VALID [2022-02-21 00:02:10,636 INFO L290 TraceCheckUtils]: 28: Hoare triple {8820#false} assume -1 != main_~status~1#1; {8820#false} is VALID [2022-02-21 00:02:10,636 INFO L290 TraceCheckUtils]: 29: Hoare triple {8820#false} assume !(~s~0 != ~SKIP2~0); {8820#false} is VALID [2022-02-21 00:02:10,636 INFO L290 TraceCheckUtils]: 30: Hoare triple {8820#false} assume 1 == ~pended~0; {8820#false} is VALID [2022-02-21 00:02:10,636 INFO L290 TraceCheckUtils]: 31: Hoare triple {8820#false} assume 259 != main_~status~1#1; {8820#false} is VALID [2022-02-21 00:02:10,636 INFO L272 TraceCheckUtils]: 32: Hoare triple {8820#false} call errorFn(); {8820#false} is VALID [2022-02-21 00:02:10,636 INFO L290 TraceCheckUtils]: 33: Hoare triple {8820#false} assume !false; {8820#false} is VALID [2022-02-21 00:02:10,636 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:10,636 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:10,637 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [943837261] [2022-02-21 00:02:10,637 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [943837261] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:10,637 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:10,637 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-21 00:02:10,637 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [762023434] [2022-02-21 00:02:10,637 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:10,637 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.25) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 34 [2022-02-21 00:02:10,638 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:10,638 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 8.25) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:10,654 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:10,655 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-21 00:02:10,655 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:10,655 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-21 00:02:10,655 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-21 00:02:10,655 INFO L87 Difference]: Start difference. First operand 264 states and 365 transitions. Second operand has 4 states, 4 states have (on average 8.25) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:10,973 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:10,973 INFO L93 Difference]: Finished difference Result 282 states and 384 transitions. [2022-02-21 00:02:10,973 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-21 00:02:10,973 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.25) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 34 [2022-02-21 00:02:10,974 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:10,974 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.25) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:10,976 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 291 transitions. [2022-02-21 00:02:10,976 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.25) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:10,977 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 291 transitions. [2022-02-21 00:02:10,977 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 291 transitions. [2022-02-21 00:02:11,161 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 291 edges. 291 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:11,164 INFO L225 Difference]: With dead ends: 282 [2022-02-21 00:02:11,164 INFO L226 Difference]: Without dead ends: 282 [2022-02-21 00:02:11,165 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-21 00:02:11,165 INFO L933 BasicCegarLoop]: 243 mSDtfsCounter, 289 mSDsluCounter, 178 mSDsCounter, 0 mSdLazyCounter, 88 mSolverCounterSat, 26 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 289 SdHoareTripleChecker+Valid, 421 SdHoareTripleChecker+Invalid, 114 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 26 IncrementalHoareTripleChecker+Valid, 88 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:11,165 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [289 Valid, 421 Invalid, 114 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [26 Valid, 88 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:11,169 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 282 states. [2022-02-21 00:02:11,176 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 282 to 264. [2022-02-21 00:02:11,176 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:11,176 INFO L82 GeneralOperation]: Start isEquivalent. First operand 282 states. Second operand has 264 states, 233 states have (on average 1.3819742489270386) internal successors, (322), 231 states have internal predecessors, (322), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:11,177 INFO L74 IsIncluded]: Start isIncluded. First operand 282 states. Second operand has 264 states, 233 states have (on average 1.3819742489270386) internal successors, (322), 231 states have internal predecessors, (322), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:11,179 INFO L87 Difference]: Start difference. First operand 282 states. Second operand has 264 states, 233 states have (on average 1.3819742489270386) internal successors, (322), 231 states have internal predecessors, (322), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:11,186 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:11,187 INFO L93 Difference]: Finished difference Result 282 states and 384 transitions. [2022-02-21 00:02:11,187 INFO L276 IsEmpty]: Start isEmpty. Operand 282 states and 384 transitions. [2022-02-21 00:02:11,187 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:11,188 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:11,189 INFO L74 IsIncluded]: Start isIncluded. First operand has 264 states, 233 states have (on average 1.3819742489270386) internal successors, (322), 231 states have internal predecessors, (322), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) Second operand 282 states. [2022-02-21 00:02:11,190 INFO L87 Difference]: Start difference. First operand has 264 states, 233 states have (on average 1.3819742489270386) internal successors, (322), 231 states have internal predecessors, (322), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) Second operand 282 states. [2022-02-21 00:02:11,195 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:11,195 INFO L93 Difference]: Finished difference Result 282 states and 384 transitions. [2022-02-21 00:02:11,195 INFO L276 IsEmpty]: Start isEmpty. Operand 282 states and 384 transitions. [2022-02-21 00:02:11,196 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:11,196 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:11,196 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:11,196 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:11,196 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 264 states, 233 states have (on average 1.3819742489270386) internal successors, (322), 231 states have internal predecessors, (322), 18 states have call successors, (18), 10 states have call predecessors, (18), 12 states have return successors, (23), 22 states have call predecessors, (23), 14 states have call successors, (23) [2022-02-21 00:02:11,200 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 264 states to 264 states and 363 transitions. [2022-02-21 00:02:11,200 INFO L78 Accepts]: Start accepts. Automaton has 264 states and 363 transitions. Word has length 34 [2022-02-21 00:02:11,200 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:11,200 INFO L470 AbstractCegarLoop]: Abstraction has 264 states and 363 transitions. [2022-02-21 00:02:11,201 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 8.25) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:11,201 INFO L276 IsEmpty]: Start isEmpty. Operand 264 states and 363 transitions. [2022-02-21 00:02:11,202 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-02-21 00:02:11,202 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:11,202 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:11,202 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-21 00:02:11,202 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:11,203 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:11,203 INFO L85 PathProgramCache]: Analyzing trace with hash 1120484039, now seen corresponding path program 1 times [2022-02-21 00:02:11,203 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:11,203 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [61668546] [2022-02-21 00:02:11,203 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:11,203 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:11,239 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:11,258 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:11,260 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:11,263 INFO L290 TraceCheckUtils]: 0: Hoare triple {9944#(= ~s~0 |old(~s~0)|)} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {9937#true} is VALID [2022-02-21 00:02:11,267 INFO L290 TraceCheckUtils]: 1: Hoare triple {9937#true} assume ~s~0 == ~NP~0;~s~0 := ~DC~0; {9937#true} is VALID [2022-02-21 00:02:11,267 INFO L290 TraceCheckUtils]: 2: Hoare triple {9937#true} assume true; {9937#true} is VALID [2022-02-21 00:02:11,268 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {9937#true} {9937#true} #743#return; {9937#true} is VALID [2022-02-21 00:02:11,270 INFO L290 TraceCheckUtils]: 0: Hoare triple {9937#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {9937#true} is VALID [2022-02-21 00:02:11,272 INFO L290 TraceCheckUtils]: 1: Hoare triple {9937#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {9937#true} is VALID [2022-02-21 00:02:11,273 INFO L290 TraceCheckUtils]: 2: Hoare triple {9937#true} assume { :end_inline__BLAST_init } true; {9937#true} is VALID [2022-02-21 00:02:11,274 INFO L290 TraceCheckUtils]: 3: Hoare triple {9937#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {9937#true} is VALID [2022-02-21 00:02:11,274 INFO L290 TraceCheckUtils]: 4: Hoare triple {9937#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {9937#true} is VALID [2022-02-21 00:02:11,274 INFO L290 TraceCheckUtils]: 5: Hoare triple {9937#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {9937#true} is VALID [2022-02-21 00:02:11,274 INFO L290 TraceCheckUtils]: 6: Hoare triple {9937#true} assume { :end_inline_stub_driver_init } true; {9937#true} is VALID [2022-02-21 00:02:11,275 INFO L290 TraceCheckUtils]: 7: Hoare triple {9937#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {9937#true} is VALID [2022-02-21 00:02:11,275 INFO L290 TraceCheckUtils]: 8: Hoare triple {9937#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {9937#true} is VALID [2022-02-21 00:02:11,275 INFO L290 TraceCheckUtils]: 9: Hoare triple {9937#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {9937#true} is VALID [2022-02-21 00:02:11,276 INFO L290 TraceCheckUtils]: 10: Hoare triple {9937#true} assume !(3 == main_~tmp_ndt_3~0#1);havoc main_~tmp_ndt_4~0#1;assume -2147483648 <= main_#t~nondet29#1 && main_#t~nondet29#1 <= 2147483647;main_~tmp_ndt_4~0#1 := main_#t~nondet29#1;havoc main_#t~nondet29#1; {9937#true} is VALID [2022-02-21 00:02:11,278 INFO L290 TraceCheckUtils]: 11: Hoare triple {9937#true} assume !(4 == main_~tmp_ndt_4~0#1);havoc main_~tmp_ndt_5~0#1;assume -2147483648 <= main_#t~nondet30#1 && main_#t~nondet30#1 <= 2147483647;main_~tmp_ndt_5~0#1 := main_#t~nondet30#1;havoc main_#t~nondet30#1; {9937#true} is VALID [2022-02-21 00:02:11,278 INFO L290 TraceCheckUtils]: 12: Hoare triple {9937#true} assume 8 == main_~tmp_ndt_5~0#1; {9937#true} is VALID [2022-02-21 00:02:11,278 INFO L290 TraceCheckUtils]: 13: Hoare triple {9937#true} assume { :begin_inline_KbFilter_InternIoCtl } true;KbFilter_InternIoCtl_#in~DeviceObject#1, KbFilter_InternIoCtl_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_InternIoCtl_#res#1;havoc KbFilter_InternIoCtl_#t~nondet65#1, KbFilter_InternIoCtl_#t~nondet66#1, KbFilter_InternIoCtl_#t~nondet67#1, KbFilter_InternIoCtl_#t~nondet68#1, KbFilter_InternIoCtl_#t~nondet69#1, KbFilter_InternIoCtl_#t~nondet70#1, KbFilter_InternIoCtl_#t~nondet71#1, KbFilter_InternIoCtl_#t~nondet72#1, KbFilter_InternIoCtl_#t~nondet73#1, KbFilter_InternIoCtl_#t~nondet74#1, KbFilter_InternIoCtl_#t~nondet75#1, KbFilter_InternIoCtl_#t~nondet76#1, KbFilter_InternIoCtl_#t~nondet77#1, KbFilter_InternIoCtl_#t~nondet78#1, KbFilter_InternIoCtl_#t~nondet79#1, KbFilter_InternIoCtl_#t~nondet80#1, KbFilter_InternIoCtl_#t~nondet81#1, KbFilter_InternIoCtl_#t~ret82#1, KbFilter_InternIoCtl_~DeviceObject#1, KbFilter_InternIoCtl_~Irp#1, KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1, KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__InputBufferLength~0#1, KbFilter_InternIoCtl_~sizeof__CONNECT_DATA~0#1, KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__Type3InputBuffer~0#1, KbFilter_InternIoCtl_~sizeof__INTERNAL_I8042_HOOK_KEYBOARD~0#1, KbFilter_InternIoCtl_~hookKeyboard__InitializationRoutine~0#1, KbFilter_InternIoCtl_~hookKeyboard__IsrRoutine~0#1, KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1, KbFilter_InternIoCtl_~hookKeyboard~0#1, KbFilter_InternIoCtl_~connectData~0#1, KbFilter_InternIoCtl_~status~3#1, KbFilter_InternIoCtl_~tmp~3#1, KbFilter_InternIoCtl_~__cil_tmp17~0#1, KbFilter_InternIoCtl_~__cil_tmp18~0#1, KbFilter_InternIoCtl_~__cil_tmp19~0#1, KbFilter_InternIoCtl_~__cil_tmp20~0#1, KbFilter_InternIoCtl_~__cil_tmp21~0#1, KbFilter_InternIoCtl_~__cil_tmp22~0#1, KbFilter_InternIoCtl_~__cil_tmp23~1#1, KbFilter_InternIoCtl_~__cil_tmp24~0#1, KbFilter_InternIoCtl_~__cil_tmp25~0#1, KbFilter_InternIoCtl_~__cil_tmp26~0#1, KbFilter_InternIoCtl_~__cil_tmp27~0#1, KbFilter_InternIoCtl_~__cil_tmp28~0#1, KbFilter_InternIoCtl_~__cil_tmp29~0#1, KbFilter_InternIoCtl_~__cil_tmp30~0#1, KbFilter_InternIoCtl_~__cil_tmp31~0#1, KbFilter_InternIoCtl_~__cil_tmp32~0#1, KbFilter_InternIoCtl_~__cil_tmp33~0#1, KbFilter_InternIoCtl_~__cil_tmp34~0#1, KbFilter_InternIoCtl_~__cil_tmp35~0#1, KbFilter_InternIoCtl_~__cil_tmp36~0#1, KbFilter_InternIoCtl_~__cil_tmp37~0#1, KbFilter_InternIoCtl_~__cil_tmp38~0#1, KbFilter_InternIoCtl_~__cil_tmp39~0#1, KbFilter_InternIoCtl_~__cil_tmp40~0#1, KbFilter_InternIoCtl_~__cil_tmp41~0#1, KbFilter_InternIoCtl_~__cil_tmp42~0#1, KbFilter_InternIoCtl_~__cil_tmp43~0#1, KbFilter_InternIoCtl_~__cil_tmp44~0#1, KbFilter_InternIoCtl_~__cil_tmp45~0#1;KbFilter_InternIoCtl_~DeviceObject#1 := KbFilter_InternIoCtl_#in~DeviceObject#1;KbFilter_InternIoCtl_~Irp#1 := KbFilter_InternIoCtl_#in~Irp#1;havoc KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet65#1 && KbFilter_InternIoCtl_#t~nondet65#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1 := KbFilter_InternIoCtl_#t~nondet65#1;havoc KbFilter_InternIoCtl_#t~nondet65#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet66#1 && KbFilter_InternIoCtl_#t~nondet66#1 <= 2147483647;KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1 := KbFilter_InternIoCtl_#t~nondet66#1;havoc KbFilter_InternIoCtl_#t~nondet66#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet67#1 && KbFilter_InternIoCtl_#t~nondet67#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__InputBufferLength~0#1 := KbFilter_InternIoCtl_#t~nondet67#1;havoc KbFilter_InternIoCtl_#t~nondet67#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet68#1 && KbFilter_InternIoCtl_#t~nondet68#1 <= 2147483647;KbFilter_InternIoCtl_~sizeof__CONNECT_DATA~0#1 := KbFilter_InternIoCtl_#t~nondet68#1;havoc KbFilter_InternIoCtl_#t~nondet68#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet69#1 && KbFilter_InternIoCtl_#t~nondet69#1 <= 2147483647;KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__Type3InputBuffer~0#1 := KbFilter_InternIoCtl_#t~nondet69#1;havoc KbFilter_InternIoCtl_#t~nondet69#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet70#1 && KbFilter_InternIoCtl_#t~nondet70#1 <= 2147483647;KbFilter_InternIoCtl_~sizeof__INTERNAL_I8042_HOOK_KEYBOARD~0#1 := KbFilter_InternIoCtl_#t~nondet70#1;havoc KbFilter_InternIoCtl_#t~nondet70#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet71#1 && KbFilter_InternIoCtl_#t~nondet71#1 <= 2147483647;KbFilter_InternIoCtl_~hookKeyboard__InitializationRoutine~0#1 := KbFilter_InternIoCtl_#t~nondet71#1;havoc KbFilter_InternIoCtl_#t~nondet71#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet72#1 && KbFilter_InternIoCtl_#t~nondet72#1 <= 2147483647;KbFilter_InternIoCtl_~hookKeyboard__IsrRoutine~0#1 := KbFilter_InternIoCtl_#t~nondet72#1;havoc KbFilter_InternIoCtl_#t~nondet72#1;havoc KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1;havoc KbFilter_InternIoCtl_~hookKeyboard~0#1;havoc KbFilter_InternIoCtl_~connectData~0#1;havoc KbFilter_InternIoCtl_~status~3#1;havoc KbFilter_InternIoCtl_~tmp~3#1;havoc KbFilter_InternIoCtl_~__cil_tmp17~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp18~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp19~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet73#1 && KbFilter_InternIoCtl_#t~nondet73#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp20~0#1 := KbFilter_InternIoCtl_#t~nondet73#1;havoc KbFilter_InternIoCtl_#t~nondet73#1;havoc KbFilter_InternIoCtl_~__cil_tmp21~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp22~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp23~1#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet74#1 && KbFilter_InternIoCtl_#t~nondet74#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp24~0#1 := KbFilter_InternIoCtl_#t~nondet74#1;havoc KbFilter_InternIoCtl_#t~nondet74#1;havoc KbFilter_InternIoCtl_~__cil_tmp25~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp26~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp27~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet75#1 && KbFilter_InternIoCtl_#t~nondet75#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp28~0#1 := KbFilter_InternIoCtl_#t~nondet75#1;havoc KbFilter_InternIoCtl_#t~nondet75#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet76#1 && KbFilter_InternIoCtl_#t~nondet76#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp29~0#1 := KbFilter_InternIoCtl_#t~nondet76#1;havoc KbFilter_InternIoCtl_#t~nondet76#1;havoc KbFilter_InternIoCtl_~__cil_tmp30~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp31~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet77#1 && KbFilter_InternIoCtl_#t~nondet77#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp32~0#1 := KbFilter_InternIoCtl_#t~nondet77#1;havoc KbFilter_InternIoCtl_#t~nondet77#1;havoc KbFilter_InternIoCtl_~__cil_tmp33~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp34~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet78#1 && KbFilter_InternIoCtl_#t~nondet78#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp35~0#1 := KbFilter_InternIoCtl_#t~nondet78#1;havoc KbFilter_InternIoCtl_#t~nondet78#1;havoc KbFilter_InternIoCtl_~__cil_tmp36~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp37~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet79#1 && KbFilter_InternIoCtl_#t~nondet79#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp38~0#1 := KbFilter_InternIoCtl_#t~nondet79#1;havoc KbFilter_InternIoCtl_#t~nondet79#1;havoc KbFilter_InternIoCtl_~__cil_tmp39~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp40~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet80#1 && KbFilter_InternIoCtl_#t~nondet80#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp41~0#1 := KbFilter_InternIoCtl_#t~nondet80#1;havoc KbFilter_InternIoCtl_#t~nondet80#1;havoc KbFilter_InternIoCtl_~__cil_tmp42~0#1;havoc KbFilter_InternIoCtl_~__cil_tmp43~0#1;assume -2147483648 <= KbFilter_InternIoCtl_#t~nondet81#1 && KbFilter_InternIoCtl_#t~nondet81#1 <= 2147483647;KbFilter_InternIoCtl_~__cil_tmp44~0#1 := KbFilter_InternIoCtl_#t~nondet81#1;havoc KbFilter_InternIoCtl_#t~nondet81#1;havoc KbFilter_InternIoCtl_~__cil_tmp45~0#1;KbFilter_InternIoCtl_~status~3#1 := 0;KbFilter_InternIoCtl_~Irp__IoStatus__Information~1#1 := 0; {9937#true} is VALID [2022-02-21 00:02:11,279 INFO L290 TraceCheckUtils]: 14: Hoare triple {9937#true} assume KbFilter_InternIoCtl_~irpStack__Parameters__DeviceIoControl__IoControlCode~0#1 == KbFilter_InternIoCtl_~__cil_tmp20~0#1; {9937#true} is VALID [2022-02-21 00:02:11,279 INFO L290 TraceCheckUtils]: 15: Hoare triple {9937#true} assume 0 != KbFilter_InternIoCtl_~devExt__UpperConnectData__ClassService~1#1;KbFilter_InternIoCtl_~status~3#1 := -1073741757; {9937#true} is VALID [2022-02-21 00:02:11,279 INFO L290 TraceCheckUtils]: 16: Hoare triple {9937#true} assume KbFilter_InternIoCtl_~status~3#1 < 0;KbFilter_InternIoCtl_~Irp__IoStatus__Status~2#1 := KbFilter_InternIoCtl_~status~3#1;~myStatus~0 := KbFilter_InternIoCtl_~status~3#1; {9937#true} is VALID [2022-02-21 00:02:11,280 INFO L272 TraceCheckUtils]: 17: Hoare triple {9937#true} call IofCompleteRequest(KbFilter_InternIoCtl_~Irp#1, 0); {9944#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:11,280 INFO L290 TraceCheckUtils]: 18: Hoare triple {9944#(= ~s~0 |old(~s~0)|)} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {9937#true} is VALID [2022-02-21 00:02:11,280 INFO L290 TraceCheckUtils]: 19: Hoare triple {9937#true} assume ~s~0 == ~NP~0;~s~0 := ~DC~0; {9937#true} is VALID [2022-02-21 00:02:11,280 INFO L290 TraceCheckUtils]: 20: Hoare triple {9937#true} assume true; {9937#true} is VALID [2022-02-21 00:02:11,280 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {9937#true} {9937#true} #743#return; {9937#true} is VALID [2022-02-21 00:02:11,284 INFO L290 TraceCheckUtils]: 22: Hoare triple {9937#true} KbFilter_InternIoCtl_#res#1 := KbFilter_InternIoCtl_~status~3#1; {9937#true} is VALID [2022-02-21 00:02:11,284 INFO L290 TraceCheckUtils]: 23: Hoare triple {9937#true} main_#t~ret35#1 := KbFilter_InternIoCtl_#res#1;assume { :end_inline_KbFilter_InternIoCtl } true;assume -2147483648 <= main_#t~ret35#1 && main_#t~ret35#1 <= 2147483647;main_~status~1#1 := main_#t~ret35#1;havoc main_#t~ret35#1; {9937#true} is VALID [2022-02-21 00:02:11,285 INFO L290 TraceCheckUtils]: 24: Hoare triple {9937#true} assume !(1 == ~pended~0); {9943#(not (= ~pended~0 1))} is VALID [2022-02-21 00:02:11,286 INFO L290 TraceCheckUtils]: 25: Hoare triple {9943#(not (= ~pended~0 1))} assume !(1 == ~pended~0); {9943#(not (= ~pended~0 1))} is VALID [2022-02-21 00:02:11,286 INFO L290 TraceCheckUtils]: 26: Hoare triple {9943#(not (= ~pended~0 1))} assume ~s~0 != ~UNLOADED~0; {9943#(not (= ~pended~0 1))} is VALID [2022-02-21 00:02:11,286 INFO L290 TraceCheckUtils]: 27: Hoare triple {9943#(not (= ~pended~0 1))} assume -1 != main_~status~1#1; {9943#(not (= ~pended~0 1))} is VALID [2022-02-21 00:02:11,286 INFO L290 TraceCheckUtils]: 28: Hoare triple {9943#(not (= ~pended~0 1))} assume ~s~0 != ~SKIP2~0; {9943#(not (= ~pended~0 1))} is VALID [2022-02-21 00:02:11,287 INFO L290 TraceCheckUtils]: 29: Hoare triple {9943#(not (= ~pended~0 1))} assume ~s~0 != ~IPC~0; {9943#(not (= ~pended~0 1))} is VALID [2022-02-21 00:02:11,287 INFO L290 TraceCheckUtils]: 30: Hoare triple {9943#(not (= ~pended~0 1))} assume ~s~0 == ~DC~0; {9943#(not (= ~pended~0 1))} is VALID [2022-02-21 00:02:11,287 INFO L290 TraceCheckUtils]: 31: Hoare triple {9943#(not (= ~pended~0 1))} assume 1 == ~pended~0; {9938#false} is VALID [2022-02-21 00:02:11,287 INFO L290 TraceCheckUtils]: 32: Hoare triple {9938#false} assume 259 != main_~status~1#1; {9938#false} is VALID [2022-02-21 00:02:11,287 INFO L272 TraceCheckUtils]: 33: Hoare triple {9938#false} call errorFn(); {9938#false} is VALID [2022-02-21 00:02:11,288 INFO L290 TraceCheckUtils]: 34: Hoare triple {9938#false} assume !false; {9938#false} is VALID [2022-02-21 00:02:11,288 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:11,288 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:11,288 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [61668546] [2022-02-21 00:02:11,288 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [61668546] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:11,288 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:11,290 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-21 00:02:11,290 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [506381596] [2022-02-21 00:02:11,290 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:11,291 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 3 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-21 00:02:11,291 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:11,291 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 8.0) internal successors, (32), 3 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:11,311 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:11,311 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-21 00:02:11,311 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:11,312 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-21 00:02:11,312 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-21 00:02:11,312 INFO L87 Difference]: Start difference. First operand 264 states and 363 transitions. Second operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 3 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:11,610 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:11,611 INFO L93 Difference]: Finished difference Result 258 states and 352 transitions. [2022-02-21 00:02:11,611 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-21 00:02:11,611 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 3 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 35 [2022-02-21 00:02:11,611 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:11,611 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 3 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:11,613 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 276 transitions. [2022-02-21 00:02:11,613 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 8.0) internal successors, (32), 3 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:11,615 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 276 transitions. [2022-02-21 00:02:11,615 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 276 transitions. [2022-02-21 00:02:11,786 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 276 edges. 276 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:11,787 INFO L225 Difference]: With dead ends: 258 [2022-02-21 00:02:11,787 INFO L226 Difference]: Without dead ends: 82 [2022-02-21 00:02:11,788 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-21 00:02:11,788 INFO L933 BasicCegarLoop]: 244 mSDtfsCounter, 285 mSDsluCounter, 177 mSDsCounter, 0 mSdLazyCounter, 56 mSolverCounterSat, 32 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 285 SdHoareTripleChecker+Valid, 421 SdHoareTripleChecker+Invalid, 88 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 32 IncrementalHoareTripleChecker+Valid, 56 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:11,788 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [285 Valid, 421 Invalid, 88 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [32 Valid, 56 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:11,788 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2022-02-21 00:02:11,789 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 82. [2022-02-21 00:02:11,789 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:11,790 INFO L82 GeneralOperation]: Start isEquivalent. First operand 82 states. Second operand has 82 states, 70 states have (on average 1.2428571428571429) internal successors, (87), 72 states have internal predecessors, (87), 7 states have call successors, (7), 5 states have call predecessors, (7), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:11,790 INFO L74 IsIncluded]: Start isIncluded. First operand 82 states. Second operand has 82 states, 70 states have (on average 1.2428571428571429) internal successors, (87), 72 states have internal predecessors, (87), 7 states have call successors, (7), 5 states have call predecessors, (7), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:11,790 INFO L87 Difference]: Start difference. First operand 82 states. Second operand has 82 states, 70 states have (on average 1.2428571428571429) internal successors, (87), 72 states have internal predecessors, (87), 7 states have call successors, (7), 5 states have call predecessors, (7), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:11,791 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:11,791 INFO L93 Difference]: Finished difference Result 82 states and 98 transitions. [2022-02-21 00:02:11,791 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 98 transitions. [2022-02-21 00:02:11,791 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:11,791 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:11,791 INFO L74 IsIncluded]: Start isIncluded. First operand has 82 states, 70 states have (on average 1.2428571428571429) internal successors, (87), 72 states have internal predecessors, (87), 7 states have call successors, (7), 5 states have call predecessors, (7), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) Second operand 82 states. [2022-02-21 00:02:11,793 INFO L87 Difference]: Start difference. First operand has 82 states, 70 states have (on average 1.2428571428571429) internal successors, (87), 72 states have internal predecessors, (87), 7 states have call successors, (7), 5 states have call predecessors, (7), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) Second operand 82 states. [2022-02-21 00:02:11,794 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:11,795 INFO L93 Difference]: Finished difference Result 82 states and 98 transitions. [2022-02-21 00:02:11,795 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 98 transitions. [2022-02-21 00:02:11,795 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:11,795 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:11,795 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:11,795 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:11,795 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 82 states, 70 states have (on average 1.2428571428571429) internal successors, (87), 72 states have internal predecessors, (87), 7 states have call successors, (7), 5 states have call predecessors, (7), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:11,796 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 82 states to 82 states and 98 transitions. [2022-02-21 00:02:11,796 INFO L78 Accepts]: Start accepts. Automaton has 82 states and 98 transitions. Word has length 35 [2022-02-21 00:02:11,796 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:11,796 INFO L470 AbstractCegarLoop]: Abstraction has 82 states and 98 transitions. [2022-02-21 00:02:11,797 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 8.0) internal successors, (32), 3 states have internal predecessors, (32), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-21 00:02:11,797 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 98 transitions. [2022-02-21 00:02:11,797 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-21 00:02:11,797 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:11,798 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:11,798 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2022-02-21 00:02:11,798 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:11,798 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:11,798 INFO L85 PathProgramCache]: Analyzing trace with hash 1877593248, now seen corresponding path program 1 times [2022-02-21 00:02:11,798 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:11,799 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [659443247] [2022-02-21 00:02:11,799 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:11,799 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:11,816 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:11,851 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-21 00:02:11,853 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:11,856 INFO L290 TraceCheckUtils]: 0: Hoare triple {10464#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {10454#true} is VALID [2022-02-21 00:02:11,856 INFO L290 TraceCheckUtils]: 1: Hoare triple {10454#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {10454#true} is VALID [2022-02-21 00:02:11,856 INFO L290 TraceCheckUtils]: 2: Hoare triple {10454#true} assume true; {10454#true} is VALID [2022-02-21 00:02:11,856 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10454#true} {10454#true} #753#return; {10454#true} is VALID [2022-02-21 00:02:11,859 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-21 00:02:11,860 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:11,864 INFO L290 TraceCheckUtils]: 0: Hoare triple {10465#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,864 INFO L290 TraceCheckUtils]: 1: Hoare triple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume true; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,865 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} {10454#true} #755#return; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,865 INFO L290 TraceCheckUtils]: 0: Hoare triple {10454#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {10454#true} is VALID [2022-02-21 00:02:11,865 INFO L290 TraceCheckUtils]: 1: Hoare triple {10454#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {10454#true} is VALID [2022-02-21 00:02:11,865 INFO L290 TraceCheckUtils]: 2: Hoare triple {10454#true} assume { :end_inline__BLAST_init } true; {10454#true} is VALID [2022-02-21 00:02:11,865 INFO L290 TraceCheckUtils]: 3: Hoare triple {10454#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {10454#true} is VALID [2022-02-21 00:02:11,865 INFO L290 TraceCheckUtils]: 4: Hoare triple {10454#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {10454#true} is VALID [2022-02-21 00:02:11,865 INFO L290 TraceCheckUtils]: 5: Hoare triple {10454#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {10454#true} is VALID [2022-02-21 00:02:11,865 INFO L290 TraceCheckUtils]: 6: Hoare triple {10454#true} assume { :end_inline_stub_driver_init } true; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 7: Hoare triple {10454#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 8: Hoare triple {10454#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 9: Hoare triple {10454#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 10: Hoare triple {10454#true} assume 3 == main_~tmp_ndt_3~0#1; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 11: Hoare triple {10454#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 12: Hoare triple {10454#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 13: Hoare triple {10454#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {10454#true} is VALID [2022-02-21 00:02:11,866 INFO L290 TraceCheckUtils]: 14: Hoare triple {10454#true} assume !(~s~0 != ~NP~0); {10454#true} is VALID [2022-02-21 00:02:11,867 INFO L290 TraceCheckUtils]: 15: Hoare triple {10454#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {10454#true} is VALID [2022-02-21 00:02:11,867 INFO L290 TraceCheckUtils]: 16: Hoare triple {10454#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {10454#true} is VALID [2022-02-21 00:02:11,867 INFO L272 TraceCheckUtils]: 17: Hoare triple {10454#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {10454#true} is VALID [2022-02-21 00:02:11,868 INFO L290 TraceCheckUtils]: 18: Hoare triple {10454#true} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {10454#true} is VALID [2022-02-21 00:02:11,868 INFO L290 TraceCheckUtils]: 19: Hoare triple {10454#true} assume 0 != ~compRegistered~0; {10454#true} is VALID [2022-02-21 00:02:11,869 INFO L272 TraceCheckUtils]: 20: Hoare triple {10454#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {10464#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:11,869 INFO L290 TraceCheckUtils]: 21: Hoare triple {10464#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {10454#true} is VALID [2022-02-21 00:02:11,869 INFO L290 TraceCheckUtils]: 22: Hoare triple {10454#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {10454#true} is VALID [2022-02-21 00:02:11,869 INFO L290 TraceCheckUtils]: 23: Hoare triple {10454#true} assume true; {10454#true} is VALID [2022-02-21 00:02:11,869 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {10454#true} {10454#true} #753#return; {10454#true} is VALID [2022-02-21 00:02:11,869 INFO L290 TraceCheckUtils]: 25: Hoare triple {10454#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {10454#true} is VALID [2022-02-21 00:02:11,869 INFO L290 TraceCheckUtils]: 26: Hoare triple {10454#true} assume -1073741802 == ~__cil_tmp7~0; {10454#true} is VALID [2022-02-21 00:02:11,870 INFO L272 TraceCheckUtils]: 27: Hoare triple {10454#true} call stubMoreProcessingRequired(); {10465#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:11,870 INFO L290 TraceCheckUtils]: 28: Hoare triple {10465#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,870 INFO L290 TraceCheckUtils]: 29: Hoare triple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume true; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,871 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} {10454#true} #755#return; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,871 INFO L290 TraceCheckUtils]: 31: Hoare triple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,871 INFO L290 TraceCheckUtils]: 32: Hoare triple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume 0 == ~tmp_ndt_6~0; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,872 INFO L290 TraceCheckUtils]: 33: Hoare triple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} ~returnVal2~0 := 0; {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,872 INFO L290 TraceCheckUtils]: 34: Hoare triple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume !(~s~0 == ~NP~0); {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:11,872 INFO L290 TraceCheckUtils]: 35: Hoare triple {10463#(= (+ ~MPR1~0 (* (- 1) ~s~0)) 0)} assume !(~s~0 == ~MPR1~0); {10455#false} is VALID [2022-02-21 00:02:11,872 INFO L290 TraceCheckUtils]: 36: Hoare triple {10455#false} assume !(~s~0 == ~SKIP1~0); {10455#false} is VALID [2022-02-21 00:02:11,872 INFO L272 TraceCheckUtils]: 37: Hoare triple {10455#false} call errorFn(); {10455#false} is VALID [2022-02-21 00:02:11,873 INFO L290 TraceCheckUtils]: 38: Hoare triple {10455#false} assume !false; {10455#false} is VALID [2022-02-21 00:02:11,873 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:11,873 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:11,873 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [659443247] [2022-02-21 00:02:11,873 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [659443247] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:11,873 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:11,873 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-21 00:02:11,873 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1286166365] [2022-02-21 00:02:11,874 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:11,874 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 39 [2022-02-21 00:02:11,874 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:11,874 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.6) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:11,897 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:11,897 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-21 00:02:11,897 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:11,898 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-21 00:02:11,898 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-21 00:02:11,899 INFO L87 Difference]: Start difference. First operand 82 states and 98 transitions. Second operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,079 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:12,080 INFO L93 Difference]: Finished difference Result 80 states and 94 transitions. [2022-02-21 00:02:12,080 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-21 00:02:12,080 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 39 [2022-02-21 00:02:12,081 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:12,081 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,082 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 85 transitions. [2022-02-21 00:02:12,082 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,082 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 85 transitions. [2022-02-21 00:02:12,082 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 85 transitions. [2022-02-21 00:02:12,132 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:12,132 INFO L225 Difference]: With dead ends: 80 [2022-02-21 00:02:12,133 INFO L226 Difference]: Without dead ends: 80 [2022-02-21 00:02:12,133 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-02-21 00:02:12,134 INFO L933 BasicCegarLoop]: 77 mSDtfsCounter, 31 mSDsluCounter, 145 mSDsCounter, 0 mSdLazyCounter, 61 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 31 SdHoareTripleChecker+Valid, 222 SdHoareTripleChecker+Invalid, 74 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 61 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:12,134 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [31 Valid, 222 Invalid, 74 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 61 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:12,135 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2022-02-21 00:02:12,136 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 80. [2022-02-21 00:02:12,136 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:12,136 INFO L82 GeneralOperation]: Start isEquivalent. First operand 80 states. Second operand has 80 states, 69 states have (on average 1.2173913043478262) internal successors, (84), 70 states have internal predecessors, (84), 6 states have call successors, (6), 5 states have call predecessors, (6), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:12,136 INFO L74 IsIncluded]: Start isIncluded. First operand 80 states. Second operand has 80 states, 69 states have (on average 1.2173913043478262) internal successors, (84), 70 states have internal predecessors, (84), 6 states have call successors, (6), 5 states have call predecessors, (6), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:12,136 INFO L87 Difference]: Start difference. First operand 80 states. Second operand has 80 states, 69 states have (on average 1.2173913043478262) internal successors, (84), 70 states have internal predecessors, (84), 6 states have call successors, (6), 5 states have call predecessors, (6), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:12,137 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:12,137 INFO L93 Difference]: Finished difference Result 80 states and 94 transitions. [2022-02-21 00:02:12,137 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 94 transitions. [2022-02-21 00:02:12,137 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:12,137 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:12,137 INFO L74 IsIncluded]: Start isIncluded. First operand has 80 states, 69 states have (on average 1.2173913043478262) internal successors, (84), 70 states have internal predecessors, (84), 6 states have call successors, (6), 5 states have call predecessors, (6), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) Second operand 80 states. [2022-02-21 00:02:12,138 INFO L87 Difference]: Start difference. First operand has 80 states, 69 states have (on average 1.2173913043478262) internal successors, (84), 70 states have internal predecessors, (84), 6 states have call successors, (6), 5 states have call predecessors, (6), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) Second operand 80 states. [2022-02-21 00:02:12,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:12,138 INFO L93 Difference]: Finished difference Result 80 states and 94 transitions. [2022-02-21 00:02:12,138 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 94 transitions. [2022-02-21 00:02:12,139 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:12,139 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:12,139 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:12,139 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:12,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 80 states, 69 states have (on average 1.2173913043478262) internal successors, (84), 70 states have internal predecessors, (84), 6 states have call successors, (6), 5 states have call predecessors, (6), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-21 00:02:12,168 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 80 states to 80 states and 94 transitions. [2022-02-21 00:02:12,168 INFO L78 Accepts]: Start accepts. Automaton has 80 states and 94 transitions. Word has length 39 [2022-02-21 00:02:12,168 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:12,168 INFO L470 AbstractCegarLoop]: Abstraction has 80 states and 94 transitions. [2022-02-21 00:02:12,168 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,168 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 94 transitions. [2022-02-21 00:02:12,169 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 42 [2022-02-21 00:02:12,169 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:12,169 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:12,169 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10 [2022-02-21 00:02:12,169 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:12,169 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:12,169 INFO L85 PathProgramCache]: Analyzing trace with hash 1958713032, now seen corresponding path program 1 times [2022-02-21 00:02:12,169 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:12,169 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1056053348] [2022-02-21 00:02:12,169 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:12,170 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:12,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:12,241 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:12,246 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:12,264 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:12,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:12,268 INFO L290 TraceCheckUtils]: 0: Hoare triple {10820#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {10793#true} is VALID [2022-02-21 00:02:12,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {10793#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {10793#true} is VALID [2022-02-21 00:02:12,269 INFO L290 TraceCheckUtils]: 2: Hoare triple {10793#true} assume true; {10793#true} is VALID [2022-02-21 00:02:12,269 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {10793#true} {10793#true} #753#return; {10793#true} is VALID [2022-02-21 00:02:12,269 INFO L290 TraceCheckUtils]: 0: Hoare triple {10813#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {10793#true} is VALID [2022-02-21 00:02:12,269 INFO L290 TraceCheckUtils]: 1: Hoare triple {10793#true} assume 0 != ~compRegistered~0; {10793#true} is VALID [2022-02-21 00:02:12,270 INFO L272 TraceCheckUtils]: 2: Hoare triple {10793#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {10820#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:12,270 INFO L290 TraceCheckUtils]: 3: Hoare triple {10820#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {10793#true} is VALID [2022-02-21 00:02:12,270 INFO L290 TraceCheckUtils]: 4: Hoare triple {10793#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {10793#true} is VALID [2022-02-21 00:02:12,270 INFO L290 TraceCheckUtils]: 5: Hoare triple {10793#true} assume true; {10793#true} is VALID [2022-02-21 00:02:12,270 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {10793#true} {10793#true} #753#return; {10793#true} is VALID [2022-02-21 00:02:12,270 INFO L290 TraceCheckUtils]: 7: Hoare triple {10793#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {10793#true} is VALID [2022-02-21 00:02:12,270 INFO L290 TraceCheckUtils]: 8: Hoare triple {10793#true} assume !(-1073741802 == ~__cil_tmp7~0); {10793#true} is VALID [2022-02-21 00:02:12,271 INFO L290 TraceCheckUtils]: 9: Hoare triple {10793#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {10793#true} is VALID [2022-02-21 00:02:12,271 INFO L290 TraceCheckUtils]: 10: Hoare triple {10793#true} assume 0 == ~tmp_ndt_6~0; {10793#true} is VALID [2022-02-21 00:02:12,273 INFO L290 TraceCheckUtils]: 11: Hoare triple {10793#true} ~returnVal2~0 := 0; {10818#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,273 INFO L290 TraceCheckUtils]: 12: Hoare triple {10818#(= IofCallDriver_~returnVal2~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {10818#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,273 INFO L290 TraceCheckUtils]: 13: Hoare triple {10818#(= IofCallDriver_~returnVal2~0 0)} #res := ~returnVal2~0; {10819#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,273 INFO L290 TraceCheckUtils]: 14: Hoare triple {10819#(= |IofCallDriver_#res| 0)} assume true; {10819#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,274 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {10819#(= |IofCallDriver_#res| 0)} {10793#true} #717#return; {10811#(= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 0)} is VALID [2022-02-21 00:02:12,274 INFO L290 TraceCheckUtils]: 0: Hoare triple {10793#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {10793#true} is VALID [2022-02-21 00:02:12,274 INFO L290 TraceCheckUtils]: 1: Hoare triple {10793#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {10793#true} is VALID [2022-02-21 00:02:12,274 INFO L290 TraceCheckUtils]: 2: Hoare triple {10793#true} assume { :end_inline__BLAST_init } true; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 3: Hoare triple {10793#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 4: Hoare triple {10793#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 5: Hoare triple {10793#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 6: Hoare triple {10793#true} assume { :end_inline_stub_driver_init } true; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 7: Hoare triple {10793#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 8: Hoare triple {10793#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 9: Hoare triple {10793#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 10: Hoare triple {10793#true} assume 3 == main_~tmp_ndt_3~0#1; {10793#true} is VALID [2022-02-21 00:02:12,275 INFO L290 TraceCheckUtils]: 11: Hoare triple {10793#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {10793#true} is VALID [2022-02-21 00:02:12,276 INFO L290 TraceCheckUtils]: 12: Hoare triple {10793#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {10793#true} is VALID [2022-02-21 00:02:12,276 INFO L290 TraceCheckUtils]: 13: Hoare triple {10793#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {10793#true} is VALID [2022-02-21 00:02:12,276 INFO L290 TraceCheckUtils]: 14: Hoare triple {10793#true} assume !(~s~0 != ~NP~0); {10793#true} is VALID [2022-02-21 00:02:12,276 INFO L290 TraceCheckUtils]: 15: Hoare triple {10793#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {10793#true} is VALID [2022-02-21 00:02:12,276 INFO L290 TraceCheckUtils]: 16: Hoare triple {10793#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {10793#true} is VALID [2022-02-21 00:02:12,277 INFO L272 TraceCheckUtils]: 17: Hoare triple {10793#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {10813#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:12,277 INFO L290 TraceCheckUtils]: 18: Hoare triple {10813#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {10793#true} is VALID [2022-02-21 00:02:12,277 INFO L290 TraceCheckUtils]: 19: Hoare triple {10793#true} assume 0 != ~compRegistered~0; {10793#true} is VALID [2022-02-21 00:02:12,277 INFO L272 TraceCheckUtils]: 20: Hoare triple {10793#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {10820#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:12,277 INFO L290 TraceCheckUtils]: 21: Hoare triple {10820#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {10793#true} is VALID [2022-02-21 00:02:12,278 INFO L290 TraceCheckUtils]: 22: Hoare triple {10793#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {10793#true} is VALID [2022-02-21 00:02:12,278 INFO L290 TraceCheckUtils]: 23: Hoare triple {10793#true} assume true; {10793#true} is VALID [2022-02-21 00:02:12,278 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {10793#true} {10793#true} #753#return; {10793#true} is VALID [2022-02-21 00:02:12,278 INFO L290 TraceCheckUtils]: 25: Hoare triple {10793#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {10793#true} is VALID [2022-02-21 00:02:12,278 INFO L290 TraceCheckUtils]: 26: Hoare triple {10793#true} assume !(-1073741802 == ~__cil_tmp7~0); {10793#true} is VALID [2022-02-21 00:02:12,278 INFO L290 TraceCheckUtils]: 27: Hoare triple {10793#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {10793#true} is VALID [2022-02-21 00:02:12,278 INFO L290 TraceCheckUtils]: 28: Hoare triple {10793#true} assume 0 == ~tmp_ndt_6~0; {10793#true} is VALID [2022-02-21 00:02:12,281 INFO L290 TraceCheckUtils]: 29: Hoare triple {10793#true} ~returnVal2~0 := 0; {10818#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,281 INFO L290 TraceCheckUtils]: 30: Hoare triple {10818#(= IofCallDriver_~returnVal2~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {10818#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,282 INFO L290 TraceCheckUtils]: 31: Hoare triple {10818#(= IofCallDriver_~returnVal2~0 0)} #res := ~returnVal2~0; {10819#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,282 INFO L290 TraceCheckUtils]: 32: Hoare triple {10819#(= |IofCallDriver_#res| 0)} assume true; {10819#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,283 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {10819#(= |IofCallDriver_#res| 0)} {10793#true} #717#return; {10811#(= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 0)} is VALID [2022-02-21 00:02:12,283 INFO L290 TraceCheckUtils]: 34: Hoare triple {10811#(= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 0)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {10812#(= |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1| 0)} is VALID [2022-02-21 00:02:12,283 INFO L290 TraceCheckUtils]: 35: Hoare triple {10812#(= |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1| 0)} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet41#1, KeWaitForSingleObject_~tmp_ndt_8~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {10794#false} is VALID [2022-02-21 00:02:12,284 INFO L290 TraceCheckUtils]: 36: Hoare triple {10794#false} assume !(~s~0 == ~MPR3~0); {10794#false} is VALID [2022-02-21 00:02:12,284 INFO L290 TraceCheckUtils]: 37: Hoare triple {10794#false} assume !(1 == ~customIrp~0); {10794#false} is VALID [2022-02-21 00:02:12,284 INFO L290 TraceCheckUtils]: 38: Hoare triple {10794#false} assume ~s~0 == ~MPR3~0; {10794#false} is VALID [2022-02-21 00:02:12,284 INFO L272 TraceCheckUtils]: 39: Hoare triple {10794#false} call errorFn(); {10794#false} is VALID [2022-02-21 00:02:12,284 INFO L290 TraceCheckUtils]: 40: Hoare triple {10794#false} assume !false; {10794#false} is VALID [2022-02-21 00:02:12,284 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:12,284 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:12,284 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1056053348] [2022-02-21 00:02:12,285 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1056053348] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:12,285 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:12,285 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-21 00:02:12,285 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1680252034] [2022-02-21 00:02:12,285 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:12,285 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.5) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-02-21 00:02:12,286 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:12,286 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 4.5) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,307 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 41 edges. 41 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:12,307 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-21 00:02:12,307 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:12,308 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-21 00:02:12,308 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2022-02-21 00:02:12,308 INFO L87 Difference]: Start difference. First operand 80 states and 94 transitions. Second operand has 8 states, 8 states have (on average 4.5) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,575 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:12,575 INFO L93 Difference]: Finished difference Result 98 states and 114 transitions. [2022-02-21 00:02:12,575 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-21 00:02:12,576 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.5) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 41 [2022-02-21 00:02:12,576 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:12,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.5) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,577 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 92 transitions. [2022-02-21 00:02:12,577 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.5) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,577 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 92 transitions. [2022-02-21 00:02:12,577 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 92 transitions. [2022-02-21 00:02:12,631 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:12,632 INFO L225 Difference]: With dead ends: 98 [2022-02-21 00:02:12,632 INFO L226 Difference]: Without dead ends: 91 [2022-02-21 00:02:12,633 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=18, Invalid=54, Unknown=0, NotChecked=0, Total=72 [2022-02-21 00:02:12,633 INFO L933 BasicCegarLoop]: 68 mSDtfsCounter, 17 mSDsluCounter, 328 mSDsCounter, 0 mSdLazyCounter, 104 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 17 SdHoareTripleChecker+Valid, 396 SdHoareTripleChecker+Invalid, 113 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 104 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:12,633 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [17 Valid, 396 Invalid, 113 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 104 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:12,633 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 91 states. [2022-02-21 00:02:12,635 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 91 to 85. [2022-02-21 00:02:12,635 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:12,635 INFO L82 GeneralOperation]: Start isEquivalent. First operand 91 states. Second operand has 85 states, 73 states have (on average 1.2054794520547945) internal successors, (88), 74 states have internal predecessors, (88), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:12,635 INFO L74 IsIncluded]: Start isIncluded. First operand 91 states. Second operand has 85 states, 73 states have (on average 1.2054794520547945) internal successors, (88), 74 states have internal predecessors, (88), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:12,635 INFO L87 Difference]: Start difference. First operand 91 states. Second operand has 85 states, 73 states have (on average 1.2054794520547945) internal successors, (88), 74 states have internal predecessors, (88), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:12,636 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:12,636 INFO L93 Difference]: Finished difference Result 91 states and 107 transitions. [2022-02-21 00:02:12,636 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 107 transitions. [2022-02-21 00:02:12,636 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:12,636 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:12,637 INFO L74 IsIncluded]: Start isIncluded. First operand has 85 states, 73 states have (on average 1.2054794520547945) internal successors, (88), 74 states have internal predecessors, (88), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) Second operand 91 states. [2022-02-21 00:02:12,637 INFO L87 Difference]: Start difference. First operand has 85 states, 73 states have (on average 1.2054794520547945) internal successors, (88), 74 states have internal predecessors, (88), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) Second operand 91 states. [2022-02-21 00:02:12,638 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:12,638 INFO L93 Difference]: Finished difference Result 91 states and 107 transitions. [2022-02-21 00:02:12,638 INFO L276 IsEmpty]: Start isEmpty. Operand 91 states and 107 transitions. [2022-02-21 00:02:12,638 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:12,638 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:12,638 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:12,638 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:12,638 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 85 states, 73 states have (on average 1.2054794520547945) internal successors, (88), 74 states have internal predecessors, (88), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:12,639 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 85 states to 85 states and 99 transitions. [2022-02-21 00:02:12,639 INFO L78 Accepts]: Start accepts. Automaton has 85 states and 99 transitions. Word has length 41 [2022-02-21 00:02:12,639 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:12,639 INFO L470 AbstractCegarLoop]: Abstraction has 85 states and 99 transitions. [2022-02-21 00:02:12,639 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 4.5) internal successors, (36), 5 states have internal predecessors, (36), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,639 INFO L276 IsEmpty]: Start isEmpty. Operand 85 states and 99 transitions. [2022-02-21 00:02:12,640 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 44 [2022-02-21 00:02:12,640 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:12,640 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:12,640 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-21 00:02:12,640 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:12,640 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:12,640 INFO L85 PathProgramCache]: Analyzing trace with hash -306878835, now seen corresponding path program 1 times [2022-02-21 00:02:12,640 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:12,640 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1616961982] [2022-02-21 00:02:12,640 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:12,641 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:12,660 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:12,699 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:12,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:12,723 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:12,725 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:12,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {11217#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11190#true} is VALID [2022-02-21 00:02:12,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {11190#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11190#true} is VALID [2022-02-21 00:02:12,727 INFO L290 TraceCheckUtils]: 2: Hoare triple {11190#true} assume true; {11190#true} is VALID [2022-02-21 00:02:12,727 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11190#true} {11190#true} #753#return; {11190#true} is VALID [2022-02-21 00:02:12,727 INFO L290 TraceCheckUtils]: 0: Hoare triple {11210#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {11190#true} is VALID [2022-02-21 00:02:12,727 INFO L290 TraceCheckUtils]: 1: Hoare triple {11190#true} assume 0 != ~compRegistered~0; {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L272 TraceCheckUtils]: 2: Hoare triple {11190#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {11217#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:12,728 INFO L290 TraceCheckUtils]: 3: Hoare triple {11217#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L290 TraceCheckUtils]: 4: Hoare triple {11190#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L290 TraceCheckUtils]: 5: Hoare triple {11190#true} assume true; {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11190#true} {11190#true} #753#return; {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L290 TraceCheckUtils]: 7: Hoare triple {11190#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L290 TraceCheckUtils]: 8: Hoare triple {11190#true} assume !(-1073741802 == ~__cil_tmp7~0); {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L290 TraceCheckUtils]: 9: Hoare triple {11190#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {11190#true} is VALID [2022-02-21 00:02:12,728 INFO L290 TraceCheckUtils]: 10: Hoare triple {11190#true} assume 0 == ~tmp_ndt_6~0; {11190#true} is VALID [2022-02-21 00:02:12,729 INFO L290 TraceCheckUtils]: 11: Hoare triple {11190#true} ~returnVal2~0 := 0; {11215#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,729 INFO L290 TraceCheckUtils]: 12: Hoare triple {11215#(= IofCallDriver_~returnVal2~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {11215#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,729 INFO L290 TraceCheckUtils]: 13: Hoare triple {11215#(= IofCallDriver_~returnVal2~0 0)} #res := ~returnVal2~0; {11216#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,729 INFO L290 TraceCheckUtils]: 14: Hoare triple {11216#(= |IofCallDriver_#res| 0)} assume true; {11216#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,730 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {11216#(= |IofCallDriver_#res| 0)} {11190#true} #717#return; {11208#(= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 0)} is VALID [2022-02-21 00:02:12,731 INFO L290 TraceCheckUtils]: 0: Hoare triple {11190#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {11190#true} is VALID [2022-02-21 00:02:12,731 INFO L290 TraceCheckUtils]: 1: Hoare triple {11190#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 2: Hoare triple {11190#true} assume { :end_inline__BLAST_init } true; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 3: Hoare triple {11190#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 4: Hoare triple {11190#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 5: Hoare triple {11190#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 6: Hoare triple {11190#true} assume { :end_inline_stub_driver_init } true; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 7: Hoare triple {11190#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 8: Hoare triple {11190#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 9: Hoare triple {11190#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 10: Hoare triple {11190#true} assume 3 == main_~tmp_ndt_3~0#1; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 11: Hoare triple {11190#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 12: Hoare triple {11190#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 13: Hoare triple {11190#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {11190#true} is VALID [2022-02-21 00:02:12,732 INFO L290 TraceCheckUtils]: 14: Hoare triple {11190#true} assume !(~s~0 != ~NP~0); {11190#true} is VALID [2022-02-21 00:02:12,733 INFO L290 TraceCheckUtils]: 15: Hoare triple {11190#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {11190#true} is VALID [2022-02-21 00:02:12,733 INFO L290 TraceCheckUtils]: 16: Hoare triple {11190#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {11190#true} is VALID [2022-02-21 00:02:12,733 INFO L272 TraceCheckUtils]: 17: Hoare triple {11190#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {11210#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:12,733 INFO L290 TraceCheckUtils]: 18: Hoare triple {11210#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {11190#true} is VALID [2022-02-21 00:02:12,733 INFO L290 TraceCheckUtils]: 19: Hoare triple {11190#true} assume 0 != ~compRegistered~0; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L272 TraceCheckUtils]: 20: Hoare triple {11190#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {11217#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 21: Hoare triple {11217#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 22: Hoare triple {11190#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 23: Hoare triple {11190#true} assume true; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {11190#true} {11190#true} #753#return; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 25: Hoare triple {11190#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 26: Hoare triple {11190#true} assume !(-1073741802 == ~__cil_tmp7~0); {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 27: Hoare triple {11190#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 28: Hoare triple {11190#true} assume 0 == ~tmp_ndt_6~0; {11190#true} is VALID [2022-02-21 00:02:12,734 INFO L290 TraceCheckUtils]: 29: Hoare triple {11190#true} ~returnVal2~0 := 0; {11215#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,735 INFO L290 TraceCheckUtils]: 30: Hoare triple {11215#(= IofCallDriver_~returnVal2~0 0)} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {11215#(= IofCallDriver_~returnVal2~0 0)} is VALID [2022-02-21 00:02:12,735 INFO L290 TraceCheckUtils]: 31: Hoare triple {11215#(= IofCallDriver_~returnVal2~0 0)} #res := ~returnVal2~0; {11216#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,735 INFO L290 TraceCheckUtils]: 32: Hoare triple {11216#(= |IofCallDriver_#res| 0)} assume true; {11216#(= |IofCallDriver_#res| 0)} is VALID [2022-02-21 00:02:12,736 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {11216#(= |IofCallDriver_#res| 0)} {11190#true} #717#return; {11208#(= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 0)} is VALID [2022-02-21 00:02:12,736 INFO L290 TraceCheckUtils]: 34: Hoare triple {11208#(= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 0)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {11209#(= |ULTIMATE.start_KbFilter_PnP_~status~0#1| 0)} is VALID [2022-02-21 00:02:12,736 INFO L290 TraceCheckUtils]: 35: Hoare triple {11209#(= |ULTIMATE.start_KbFilter_PnP_~status~0#1| 0)} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {11209#(= |ULTIMATE.start_KbFilter_PnP_~status~0#1| 0)} is VALID [2022-02-21 00:02:12,737 INFO L290 TraceCheckUtils]: 36: Hoare triple {11209#(= |ULTIMATE.start_KbFilter_PnP_~status~0#1| 0)} assume !(KbFilter_PnP_~status~0#1 >= 0); {11191#false} is VALID [2022-02-21 00:02:12,737 INFO L290 TraceCheckUtils]: 37: Hoare triple {11191#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0; {11191#false} is VALID [2022-02-21 00:02:12,737 INFO L272 TraceCheckUtils]: 38: Hoare triple {11191#false} call IofCompleteRequest(KbFilter_PnP_~Irp#1, 0); {11191#false} is VALID [2022-02-21 00:02:12,737 INFO L290 TraceCheckUtils]: 39: Hoare triple {11191#false} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {11191#false} is VALID [2022-02-21 00:02:12,737 INFO L290 TraceCheckUtils]: 40: Hoare triple {11191#false} assume !(~s~0 == ~NP~0); {11191#false} is VALID [2022-02-21 00:02:12,737 INFO L272 TraceCheckUtils]: 41: Hoare triple {11191#false} call errorFn(); {11191#false} is VALID [2022-02-21 00:02:12,737 INFO L290 TraceCheckUtils]: 42: Hoare triple {11191#false} assume !false; {11191#false} is VALID [2022-02-21 00:02:12,737 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:12,737 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:12,737 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1616961982] [2022-02-21 00:02:12,737 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1616961982] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:12,737 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:12,737 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-21 00:02:12,737 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [611488408] [2022-02-21 00:02:12,737 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:12,738 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.625) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 43 [2022-02-21 00:02:12,738 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:12,738 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 4.625) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,760 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 43 edges. 43 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:12,761 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-21 00:02:12,761 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:12,761 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-21 00:02:12,761 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2022-02-21 00:02:12,761 INFO L87 Difference]: Start difference. First operand 85 states and 99 transitions. Second operand has 8 states, 8 states have (on average 4.625) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,990 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:12,990 INFO L93 Difference]: Finished difference Result 89 states and 104 transitions. [2022-02-21 00:02:12,990 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-21 00:02:12,991 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.625) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 43 [2022-02-21 00:02:12,991 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:12,991 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.625) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,991 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 87 transitions. [2022-02-21 00:02:12,992 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 4.625) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:12,992 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 87 transitions. [2022-02-21 00:02:12,992 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 87 transitions. [2022-02-21 00:02:13,045 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 87 edges. 87 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:13,046 INFO L225 Difference]: With dead ends: 89 [2022-02-21 00:02:13,046 INFO L226 Difference]: Without dead ends: 89 [2022-02-21 00:02:13,047 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=68, Unknown=0, NotChecked=0, Total=90 [2022-02-21 00:02:13,047 INFO L933 BasicCegarLoop]: 68 mSDtfsCounter, 22 mSDsluCounter, 282 mSDsCounter, 0 mSdLazyCounter, 81 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 350 SdHoareTripleChecker+Invalid, 95 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 81 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:13,047 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [24 Valid, 350 Invalid, 95 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 81 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:13,047 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 89 states. [2022-02-21 00:02:13,056 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 89 to 86. [2022-02-21 00:02:13,056 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:13,056 INFO L82 GeneralOperation]: Start isEquivalent. First operand 89 states. Second operand has 86 states, 74 states have (on average 1.2027027027027026) internal successors, (89), 75 states have internal predecessors, (89), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,056 INFO L74 IsIncluded]: Start isIncluded. First operand 89 states. Second operand has 86 states, 74 states have (on average 1.2027027027027026) internal successors, (89), 75 states have internal predecessors, (89), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,056 INFO L87 Difference]: Start difference. First operand 89 states. Second operand has 86 states, 74 states have (on average 1.2027027027027026) internal successors, (89), 75 states have internal predecessors, (89), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,057 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,057 INFO L93 Difference]: Finished difference Result 89 states and 104 transitions. [2022-02-21 00:02:13,057 INFO L276 IsEmpty]: Start isEmpty. Operand 89 states and 104 transitions. [2022-02-21 00:02:13,058 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:13,058 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:13,058 INFO L74 IsIncluded]: Start isIncluded. First operand has 86 states, 74 states have (on average 1.2027027027027026) internal successors, (89), 75 states have internal predecessors, (89), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) Second operand 89 states. [2022-02-21 00:02:13,058 INFO L87 Difference]: Start difference. First operand has 86 states, 74 states have (on average 1.2027027027027026) internal successors, (89), 75 states have internal predecessors, (89), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) Second operand 89 states. [2022-02-21 00:02:13,059 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,059 INFO L93 Difference]: Finished difference Result 89 states and 104 transitions. [2022-02-21 00:02:13,059 INFO L276 IsEmpty]: Start isEmpty. Operand 89 states and 104 transitions. [2022-02-21 00:02:13,059 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:13,059 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:13,059 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:13,059 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:13,059 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 86 states, 74 states have (on average 1.2027027027027026) internal successors, (89), 75 states have internal predecessors, (89), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,060 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 86 states to 86 states and 100 transitions. [2022-02-21 00:02:13,060 INFO L78 Accepts]: Start accepts. Automaton has 86 states and 100 transitions. Word has length 43 [2022-02-21 00:02:13,060 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:13,060 INFO L470 AbstractCegarLoop]: Abstraction has 86 states and 100 transitions. [2022-02-21 00:02:13,060 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 4.625) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:13,060 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 100 transitions. [2022-02-21 00:02:13,060 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-21 00:02:13,061 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:13,061 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:13,061 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2022-02-21 00:02:13,061 INFO L402 AbstractCegarLoop]: === Iteration 14 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:13,061 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:13,061 INFO L85 PathProgramCache]: Analyzing trace with hash 1924386198, now seen corresponding path program 1 times [2022-02-21 00:02:13,061 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:13,061 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [677263555] [2022-02-21 00:02:13,061 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:13,061 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:13,086 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,110 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:13,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,123 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:13,125 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,130 INFO L290 TraceCheckUtils]: 0: Hoare triple {11602#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11577#true} is VALID [2022-02-21 00:02:13,131 INFO L290 TraceCheckUtils]: 1: Hoare triple {11577#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11577#true} is VALID [2022-02-21 00:02:13,131 INFO L290 TraceCheckUtils]: 2: Hoare triple {11577#true} assume true; {11577#true} is VALID [2022-02-21 00:02:13,131 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11577#true} {11577#true} #753#return; {11577#true} is VALID [2022-02-21 00:02:13,131 INFO L290 TraceCheckUtils]: 0: Hoare triple {11597#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {11577#true} is VALID [2022-02-21 00:02:13,131 INFO L290 TraceCheckUtils]: 1: Hoare triple {11577#true} assume 0 != ~compRegistered~0; {11577#true} is VALID [2022-02-21 00:02:13,132 INFO L272 TraceCheckUtils]: 2: Hoare triple {11577#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {11602#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:13,132 INFO L290 TraceCheckUtils]: 3: Hoare triple {11602#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11577#true} is VALID [2022-02-21 00:02:13,132 INFO L290 TraceCheckUtils]: 4: Hoare triple {11577#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11577#true} is VALID [2022-02-21 00:02:13,132 INFO L290 TraceCheckUtils]: 5: Hoare triple {11577#true} assume true; {11577#true} is VALID [2022-02-21 00:02:13,132 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11577#true} {11577#true} #753#return; {11577#true} is VALID [2022-02-21 00:02:13,132 INFO L290 TraceCheckUtils]: 7: Hoare triple {11577#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 8: Hoare triple {11577#true} assume !(-1073741802 == ~__cil_tmp7~0); {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 9: Hoare triple {11577#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 10: Hoare triple {11577#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 11: Hoare triple {11577#true} assume 1 == ~tmp_ndt_7~0; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 12: Hoare triple {11577#true} ~returnVal2~0 := -1073741823; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 13: Hoare triple {11577#true} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 14: Hoare triple {11577#true} #res := ~returnVal2~0; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L290 TraceCheckUtils]: 15: Hoare triple {11577#true} assume true; {11577#true} is VALID [2022-02-21 00:02:13,133 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {11577#true} {11577#true} #717#return; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {11577#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 1: Hoare triple {11577#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 2: Hoare triple {11577#true} assume { :end_inline__BLAST_init } true; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 3: Hoare triple {11577#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 4: Hoare triple {11577#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 5: Hoare triple {11577#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 6: Hoare triple {11577#true} assume { :end_inline_stub_driver_init } true; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 7: Hoare triple {11577#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {11577#true} is VALID [2022-02-21 00:02:13,134 INFO L290 TraceCheckUtils]: 8: Hoare triple {11577#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 9: Hoare triple {11577#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 10: Hoare triple {11577#true} assume 3 == main_~tmp_ndt_3~0#1; {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 11: Hoare triple {11577#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 12: Hoare triple {11577#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 13: Hoare triple {11577#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 14: Hoare triple {11577#true} assume !(~s~0 != ~NP~0); {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 15: Hoare triple {11577#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {11577#true} is VALID [2022-02-21 00:02:13,135 INFO L290 TraceCheckUtils]: 16: Hoare triple {11577#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {11577#true} is VALID [2022-02-21 00:02:13,136 INFO L272 TraceCheckUtils]: 17: Hoare triple {11577#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {11597#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:13,136 INFO L290 TraceCheckUtils]: 18: Hoare triple {11597#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {11577#true} is VALID [2022-02-21 00:02:13,136 INFO L290 TraceCheckUtils]: 19: Hoare triple {11577#true} assume 0 != ~compRegistered~0; {11577#true} is VALID [2022-02-21 00:02:13,137 INFO L272 TraceCheckUtils]: 20: Hoare triple {11577#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {11602#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:13,137 INFO L290 TraceCheckUtils]: 21: Hoare triple {11602#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11577#true} is VALID [2022-02-21 00:02:13,137 INFO L290 TraceCheckUtils]: 22: Hoare triple {11577#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11577#true} is VALID [2022-02-21 00:02:13,137 INFO L290 TraceCheckUtils]: 23: Hoare triple {11577#true} assume true; {11577#true} is VALID [2022-02-21 00:02:13,137 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {11577#true} {11577#true} #753#return; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 25: Hoare triple {11577#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 26: Hoare triple {11577#true} assume !(-1073741802 == ~__cil_tmp7~0); {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 27: Hoare triple {11577#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 28: Hoare triple {11577#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 29: Hoare triple {11577#true} assume 1 == ~tmp_ndt_7~0; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 30: Hoare triple {11577#true} ~returnVal2~0 := -1073741823; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 31: Hoare triple {11577#true} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 32: Hoare triple {11577#true} #res := ~returnVal2~0; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L290 TraceCheckUtils]: 33: Hoare triple {11577#true} assume true; {11577#true} is VALID [2022-02-21 00:02:13,138 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {11577#true} {11577#true} #717#return; {11577#true} is VALID [2022-02-21 00:02:13,139 INFO L290 TraceCheckUtils]: 35: Hoare triple {11577#true} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {11577#true} is VALID [2022-02-21 00:02:13,139 INFO L290 TraceCheckUtils]: 36: Hoare triple {11577#true} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet41#1, KeWaitForSingleObject_~tmp_ndt_8~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {11577#true} is VALID [2022-02-21 00:02:13,139 INFO L290 TraceCheckUtils]: 37: Hoare triple {11577#true} assume !(~s~0 == ~MPR3~0); {11596#(not (= (+ ~MPR3~0 (* (- 1) ~s~0)) 0))} is VALID [2022-02-21 00:02:13,139 INFO L290 TraceCheckUtils]: 38: Hoare triple {11596#(not (= (+ ~MPR3~0 (* (- 1) ~s~0)) 0))} assume !(1 == ~customIrp~0); {11596#(not (= (+ ~MPR3~0 (* (- 1) ~s~0)) 0))} is VALID [2022-02-21 00:02:13,140 INFO L290 TraceCheckUtils]: 39: Hoare triple {11596#(not (= (+ ~MPR3~0 (* (- 1) ~s~0)) 0))} assume ~s~0 == ~MPR3~0; {11578#false} is VALID [2022-02-21 00:02:13,140 INFO L272 TraceCheckUtils]: 40: Hoare triple {11578#false} call errorFn(); {11578#false} is VALID [2022-02-21 00:02:13,140 INFO L290 TraceCheckUtils]: 41: Hoare triple {11578#false} assume !false; {11578#false} is VALID [2022-02-21 00:02:13,140 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:13,140 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:13,141 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [677263555] [2022-02-21 00:02:13,141 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [677263555] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:13,141 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:13,141 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-21 00:02:13,141 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1337414619] [2022-02-21 00:02:13,141 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:13,142 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 42 [2022-02-21 00:02:13,142 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:13,142 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 7.4) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:13,176 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:13,176 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-21 00:02:13,177 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:13,177 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-21 00:02:13,177 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-02-21 00:02:13,177 INFO L87 Difference]: Start difference. First operand 86 states and 100 transitions. Second operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:13,307 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,307 INFO L93 Difference]: Finished difference Result 99 states and 113 transitions. [2022-02-21 00:02:13,308 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-21 00:02:13,308 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 42 [2022-02-21 00:02:13,308 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:13,308 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:13,309 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 88 transitions. [2022-02-21 00:02:13,309 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:13,311 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 88 transitions. [2022-02-21 00:02:13,311 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 88 transitions. [2022-02-21 00:02:13,381 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 88 edges. 88 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:13,382 INFO L225 Difference]: With dead ends: 99 [2022-02-21 00:02:13,382 INFO L226 Difference]: Without dead ends: 97 [2022-02-21 00:02:13,382 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=17, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:13,383 INFO L933 BasicCegarLoop]: 81 mSDtfsCounter, 28 mSDsluCounter, 102 mSDsCounter, 0 mSdLazyCounter, 36 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 183 SdHoareTripleChecker+Invalid, 50 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 36 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:13,384 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [28 Valid, 183 Invalid, 50 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 36 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:13,385 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 97 states. [2022-02-21 00:02:13,387 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 97 to 88. [2022-02-21 00:02:13,388 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:13,388 INFO L82 GeneralOperation]: Start isEquivalent. First operand 97 states. Second operand has 88 states, 76 states have (on average 1.1842105263157894) internal successors, (90), 77 states have internal predecessors, (90), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,388 INFO L74 IsIncluded]: Start isIncluded. First operand 97 states. Second operand has 88 states, 76 states have (on average 1.1842105263157894) internal successors, (90), 77 states have internal predecessors, (90), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,388 INFO L87 Difference]: Start difference. First operand 97 states. Second operand has 88 states, 76 states have (on average 1.1842105263157894) internal successors, (90), 77 states have internal predecessors, (90), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,390 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,390 INFO L93 Difference]: Finished difference Result 97 states and 111 transitions. [2022-02-21 00:02:13,390 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 111 transitions. [2022-02-21 00:02:13,391 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:13,391 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:13,391 INFO L74 IsIncluded]: Start isIncluded. First operand has 88 states, 76 states have (on average 1.1842105263157894) internal successors, (90), 77 states have internal predecessors, (90), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) Second operand 97 states. [2022-02-21 00:02:13,391 INFO L87 Difference]: Start difference. First operand has 88 states, 76 states have (on average 1.1842105263157894) internal successors, (90), 77 states have internal predecessors, (90), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) Second operand 97 states. [2022-02-21 00:02:13,393 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,393 INFO L93 Difference]: Finished difference Result 97 states and 111 transitions. [2022-02-21 00:02:13,393 INFO L276 IsEmpty]: Start isEmpty. Operand 97 states and 111 transitions. [2022-02-21 00:02:13,394 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:13,394 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:13,394 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:13,394 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:13,394 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 88 states, 76 states have (on average 1.1842105263157894) internal successors, (90), 77 states have internal predecessors, (90), 6 states have call successors, (6), 5 states have call predecessors, (6), 5 states have return successors, (5), 5 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-21 00:02:13,395 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 88 states to 88 states and 101 transitions. [2022-02-21 00:02:13,395 INFO L78 Accepts]: Start accepts. Automaton has 88 states and 101 transitions. Word has length 42 [2022-02-21 00:02:13,396 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:13,396 INFO L470 AbstractCegarLoop]: Abstraction has 88 states and 101 transitions. [2022-02-21 00:02:13,396 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 3 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:13,396 INFO L276 IsEmpty]: Start isEmpty. Operand 88 states and 101 transitions. [2022-02-21 00:02:13,396 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2022-02-21 00:02:13,397 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:13,397 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:13,397 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable13 [2022-02-21 00:02:13,397 INFO L402 AbstractCegarLoop]: === Iteration 15 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:13,397 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:13,398 INFO L85 PathProgramCache]: Analyzing trace with hash 1375541140, now seen corresponding path program 1 times [2022-02-21 00:02:13,398 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:13,398 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [673651296] [2022-02-21 00:02:13,398 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:13,398 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:13,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,436 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:13,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,446 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:13,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,450 INFO L290 TraceCheckUtils]: 0: Hoare triple {12012#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11988#true} is VALID [2022-02-21 00:02:13,450 INFO L290 TraceCheckUtils]: 1: Hoare triple {11988#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11988#true} is VALID [2022-02-21 00:02:13,450 INFO L290 TraceCheckUtils]: 2: Hoare triple {11988#true} assume true; {11988#true} is VALID [2022-02-21 00:02:13,450 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {11988#true} {11988#true} #753#return; {11988#true} is VALID [2022-02-21 00:02:13,451 INFO L290 TraceCheckUtils]: 0: Hoare triple {12007#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {11988#true} is VALID [2022-02-21 00:02:13,451 INFO L290 TraceCheckUtils]: 1: Hoare triple {11988#true} assume 0 != ~compRegistered~0; {11988#true} is VALID [2022-02-21 00:02:13,451 INFO L272 TraceCheckUtils]: 2: Hoare triple {11988#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {12012#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:13,451 INFO L290 TraceCheckUtils]: 3: Hoare triple {12012#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11988#true} is VALID [2022-02-21 00:02:13,451 INFO L290 TraceCheckUtils]: 4: Hoare triple {11988#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 5: Hoare triple {11988#true} assume true; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11988#true} {11988#true} #753#return; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 7: Hoare triple {11988#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 8: Hoare triple {11988#true} assume !(-1073741802 == ~__cil_tmp7~0); {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 9: Hoare triple {11988#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 10: Hoare triple {11988#true} assume 0 == ~tmp_ndt_6~0; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 11: Hoare triple {11988#true} ~returnVal2~0 := 0; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 12: Hoare triple {11988#true} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 13: Hoare triple {11988#true} #res := ~returnVal2~0; {11988#true} is VALID [2022-02-21 00:02:13,452 INFO L290 TraceCheckUtils]: 14: Hoare triple {11988#true} assume true; {11988#true} is VALID [2022-02-21 00:02:13,453 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {11988#true} {11990#(<= (+ ~myStatus~0 1073741637) 0)} #717#return; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,453 INFO L290 TraceCheckUtils]: 0: Hoare triple {11988#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {11988#true} is VALID [2022-02-21 00:02:13,453 INFO L290 TraceCheckUtils]: 1: Hoare triple {11988#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11988#true} is VALID [2022-02-21 00:02:13,453 INFO L290 TraceCheckUtils]: 2: Hoare triple {11988#true} assume { :end_inline__BLAST_init } true; {11988#true} is VALID [2022-02-21 00:02:13,453 INFO L290 TraceCheckUtils]: 3: Hoare triple {11988#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {11988#true} is VALID [2022-02-21 00:02:13,454 INFO L290 TraceCheckUtils]: 4: Hoare triple {11988#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,454 INFO L290 TraceCheckUtils]: 5: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,454 INFO L290 TraceCheckUtils]: 6: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume { :end_inline_stub_driver_init } true; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,455 INFO L290 TraceCheckUtils]: 7: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,455 INFO L290 TraceCheckUtils]: 8: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,455 INFO L290 TraceCheckUtils]: 9: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,456 INFO L290 TraceCheckUtils]: 10: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume 3 == main_~tmp_ndt_3~0#1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,456 INFO L290 TraceCheckUtils]: 11: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,457 INFO L290 TraceCheckUtils]: 12: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,457 INFO L290 TraceCheckUtils]: 13: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,457 INFO L290 TraceCheckUtils]: 14: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume !(~s~0 != ~NP~0); {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,457 INFO L290 TraceCheckUtils]: 15: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,458 INFO L290 TraceCheckUtils]: 16: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,458 INFO L272 TraceCheckUtils]: 17: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {12007#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:13,458 INFO L290 TraceCheckUtils]: 18: Hoare triple {12007#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {11988#true} is VALID [2022-02-21 00:02:13,459 INFO L290 TraceCheckUtils]: 19: Hoare triple {11988#true} assume 0 != ~compRegistered~0; {11988#true} is VALID [2022-02-21 00:02:13,459 INFO L272 TraceCheckUtils]: 20: Hoare triple {11988#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {12012#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:13,459 INFO L290 TraceCheckUtils]: 21: Hoare triple {12012#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {11988#true} is VALID [2022-02-21 00:02:13,459 INFO L290 TraceCheckUtils]: 22: Hoare triple {11988#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {11988#true} is VALID [2022-02-21 00:02:13,459 INFO L290 TraceCheckUtils]: 23: Hoare triple {11988#true} assume true; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {11988#true} {11988#true} #753#return; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 25: Hoare triple {11988#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 26: Hoare triple {11988#true} assume !(-1073741802 == ~__cil_tmp7~0); {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 27: Hoare triple {11988#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 28: Hoare triple {11988#true} assume 0 == ~tmp_ndt_6~0; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 29: Hoare triple {11988#true} ~returnVal2~0 := 0; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 30: Hoare triple {11988#true} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 31: Hoare triple {11988#true} #res := ~returnVal2~0; {11988#true} is VALID [2022-02-21 00:02:13,460 INFO L290 TraceCheckUtils]: 32: Hoare triple {11988#true} assume true; {11988#true} is VALID [2022-02-21 00:02:13,461 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {11988#true} {11990#(<= (+ ~myStatus~0 1073741637) 0)} #717#return; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,461 INFO L290 TraceCheckUtils]: 34: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,461 INFO L290 TraceCheckUtils]: 35: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,462 INFO L290 TraceCheckUtils]: 36: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume KbFilter_PnP_~status~0#1 >= 0; {11990#(<= (+ ~myStatus~0 1073741637) 0)} is VALID [2022-02-21 00:02:13,463 INFO L290 TraceCheckUtils]: 37: Hoare triple {11990#(<= (+ ~myStatus~0 1073741637) 0)} assume ~myStatus~0 >= 0;KbFilter_PnP_~devExt__Started~0#1 := 1;KbFilter_PnP_~devExt__Removed~0#1 := 0;KbFilter_PnP_~devExt__SurpriseRemoved~0#1 := 0; {11989#false} is VALID [2022-02-21 00:02:13,463 INFO L290 TraceCheckUtils]: 38: Hoare triple {11989#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0; {11989#false} is VALID [2022-02-21 00:02:13,463 INFO L272 TraceCheckUtils]: 39: Hoare triple {11989#false} call IofCompleteRequest(KbFilter_PnP_~Irp#1, 0); {11989#false} is VALID [2022-02-21 00:02:13,463 INFO L290 TraceCheckUtils]: 40: Hoare triple {11989#false} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {11989#false} is VALID [2022-02-21 00:02:13,463 INFO L290 TraceCheckUtils]: 41: Hoare triple {11989#false} assume !(~s~0 == ~NP~0); {11989#false} is VALID [2022-02-21 00:02:13,463 INFO L272 TraceCheckUtils]: 42: Hoare triple {11989#false} call errorFn(); {11989#false} is VALID [2022-02-21 00:02:13,463 INFO L290 TraceCheckUtils]: 43: Hoare triple {11989#false} assume !false; {11989#false} is VALID [2022-02-21 00:02:13,464 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:13,464 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:13,464 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [673651296] [2022-02-21 00:02:13,464 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [673651296] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:13,464 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:13,464 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-21 00:02:13,464 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1957029371] [2022-02-21 00:02:13,464 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:13,465 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.6) internal successors, (38), 3 states have internal predecessors, (38), 3 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 44 [2022-02-21 00:02:13,465 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:13,465 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 7.6) internal successors, (38), 3 states have internal predecessors, (38), 3 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-21 00:02:13,489 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 44 edges. 44 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:13,489 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-21 00:02:13,489 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:13,489 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-21 00:02:13,489 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=8, Invalid=12, Unknown=0, NotChecked=0, Total=20 [2022-02-21 00:02:13,489 INFO L87 Difference]: Start difference. First operand 88 states and 101 transitions. Second operand has 5 states, 5 states have (on average 7.6) internal successors, (38), 3 states have internal predecessors, (38), 3 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-21 00:02:13,705 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,705 INFO L93 Difference]: Finished difference Result 167 states and 191 transitions. [2022-02-21 00:02:13,705 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-21 00:02:13,705 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.6) internal successors, (38), 3 states have internal predecessors, (38), 3 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 44 [2022-02-21 00:02:13,705 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:13,706 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.6) internal successors, (38), 3 states have internal predecessors, (38), 3 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-21 00:02:13,707 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 140 transitions. [2022-02-21 00:02:13,707 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.6) internal successors, (38), 3 states have internal predecessors, (38), 3 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-21 00:02:13,707 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 140 transitions. [2022-02-21 00:02:13,708 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 140 transitions. [2022-02-21 00:02:13,789 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 140 edges. 140 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:13,791 INFO L225 Difference]: With dead ends: 167 [2022-02-21 00:02:13,791 INFO L226 Difference]: Without dead ends: 167 [2022-02-21 00:02:13,791 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=18, Invalid=24, Unknown=0, NotChecked=0, Total=42 [2022-02-21 00:02:13,792 INFO L933 BasicCegarLoop]: 74 mSDtfsCounter, 54 mSDsluCounter, 156 mSDsCounter, 0 mSdLazyCounter, 54 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 55 SdHoareTripleChecker+Valid, 230 SdHoareTripleChecker+Invalid, 68 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 54 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:13,792 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [55 Valid, 230 Invalid, 68 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 54 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:13,792 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 167 states. [2022-02-21 00:02:13,794 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 167 to 157. [2022-02-21 00:02:13,794 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:13,794 INFO L82 GeneralOperation]: Start isEquivalent. First operand 167 states. Second operand has 157 states, 137 states have (on average 1.1897810218978102) internal successors, (163), 139 states have internal predecessors, (163), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:13,794 INFO L74 IsIncluded]: Start isIncluded. First operand 167 states. Second operand has 157 states, 137 states have (on average 1.1897810218978102) internal successors, (163), 139 states have internal predecessors, (163), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:13,794 INFO L87 Difference]: Start difference. First operand 167 states. Second operand has 157 states, 137 states have (on average 1.1897810218978102) internal successors, (163), 139 states have internal predecessors, (163), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:13,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,796 INFO L93 Difference]: Finished difference Result 167 states and 191 transitions. [2022-02-21 00:02:13,796 INFO L276 IsEmpty]: Start isEmpty. Operand 167 states and 191 transitions. [2022-02-21 00:02:13,796 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:13,796 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:13,797 INFO L74 IsIncluded]: Start isIncluded. First operand has 157 states, 137 states have (on average 1.1897810218978102) internal successors, (163), 139 states have internal predecessors, (163), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) Second operand 167 states. [2022-02-21 00:02:13,797 INFO L87 Difference]: Start difference. First operand has 157 states, 137 states have (on average 1.1897810218978102) internal successors, (163), 139 states have internal predecessors, (163), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) Second operand 167 states. [2022-02-21 00:02:13,805 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:13,805 INFO L93 Difference]: Finished difference Result 167 states and 191 transitions. [2022-02-21 00:02:13,805 INFO L276 IsEmpty]: Start isEmpty. Operand 167 states and 191 transitions. [2022-02-21 00:02:13,806 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:13,806 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:13,806 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:13,806 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:13,806 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 157 states, 137 states have (on average 1.1897810218978102) internal successors, (163), 139 states have internal predecessors, (163), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:13,808 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 157 states to 157 states and 182 transitions. [2022-02-21 00:02:13,808 INFO L78 Accepts]: Start accepts. Automaton has 157 states and 182 transitions. Word has length 44 [2022-02-21 00:02:13,808 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:13,808 INFO L470 AbstractCegarLoop]: Abstraction has 157 states and 182 transitions. [2022-02-21 00:02:13,808 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.6) internal successors, (38), 3 states have internal predecessors, (38), 3 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-21 00:02:13,809 INFO L276 IsEmpty]: Start isEmpty. Operand 157 states and 182 transitions. [2022-02-21 00:02:13,809 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2022-02-21 00:02:13,809 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:13,809 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:13,809 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable14 [2022-02-21 00:02:13,809 INFO L402 AbstractCegarLoop]: === Iteration 16 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:13,809 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:13,809 INFO L85 PathProgramCache]: Analyzing trace with hash -1144418794, now seen corresponding path program 1 times [2022-02-21 00:02:13,810 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:13,810 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [444093787] [2022-02-21 00:02:13,810 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:13,810 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:13,851 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,864 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:13,869 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,898 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:13,907 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:13,923 INFO L290 TraceCheckUtils]: 0: Hoare triple {12703#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {12678#true} is VALID [2022-02-21 00:02:13,923 INFO L290 TraceCheckUtils]: 1: Hoare triple {12678#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} is VALID [2022-02-21 00:02:13,924 INFO L290 TraceCheckUtils]: 2: Hoare triple {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} assume true; {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} is VALID [2022-02-21 00:02:13,924 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} {12678#true} #753#return; {12701#(= (+ |IofCallDriver_#t~ret37| 1073741802) 0)} is VALID [2022-02-21 00:02:13,925 INFO L290 TraceCheckUtils]: 0: Hoare triple {12696#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {12678#true} is VALID [2022-02-21 00:02:13,925 INFO L290 TraceCheckUtils]: 1: Hoare triple {12678#true} assume 0 != ~compRegistered~0; {12678#true} is VALID [2022-02-21 00:02:13,925 INFO L272 TraceCheckUtils]: 2: Hoare triple {12678#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {12703#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:13,925 INFO L290 TraceCheckUtils]: 3: Hoare triple {12703#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {12678#true} is VALID [2022-02-21 00:02:13,926 INFO L290 TraceCheckUtils]: 4: Hoare triple {12678#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} is VALID [2022-02-21 00:02:13,926 INFO L290 TraceCheckUtils]: 5: Hoare triple {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} assume true; {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} is VALID [2022-02-21 00:02:13,926 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} {12678#true} #753#return; {12701#(= (+ |IofCallDriver_#t~ret37| 1073741802) 0)} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 7: Hoare triple {12701#(= (+ |IofCallDriver_#t~ret37| 1073741802) 0)} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {12702#(= IofCallDriver_~__cil_tmp7~0 (- 1073741802))} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 8: Hoare triple {12702#(= IofCallDriver_~__cil_tmp7~0 (- 1073741802))} assume !(-1073741802 == ~__cil_tmp7~0); {12679#false} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 9: Hoare triple {12679#false} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {12679#false} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 10: Hoare triple {12679#false} assume 0 == ~tmp_ndt_6~0; {12679#false} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 11: Hoare triple {12679#false} ~returnVal2~0 := 0; {12679#false} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 12: Hoare triple {12679#false} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {12679#false} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 13: Hoare triple {12679#false} #res := ~returnVal2~0; {12679#false} is VALID [2022-02-21 00:02:13,927 INFO L290 TraceCheckUtils]: 14: Hoare triple {12679#false} assume true; {12679#false} is VALID [2022-02-21 00:02:13,927 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {12679#false} {12678#true} #717#return; {12679#false} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 0: Hoare triple {12678#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 1: Hoare triple {12678#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 2: Hoare triple {12678#true} assume { :end_inline__BLAST_init } true; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 3: Hoare triple {12678#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 4: Hoare triple {12678#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 5: Hoare triple {12678#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 6: Hoare triple {12678#true} assume { :end_inline_stub_driver_init } true; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 7: Hoare triple {12678#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 8: Hoare triple {12678#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 9: Hoare triple {12678#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 10: Hoare triple {12678#true} assume 3 == main_~tmp_ndt_3~0#1; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 11: Hoare triple {12678#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 12: Hoare triple {12678#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 13: Hoare triple {12678#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 14: Hoare triple {12678#true} assume !(~s~0 != ~NP~0); {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 15: Hoare triple {12678#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {12678#true} is VALID [2022-02-21 00:02:13,929 INFO L290 TraceCheckUtils]: 16: Hoare triple {12678#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {12678#true} is VALID [2022-02-21 00:02:13,930 INFO L272 TraceCheckUtils]: 17: Hoare triple {12678#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {12696#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:13,930 INFO L290 TraceCheckUtils]: 18: Hoare triple {12696#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {12678#true} is VALID [2022-02-21 00:02:13,930 INFO L290 TraceCheckUtils]: 19: Hoare triple {12678#true} assume 0 != ~compRegistered~0; {12678#true} is VALID [2022-02-21 00:02:13,931 INFO L272 TraceCheckUtils]: 20: Hoare triple {12678#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {12703#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:13,931 INFO L290 TraceCheckUtils]: 21: Hoare triple {12703#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {12678#true} is VALID [2022-02-21 00:02:13,931 INFO L290 TraceCheckUtils]: 22: Hoare triple {12678#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} is VALID [2022-02-21 00:02:13,931 INFO L290 TraceCheckUtils]: 23: Hoare triple {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} assume true; {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} is VALID [2022-02-21 00:02:13,932 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {12704#(and (<= (+ |KbFilter_Complete_#res#1| 1073741802) 0) (<= 0 (+ |KbFilter_Complete_#res#1| 1073741802)))} {12678#true} #753#return; {12701#(= (+ |IofCallDriver_#t~ret37| 1073741802) 0)} is VALID [2022-02-21 00:02:13,932 INFO L290 TraceCheckUtils]: 25: Hoare triple {12701#(= (+ |IofCallDriver_#t~ret37| 1073741802) 0)} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {12702#(= IofCallDriver_~__cil_tmp7~0 (- 1073741802))} is VALID [2022-02-21 00:02:13,932 INFO L290 TraceCheckUtils]: 26: Hoare triple {12702#(= IofCallDriver_~__cil_tmp7~0 (- 1073741802))} assume !(-1073741802 == ~__cil_tmp7~0); {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 27: Hoare triple {12679#false} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 28: Hoare triple {12679#false} assume 0 == ~tmp_ndt_6~0; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 29: Hoare triple {12679#false} ~returnVal2~0 := 0; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 30: Hoare triple {12679#false} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 31: Hoare triple {12679#false} #res := ~returnVal2~0; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 32: Hoare triple {12679#false} assume true; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {12679#false} {12678#true} #717#return; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 34: Hoare triple {12679#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 35: Hoare triple {12679#false} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 36: Hoare triple {12679#false} assume KbFilter_PnP_~status~0#1 >= 0; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 37: Hoare triple {12679#false} assume !(~myStatus~0 >= 0); {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 38: Hoare triple {12679#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L272 TraceCheckUtils]: 39: Hoare triple {12679#false} call IofCompleteRequest(KbFilter_PnP_~Irp#1, 0); {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 40: Hoare triple {12679#false} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 41: Hoare triple {12679#false} assume !(~s~0 == ~NP~0); {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L272 TraceCheckUtils]: 42: Hoare triple {12679#false} call errorFn(); {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L290 TraceCheckUtils]: 43: Hoare triple {12679#false} assume !false; {12679#false} is VALID [2022-02-21 00:02:13,933 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:13,934 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:13,934 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [444093787] [2022-02-21 00:02:13,947 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [444093787] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:13,947 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:13,947 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-21 00:02:13,948 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1464843804] [2022-02-21 00:02:13,948 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:13,948 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 4 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 44 [2022-02-21 00:02:13,948 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:13,948 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 4 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:13,974 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 44 edges. 44 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:13,974 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-21 00:02:13,974 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:13,974 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-21 00:02:13,974 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=12, Invalid=30, Unknown=0, NotChecked=0, Total=42 [2022-02-21 00:02:13,975 INFO L87 Difference]: Start difference. First operand 157 states and 182 transitions. Second operand has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 4 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:14,152 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:14,153 INFO L93 Difference]: Finished difference Result 145 states and 164 transitions. [2022-02-21 00:02:14,153 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-21 00:02:14,153 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 4 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 44 [2022-02-21 00:02:14,153 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:14,153 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 4 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:14,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 75 transitions. [2022-02-21 00:02:14,154 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 4 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:14,154 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 75 transitions. [2022-02-21 00:02:14,154 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 75 transitions. [2022-02-21 00:02:14,201 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 75 edges. 75 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:14,202 INFO L225 Difference]: With dead ends: 145 [2022-02-21 00:02:14,202 INFO L226 Difference]: Without dead ends: 145 [2022-02-21 00:02:14,202 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=12, Invalid=30, Unknown=0, NotChecked=0, Total=42 [2022-02-21 00:02:14,203 INFO L933 BasicCegarLoop]: 70 mSDtfsCounter, 27 mSDsluCounter, 224 mSDsCounter, 0 mSdLazyCounter, 44 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 294 SdHoareTripleChecker+Invalid, 55 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 44 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:14,203 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [28 Valid, 294 Invalid, 55 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 44 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:14,203 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 145 states. [2022-02-21 00:02:14,205 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 145 to 145. [2022-02-21 00:02:14,205 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:14,205 INFO L82 GeneralOperation]: Start isEquivalent. First operand 145 states. Second operand has 145 states, 125 states have (on average 1.16) internal successors, (145), 127 states have internal predecessors, (145), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:14,205 INFO L74 IsIncluded]: Start isIncluded. First operand 145 states. Second operand has 145 states, 125 states have (on average 1.16) internal successors, (145), 127 states have internal predecessors, (145), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:14,205 INFO L87 Difference]: Start difference. First operand 145 states. Second operand has 145 states, 125 states have (on average 1.16) internal successors, (145), 127 states have internal predecessors, (145), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:14,207 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:14,207 INFO L93 Difference]: Finished difference Result 145 states and 164 transitions. [2022-02-21 00:02:14,207 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 164 transitions. [2022-02-21 00:02:14,207 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:14,207 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:14,207 INFO L74 IsIncluded]: Start isIncluded. First operand has 145 states, 125 states have (on average 1.16) internal successors, (145), 127 states have internal predecessors, (145), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) Second operand 145 states. [2022-02-21 00:02:14,208 INFO L87 Difference]: Start difference. First operand has 145 states, 125 states have (on average 1.16) internal successors, (145), 127 states have internal predecessors, (145), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) Second operand 145 states. [2022-02-21 00:02:14,209 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:14,209 INFO L93 Difference]: Finished difference Result 145 states and 164 transitions. [2022-02-21 00:02:14,209 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 164 transitions. [2022-02-21 00:02:14,210 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:14,210 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:14,210 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:14,210 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:14,210 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 145 states, 125 states have (on average 1.16) internal successors, (145), 127 states have internal predecessors, (145), 9 states have call successors, (9), 8 states have call predecessors, (9), 10 states have return successors, (10), 9 states have call predecessors, (10), 6 states have call successors, (10) [2022-02-21 00:02:14,211 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 145 states to 145 states and 164 transitions. [2022-02-21 00:02:14,212 INFO L78 Accepts]: Start accepts. Automaton has 145 states and 164 transitions. Word has length 44 [2022-02-21 00:02:14,212 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:14,212 INFO L470 AbstractCegarLoop]: Abstraction has 145 states and 164 transitions. [2022-02-21 00:02:14,212 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.428571428571429) internal successors, (38), 4 states have internal predecessors, (38), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-21 00:02:14,212 INFO L276 IsEmpty]: Start isEmpty. Operand 145 states and 164 transitions. [2022-02-21 00:02:14,212 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-02-21 00:02:14,213 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:14,213 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:14,213 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable15 [2022-02-21 00:02:14,213 INFO L402 AbstractCegarLoop]: === Iteration 17 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:14,213 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:14,213 INFO L85 PathProgramCache]: Analyzing trace with hash 1135569949, now seen corresponding path program 1 times [2022-02-21 00:02:14,214 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:14,214 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2086995074] [2022-02-21 00:02:14,214 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:14,214 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:14,234 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,256 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:14,261 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:14,292 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,295 INFO L290 TraceCheckUtils]: 0: Hoare triple {13320#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {13287#true} is VALID [2022-02-21 00:02:14,295 INFO L290 TraceCheckUtils]: 1: Hoare triple {13287#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {13287#true} is VALID [2022-02-21 00:02:14,295 INFO L290 TraceCheckUtils]: 2: Hoare triple {13287#true} assume true; {13287#true} is VALID [2022-02-21 00:02:14,295 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13287#true} {13287#true} #753#return; {13287#true} is VALID [2022-02-21 00:02:14,300 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-21 00:02:14,301 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,308 INFO L290 TraceCheckUtils]: 0: Hoare triple {13321#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {13322#(= ~MPR1~0 ~s~0)} is VALID [2022-02-21 00:02:14,308 INFO L290 TraceCheckUtils]: 1: Hoare triple {13322#(= ~MPR1~0 ~s~0)} assume true; {13322#(= ~MPR1~0 ~s~0)} is VALID [2022-02-21 00:02:14,309 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13322#(= ~MPR1~0 ~s~0)} {13287#true} #755#return; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,309 INFO L290 TraceCheckUtils]: 0: Hoare triple {13310#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {13287#true} is VALID [2022-02-21 00:02:14,309 INFO L290 TraceCheckUtils]: 1: Hoare triple {13287#true} assume 0 != ~compRegistered~0; {13287#true} is VALID [2022-02-21 00:02:14,309 INFO L272 TraceCheckUtils]: 2: Hoare triple {13287#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {13320#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:14,310 INFO L290 TraceCheckUtils]: 3: Hoare triple {13320#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {13287#true} is VALID [2022-02-21 00:02:14,310 INFO L290 TraceCheckUtils]: 4: Hoare triple {13287#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {13287#true} is VALID [2022-02-21 00:02:14,310 INFO L290 TraceCheckUtils]: 5: Hoare triple {13287#true} assume true; {13287#true} is VALID [2022-02-21 00:02:14,310 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {13287#true} {13287#true} #753#return; {13287#true} is VALID [2022-02-21 00:02:14,310 INFO L290 TraceCheckUtils]: 7: Hoare triple {13287#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {13287#true} is VALID [2022-02-21 00:02:14,310 INFO L290 TraceCheckUtils]: 8: Hoare triple {13287#true} assume -1073741802 == ~__cil_tmp7~0; {13287#true} is VALID [2022-02-21 00:02:14,310 INFO L272 TraceCheckUtils]: 9: Hoare triple {13287#true} call stubMoreProcessingRequired(); {13321#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:14,311 INFO L290 TraceCheckUtils]: 10: Hoare triple {13321#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {13322#(= ~MPR1~0 ~s~0)} is VALID [2022-02-21 00:02:14,311 INFO L290 TraceCheckUtils]: 11: Hoare triple {13322#(= ~MPR1~0 ~s~0)} assume true; {13322#(= ~MPR1~0 ~s~0)} is VALID [2022-02-21 00:02:14,311 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {13322#(= ~MPR1~0 ~s~0)} {13287#true} #755#return; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,312 INFO L290 TraceCheckUtils]: 13: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,312 INFO L290 TraceCheckUtils]: 14: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume 0 == ~tmp_ndt_6~0; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,312 INFO L290 TraceCheckUtils]: 15: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} ~returnVal2~0 := 0; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,313 INFO L290 TraceCheckUtils]: 16: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-21 00:02:14,313 INFO L290 TraceCheckUtils]: 17: Hoare triple {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} #res := ~returnVal2~0; {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-21 00:02:14,313 INFO L290 TraceCheckUtils]: 18: Hoare triple {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} assume true; {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-21 00:02:14,314 INFO L284 TraceCheckUtils]: 19: Hoare quadruple {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} #717#return; {13288#false} is VALID [2022-02-21 00:02:14,314 INFO L290 TraceCheckUtils]: 0: Hoare triple {13287#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {13287#true} is VALID [2022-02-21 00:02:14,315 INFO L290 TraceCheckUtils]: 1: Hoare triple {13287#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,315 INFO L290 TraceCheckUtils]: 2: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :end_inline__BLAST_init } true; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,316 INFO L290 TraceCheckUtils]: 3: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,316 INFO L290 TraceCheckUtils]: 4: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,316 INFO L290 TraceCheckUtils]: 5: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,317 INFO L290 TraceCheckUtils]: 6: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :end_inline_stub_driver_init } true; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,317 INFO L290 TraceCheckUtils]: 7: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,318 INFO L290 TraceCheckUtils]: 8: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,318 INFO L290 TraceCheckUtils]: 9: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,318 INFO L290 TraceCheckUtils]: 10: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume 3 == main_~tmp_ndt_3~0#1; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,319 INFO L290 TraceCheckUtils]: 11: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,319 INFO L290 TraceCheckUtils]: 12: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,319 INFO L290 TraceCheckUtils]: 13: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,320 INFO L290 TraceCheckUtils]: 14: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(~s~0 != ~NP~0); {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,320 INFO L290 TraceCheckUtils]: 15: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,320 INFO L290 TraceCheckUtils]: 16: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} is VALID [2022-02-21 00:02:14,321 INFO L272 TraceCheckUtils]: 17: Hoare triple {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {13310#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:14,321 INFO L290 TraceCheckUtils]: 18: Hoare triple {13310#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {13287#true} is VALID [2022-02-21 00:02:14,321 INFO L290 TraceCheckUtils]: 19: Hoare triple {13287#true} assume 0 != ~compRegistered~0; {13287#true} is VALID [2022-02-21 00:02:14,322 INFO L272 TraceCheckUtils]: 20: Hoare triple {13287#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {13320#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:14,322 INFO L290 TraceCheckUtils]: 21: Hoare triple {13320#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {13287#true} is VALID [2022-02-21 00:02:14,322 INFO L290 TraceCheckUtils]: 22: Hoare triple {13287#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {13287#true} is VALID [2022-02-21 00:02:14,322 INFO L290 TraceCheckUtils]: 23: Hoare triple {13287#true} assume true; {13287#true} is VALID [2022-02-21 00:02:14,322 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {13287#true} {13287#true} #753#return; {13287#true} is VALID [2022-02-21 00:02:14,323 INFO L290 TraceCheckUtils]: 25: Hoare triple {13287#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {13287#true} is VALID [2022-02-21 00:02:14,323 INFO L290 TraceCheckUtils]: 26: Hoare triple {13287#true} assume -1073741802 == ~__cil_tmp7~0; {13287#true} is VALID [2022-02-21 00:02:14,323 INFO L272 TraceCheckUtils]: 27: Hoare triple {13287#true} call stubMoreProcessingRequired(); {13321#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:14,323 INFO L290 TraceCheckUtils]: 28: Hoare triple {13321#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {13322#(= ~MPR1~0 ~s~0)} is VALID [2022-02-21 00:02:14,324 INFO L290 TraceCheckUtils]: 29: Hoare triple {13322#(= ~MPR1~0 ~s~0)} assume true; {13322#(= ~MPR1~0 ~s~0)} is VALID [2022-02-21 00:02:14,324 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13322#(= ~MPR1~0 ~s~0)} {13287#true} #755#return; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,324 INFO L290 TraceCheckUtils]: 31: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,325 INFO L290 TraceCheckUtils]: 32: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume 0 == ~tmp_ndt_6~0; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,325 INFO L290 TraceCheckUtils]: 33: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} ~returnVal2~0 := 0; {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} is VALID [2022-02-21 00:02:14,325 INFO L290 TraceCheckUtils]: 34: Hoare triple {13318#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~s~0))} assume ~s~0 == ~NP~0;~s~0 := ~IPC~0;~lowerDriverReturn~0 := ~returnVal2~0; {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-21 00:02:14,326 INFO L290 TraceCheckUtils]: 35: Hoare triple {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} #res := ~returnVal2~0; {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-21 00:02:14,326 INFO L290 TraceCheckUtils]: 36: Hoare triple {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} assume true; {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} is VALID [2022-02-21 00:02:14,327 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {13319#(or (= (+ (- 1) ~MPR1~0) 0) (= ~MPR1~0 ~NP~0))} {13289#(and (<= 5 ~MPR1~0) (= ~NP~0 1))} #717#return; {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L290 TraceCheckUtils]: 38: Hoare triple {13288#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L290 TraceCheckUtils]: 39: Hoare triple {13288#false} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L290 TraceCheckUtils]: 40: Hoare triple {13288#false} assume KbFilter_PnP_~status~0#1 >= 0; {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L290 TraceCheckUtils]: 41: Hoare triple {13288#false} assume !(~myStatus~0 >= 0); {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L290 TraceCheckUtils]: 42: Hoare triple {13288#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0; {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L272 TraceCheckUtils]: 43: Hoare triple {13288#false} call IofCompleteRequest(KbFilter_PnP_~Irp#1, 0); {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L290 TraceCheckUtils]: 44: Hoare triple {13288#false} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L290 TraceCheckUtils]: 45: Hoare triple {13288#false} assume !(~s~0 == ~NP~0); {13288#false} is VALID [2022-02-21 00:02:14,327 INFO L272 TraceCheckUtils]: 46: Hoare triple {13288#false} call errorFn(); {13288#false} is VALID [2022-02-21 00:02:14,328 INFO L290 TraceCheckUtils]: 47: Hoare triple {13288#false} assume !false; {13288#false} is VALID [2022-02-21 00:02:14,328 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:14,328 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:14,328 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2086995074] [2022-02-21 00:02:14,328 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2086995074] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:14,328 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:14,328 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-21 00:02:14,329 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [909227913] [2022-02-21 00:02:14,329 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:14,329 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 4.444444444444445) internal successors, (40), 6 states have internal predecessors, (40), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) Word has length 48 [2022-02-21 00:02:14,329 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:14,329 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 9 states have (on average 4.444444444444445) internal successors, (40), 6 states have internal predecessors, (40), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:14,364 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:14,364 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-21 00:02:14,364 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:14,365 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-21 00:02:14,365 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=54, Unknown=0, NotChecked=0, Total=72 [2022-02-21 00:02:14,365 INFO L87 Difference]: Start difference. First operand 145 states and 164 transitions. Second operand has 9 states, 9 states have (on average 4.444444444444445) internal successors, (40), 6 states have internal predecessors, (40), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:14,753 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:14,753 INFO L93 Difference]: Finished difference Result 133 states and 148 transitions. [2022-02-21 00:02:14,753 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-21 00:02:14,754 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 4.444444444444445) internal successors, (40), 6 states have internal predecessors, (40), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) Word has length 48 [2022-02-21 00:02:14,754 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:14,754 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 4.444444444444445) internal successors, (40), 6 states have internal predecessors, (40), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:14,755 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 74 transitions. [2022-02-21 00:02:14,755 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 4.444444444444445) internal successors, (40), 6 states have internal predecessors, (40), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:14,755 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 74 transitions. [2022-02-21 00:02:14,755 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 74 transitions. [2022-02-21 00:02:14,807 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 74 edges. 74 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:14,808 INFO L225 Difference]: With dead ends: 133 [2022-02-21 00:02:14,808 INFO L226 Difference]: Without dead ends: 129 [2022-02-21 00:02:14,808 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 14 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=46, Invalid=136, Unknown=0, NotChecked=0, Total=182 [2022-02-21 00:02:14,809 INFO L933 BasicCegarLoop]: 63 mSDtfsCounter, 76 mSDsluCounter, 206 mSDsCounter, 0 mSdLazyCounter, 117 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 76 SdHoareTripleChecker+Valid, 269 SdHoareTripleChecker+Invalid, 142 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 117 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:14,809 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [76 Valid, 269 Invalid, 142 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 117 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:14,809 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 129 states. [2022-02-21 00:02:14,811 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 129 to 129. [2022-02-21 00:02:14,811 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:14,811 INFO L82 GeneralOperation]: Start isEquivalent. First operand 129 states. Second operand has 129 states, 111 states have (on average 1.1441441441441442) internal successors, (127), 113 states have internal predecessors, (127), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:14,811 INFO L74 IsIncluded]: Start isIncluded. First operand 129 states. Second operand has 129 states, 111 states have (on average 1.1441441441441442) internal successors, (127), 113 states have internal predecessors, (127), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:14,811 INFO L87 Difference]: Start difference. First operand 129 states. Second operand has 129 states, 111 states have (on average 1.1441441441441442) internal successors, (127), 113 states have internal predecessors, (127), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:14,813 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:14,813 INFO L93 Difference]: Finished difference Result 129 states and 144 transitions. [2022-02-21 00:02:14,813 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 144 transitions. [2022-02-21 00:02:14,813 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:14,813 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:14,813 INFO L74 IsIncluded]: Start isIncluded. First operand has 129 states, 111 states have (on average 1.1441441441441442) internal successors, (127), 113 states have internal predecessors, (127), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) Second operand 129 states. [2022-02-21 00:02:14,813 INFO L87 Difference]: Start difference. First operand has 129 states, 111 states have (on average 1.1441441441441442) internal successors, (127), 113 states have internal predecessors, (127), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) Second operand 129 states. [2022-02-21 00:02:14,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:14,815 INFO L93 Difference]: Finished difference Result 129 states and 144 transitions. [2022-02-21 00:02:14,815 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 144 transitions. [2022-02-21 00:02:14,815 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:14,815 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:14,815 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:14,815 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:14,815 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 129 states, 111 states have (on average 1.1441441441441442) internal successors, (127), 113 states have internal predecessors, (127), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:14,817 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 129 states to 129 states and 144 transitions. [2022-02-21 00:02:14,817 INFO L78 Accepts]: Start accepts. Automaton has 129 states and 144 transitions. Word has length 48 [2022-02-21 00:02:14,817 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:14,817 INFO L470 AbstractCegarLoop]: Abstraction has 129 states and 144 transitions. [2022-02-21 00:02:14,817 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 4.444444444444445) internal successors, (40), 6 states have internal predecessors, (40), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:14,817 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 144 transitions. [2022-02-21 00:02:14,817 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2022-02-21 00:02:14,817 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:14,817 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:14,818 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable16 [2022-02-21 00:02:14,818 INFO L402 AbstractCegarLoop]: === Iteration 18 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:14,818 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:14,818 INFO L85 PathProgramCache]: Analyzing trace with hash 1665628399, now seen corresponding path program 1 times [2022-02-21 00:02:14,818 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:14,818 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [795617614] [2022-02-21 00:02:14,818 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:14,819 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:14,836 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,848 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:14,853 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,865 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:14,867 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,870 INFO L290 TraceCheckUtils]: 0: Hoare triple {13890#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {13856#true} is VALID [2022-02-21 00:02:14,870 INFO L290 TraceCheckUtils]: 1: Hoare triple {13856#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {13856#true} is VALID [2022-02-21 00:02:14,870 INFO L290 TraceCheckUtils]: 2: Hoare triple {13856#true} assume true; {13856#true} is VALID [2022-02-21 00:02:14,870 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {13856#true} {13856#true} #753#return; {13856#true} is VALID [2022-02-21 00:02:14,874 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-21 00:02:14,875 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:14,876 INFO L290 TraceCheckUtils]: 0: Hoare triple {13891#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {13856#true} is VALID [2022-02-21 00:02:14,876 INFO L290 TraceCheckUtils]: 1: Hoare triple {13856#true} assume true; {13856#true} is VALID [2022-02-21 00:02:14,876 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13856#true} {13856#true} #755#return; {13856#true} is VALID [2022-02-21 00:02:14,877 INFO L290 TraceCheckUtils]: 0: Hoare triple {13881#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {13856#true} is VALID [2022-02-21 00:02:14,877 INFO L290 TraceCheckUtils]: 1: Hoare triple {13856#true} assume 0 != ~compRegistered~0; {13856#true} is VALID [2022-02-21 00:02:14,877 INFO L272 TraceCheckUtils]: 2: Hoare triple {13856#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {13890#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:14,877 INFO L290 TraceCheckUtils]: 3: Hoare triple {13890#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {13856#true} is VALID [2022-02-21 00:02:14,877 INFO L290 TraceCheckUtils]: 4: Hoare triple {13856#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {13856#true} is VALID [2022-02-21 00:02:14,877 INFO L290 TraceCheckUtils]: 5: Hoare triple {13856#true} assume true; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {13856#true} {13856#true} #753#return; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L290 TraceCheckUtils]: 7: Hoare triple {13856#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L290 TraceCheckUtils]: 8: Hoare triple {13856#true} assume -1073741802 == ~__cil_tmp7~0; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L272 TraceCheckUtils]: 9: Hoare triple {13856#true} call stubMoreProcessingRequired(); {13891#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:14,878 INFO L290 TraceCheckUtils]: 10: Hoare triple {13891#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L290 TraceCheckUtils]: 11: Hoare triple {13856#true} assume true; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {13856#true} {13856#true} #755#return; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L290 TraceCheckUtils]: 13: Hoare triple {13856#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L290 TraceCheckUtils]: 14: Hoare triple {13856#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {13856#true} is VALID [2022-02-21 00:02:14,878 INFO L290 TraceCheckUtils]: 15: Hoare triple {13856#true} assume 1 == ~tmp_ndt_7~0; {13856#true} is VALID [2022-02-21 00:02:14,879 INFO L290 TraceCheckUtils]: 16: Hoare triple {13856#true} ~returnVal2~0 := -1073741823; {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} is VALID [2022-02-21 00:02:14,879 INFO L290 TraceCheckUtils]: 17: Hoare triple {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} assume !(~s~0 == ~NP~0); {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} is VALID [2022-02-21 00:02:14,879 INFO L290 TraceCheckUtils]: 18: Hoare triple {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} assume ~s~0 == ~MPR1~0; {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} is VALID [2022-02-21 00:02:14,880 INFO L290 TraceCheckUtils]: 19: Hoare triple {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {13857#false} is VALID [2022-02-21 00:02:14,880 INFO L290 TraceCheckUtils]: 20: Hoare triple {13857#false} #res := ~returnVal2~0; {13857#false} is VALID [2022-02-21 00:02:14,880 INFO L290 TraceCheckUtils]: 21: Hoare triple {13857#false} assume true; {13857#false} is VALID [2022-02-21 00:02:14,880 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {13857#false} {13856#true} #717#return; {13857#false} is VALID [2022-02-21 00:02:14,880 INFO L290 TraceCheckUtils]: 0: Hoare triple {13856#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {13856#true} is VALID [2022-02-21 00:02:14,880 INFO L290 TraceCheckUtils]: 1: Hoare triple {13856#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {13856#true} is VALID [2022-02-21 00:02:14,880 INFO L290 TraceCheckUtils]: 2: Hoare triple {13856#true} assume { :end_inline__BLAST_init } true; {13856#true} is VALID [2022-02-21 00:02:14,880 INFO L290 TraceCheckUtils]: 3: Hoare triple {13856#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 4: Hoare triple {13856#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 5: Hoare triple {13856#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 6: Hoare triple {13856#true} assume { :end_inline_stub_driver_init } true; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 7: Hoare triple {13856#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 8: Hoare triple {13856#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 9: Hoare triple {13856#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 10: Hoare triple {13856#true} assume 3 == main_~tmp_ndt_3~0#1; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 11: Hoare triple {13856#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 12: Hoare triple {13856#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 13: Hoare triple {13856#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 14: Hoare triple {13856#true} assume !(~s~0 != ~NP~0); {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 15: Hoare triple {13856#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {13856#true} is VALID [2022-02-21 00:02:14,881 INFO L290 TraceCheckUtils]: 16: Hoare triple {13856#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {13856#true} is VALID [2022-02-21 00:02:14,882 INFO L272 TraceCheckUtils]: 17: Hoare triple {13856#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {13881#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:14,882 INFO L290 TraceCheckUtils]: 18: Hoare triple {13881#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {13856#true} is VALID [2022-02-21 00:02:14,882 INFO L290 TraceCheckUtils]: 19: Hoare triple {13856#true} assume 0 != ~compRegistered~0; {13856#true} is VALID [2022-02-21 00:02:14,883 INFO L272 TraceCheckUtils]: 20: Hoare triple {13856#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {13890#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:14,883 INFO L290 TraceCheckUtils]: 21: Hoare triple {13890#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {13856#true} is VALID [2022-02-21 00:02:14,883 INFO L290 TraceCheckUtils]: 22: Hoare triple {13856#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {13856#true} is VALID [2022-02-21 00:02:14,883 INFO L290 TraceCheckUtils]: 23: Hoare triple {13856#true} assume true; {13856#true} is VALID [2022-02-21 00:02:14,883 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {13856#true} {13856#true} #753#return; {13856#true} is VALID [2022-02-21 00:02:14,883 INFO L290 TraceCheckUtils]: 25: Hoare triple {13856#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {13856#true} is VALID [2022-02-21 00:02:14,883 INFO L290 TraceCheckUtils]: 26: Hoare triple {13856#true} assume -1073741802 == ~__cil_tmp7~0; {13856#true} is VALID [2022-02-21 00:02:14,883 INFO L272 TraceCheckUtils]: 27: Hoare triple {13856#true} call stubMoreProcessingRequired(); {13891#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:14,884 INFO L290 TraceCheckUtils]: 28: Hoare triple {13891#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {13856#true} is VALID [2022-02-21 00:02:14,884 INFO L290 TraceCheckUtils]: 29: Hoare triple {13856#true} assume true; {13856#true} is VALID [2022-02-21 00:02:14,884 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {13856#true} {13856#true} #755#return; {13856#true} is VALID [2022-02-21 00:02:14,884 INFO L290 TraceCheckUtils]: 31: Hoare triple {13856#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {13856#true} is VALID [2022-02-21 00:02:14,884 INFO L290 TraceCheckUtils]: 32: Hoare triple {13856#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {13856#true} is VALID [2022-02-21 00:02:14,884 INFO L290 TraceCheckUtils]: 33: Hoare triple {13856#true} assume 1 == ~tmp_ndt_7~0; {13856#true} is VALID [2022-02-21 00:02:14,884 INFO L290 TraceCheckUtils]: 34: Hoare triple {13856#true} ~returnVal2~0 := -1073741823; {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} is VALID [2022-02-21 00:02:14,884 INFO L290 TraceCheckUtils]: 35: Hoare triple {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} assume !(~s~0 == ~NP~0); {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} is VALID [2022-02-21 00:02:14,885 INFO L290 TraceCheckUtils]: 36: Hoare triple {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} assume ~s~0 == ~MPR1~0; {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} is VALID [2022-02-21 00:02:14,885 INFO L290 TraceCheckUtils]: 37: Hoare triple {13889#(<= (+ 1073741823 IofCallDriver_~returnVal2~0) 0)} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {13857#false} is VALID [2022-02-21 00:02:14,885 INFO L290 TraceCheckUtils]: 38: Hoare triple {13857#false} #res := ~returnVal2~0; {13857#false} is VALID [2022-02-21 00:02:14,885 INFO L290 TraceCheckUtils]: 39: Hoare triple {13857#false} assume true; {13857#false} is VALID [2022-02-21 00:02:14,885 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {13857#false} {13856#true} #717#return; {13857#false} is VALID [2022-02-21 00:02:14,885 INFO L290 TraceCheckUtils]: 41: Hoare triple {13857#false} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {13857#false} is VALID [2022-02-21 00:02:14,885 INFO L290 TraceCheckUtils]: 42: Hoare triple {13857#false} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet41#1, KeWaitForSingleObject_~tmp_ndt_8~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {13857#false} is VALID [2022-02-21 00:02:14,886 INFO L290 TraceCheckUtils]: 43: Hoare triple {13857#false} assume ~s~0 == ~MPR3~0; {13857#false} is VALID [2022-02-21 00:02:14,886 INFO L290 TraceCheckUtils]: 44: Hoare triple {13857#false} assume !(1 == ~setEventCalled~0); {13857#false} is VALID [2022-02-21 00:02:14,886 INFO L290 TraceCheckUtils]: 45: Hoare triple {13857#false} assume !(1 == ~customIrp~0); {13857#false} is VALID [2022-02-21 00:02:14,886 INFO L290 TraceCheckUtils]: 46: Hoare triple {13857#false} assume ~s~0 == ~MPR3~0; {13857#false} is VALID [2022-02-21 00:02:14,886 INFO L272 TraceCheckUtils]: 47: Hoare triple {13857#false} call errorFn(); {13857#false} is VALID [2022-02-21 00:02:14,886 INFO L290 TraceCheckUtils]: 48: Hoare triple {13857#false} assume !false; {13857#false} is VALID [2022-02-21 00:02:14,886 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:14,886 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:14,886 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [795617614] [2022-02-21 00:02:14,886 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [795617614] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:14,886 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:14,886 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-21 00:02:14,887 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1726856583] [2022-02-21 00:02:14,887 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:14,887 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 49 [2022-02-21 00:02:14,887 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:14,887 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:14,912 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:14,912 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-21 00:02:14,912 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:14,913 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-21 00:02:14,913 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:14,913 INFO L87 Difference]: Start difference. First operand 129 states and 144 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:15,059 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,059 INFO L93 Difference]: Finished difference Result 141 states and 156 transitions. [2022-02-21 00:02:15,059 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-21 00:02:15,059 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 49 [2022-02-21 00:02:15,059 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:15,060 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:15,060 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 78 transitions. [2022-02-21 00:02:15,060 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:15,061 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 78 transitions. [2022-02-21 00:02:15,061 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 78 transitions. [2022-02-21 00:02:15,106 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 78 edges. 78 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:15,108 INFO L225 Difference]: With dead ends: 141 [2022-02-21 00:02:15,108 INFO L226 Difference]: Without dead ends: 141 [2022-02-21 00:02:15,108 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:15,108 INFO L933 BasicCegarLoop]: 66 mSDtfsCounter, 24 mSDsluCounter, 137 mSDsCounter, 0 mSdLazyCounter, 50 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 203 SdHoareTripleChecker+Invalid, 67 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 50 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:15,109 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [24 Valid, 203 Invalid, 67 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 50 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:15,109 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 141 states. [2022-02-21 00:02:15,110 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 141 to 135. [2022-02-21 00:02:15,110 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:15,111 INFO L82 GeneralOperation]: Start isEquivalent. First operand 141 states. Second operand has 135 states, 117 states have (on average 1.1367521367521367) internal successors, (133), 119 states have internal predecessors, (133), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:15,111 INFO L74 IsIncluded]: Start isIncluded. First operand 141 states. Second operand has 135 states, 117 states have (on average 1.1367521367521367) internal successors, (133), 119 states have internal predecessors, (133), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:15,111 INFO L87 Difference]: Start difference. First operand 141 states. Second operand has 135 states, 117 states have (on average 1.1367521367521367) internal successors, (133), 119 states have internal predecessors, (133), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:15,112 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,112 INFO L93 Difference]: Finished difference Result 141 states and 156 transitions. [2022-02-21 00:02:15,112 INFO L276 IsEmpty]: Start isEmpty. Operand 141 states and 156 transitions. [2022-02-21 00:02:15,113 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:15,113 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:15,113 INFO L74 IsIncluded]: Start isIncluded. First operand has 135 states, 117 states have (on average 1.1367521367521367) internal successors, (133), 119 states have internal predecessors, (133), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) Second operand 141 states. [2022-02-21 00:02:15,113 INFO L87 Difference]: Start difference. First operand has 135 states, 117 states have (on average 1.1367521367521367) internal successors, (133), 119 states have internal predecessors, (133), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) Second operand 141 states. [2022-02-21 00:02:15,114 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,114 INFO L93 Difference]: Finished difference Result 141 states and 156 transitions. [2022-02-21 00:02:15,114 INFO L276 IsEmpty]: Start isEmpty. Operand 141 states and 156 transitions. [2022-02-21 00:02:15,114 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:15,114 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:15,115 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:15,115 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:15,115 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 135 states, 117 states have (on average 1.1367521367521367) internal successors, (133), 119 states have internal predecessors, (133), 9 states have call successors, (9), 8 states have call predecessors, (9), 8 states have return successors, (8), 7 states have call predecessors, (8), 6 states have call successors, (8) [2022-02-21 00:02:15,116 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 135 states to 135 states and 150 transitions. [2022-02-21 00:02:15,116 INFO L78 Accepts]: Start accepts. Automaton has 135 states and 150 transitions. Word has length 49 [2022-02-21 00:02:15,116 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:15,116 INFO L470 AbstractCegarLoop]: Abstraction has 135 states and 150 transitions. [2022-02-21 00:02:15,116 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:15,116 INFO L276 IsEmpty]: Start isEmpty. Operand 135 states and 150 transitions. [2022-02-21 00:02:15,116 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2022-02-21 00:02:15,116 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:15,117 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:15,117 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable17 [2022-02-21 00:02:15,117 INFO L402 AbstractCegarLoop]: === Iteration 19 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:15,117 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:15,117 INFO L85 PathProgramCache]: Analyzing trace with hash 1923793837, now seen corresponding path program 1 times [2022-02-21 00:02:15,117 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:15,117 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1944748460] [2022-02-21 00:02:15,117 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:15,117 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:15,134 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:15,180 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,196 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:15,198 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {14488#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {14452#true} is VALID [2022-02-21 00:02:15,200 INFO L290 TraceCheckUtils]: 1: Hoare triple {14452#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {14452#true} is VALID [2022-02-21 00:02:15,200 INFO L290 TraceCheckUtils]: 2: Hoare triple {14452#true} assume true; {14452#true} is VALID [2022-02-21 00:02:15,200 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {14452#true} {14452#true} #753#return; {14452#true} is VALID [2022-02-21 00:02:15,203 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-21 00:02:15,204 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,205 INFO L290 TraceCheckUtils]: 0: Hoare triple {14489#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {14452#true} is VALID [2022-02-21 00:02:15,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {14452#true} assume true; {14452#true} is VALID [2022-02-21 00:02:15,205 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {14452#true} {14452#true} #755#return; {14452#true} is VALID [2022-02-21 00:02:15,206 INFO L290 TraceCheckUtils]: 0: Hoare triple {14479#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {14452#true} is VALID [2022-02-21 00:02:15,206 INFO L290 TraceCheckUtils]: 1: Hoare triple {14452#true} assume 0 != ~compRegistered~0; {14452#true} is VALID [2022-02-21 00:02:15,206 INFO L272 TraceCheckUtils]: 2: Hoare triple {14452#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {14488#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:15,206 INFO L290 TraceCheckUtils]: 3: Hoare triple {14488#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {14452#true} is VALID [2022-02-21 00:02:15,206 INFO L290 TraceCheckUtils]: 4: Hoare triple {14452#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {14452#true} is VALID [2022-02-21 00:02:15,212 INFO L290 TraceCheckUtils]: 5: Hoare triple {14452#true} assume true; {14452#true} is VALID [2022-02-21 00:02:15,212 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {14452#true} {14452#true} #753#return; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 7: Hoare triple {14452#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 8: Hoare triple {14452#true} assume -1073741802 == ~__cil_tmp7~0; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L272 TraceCheckUtils]: 9: Hoare triple {14452#true} call stubMoreProcessingRequired(); {14489#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 10: Hoare triple {14489#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 11: Hoare triple {14452#true} assume true; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {14452#true} {14452#true} #755#return; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 13: Hoare triple {14452#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 14: Hoare triple {14452#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 15: Hoare triple {14452#true} assume 1 == ~tmp_ndt_7~0; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 16: Hoare triple {14452#true} ~returnVal2~0 := -1073741823; {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 17: Hoare triple {14452#true} assume !(~s~0 == ~NP~0); {14452#true} is VALID [2022-02-21 00:02:15,213 INFO L290 TraceCheckUtils]: 18: Hoare triple {14452#true} assume ~s~0 == ~MPR1~0; {14452#true} is VALID [2022-02-21 00:02:15,214 INFO L290 TraceCheckUtils]: 19: Hoare triple {14452#true} assume !(259 == ~returnVal2~0);~s~0 := ~NP~0;~lowerDriverReturn~0 := ~returnVal2~0; {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:15,214 INFO L290 TraceCheckUtils]: 20: Hoare triple {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} #res := ~returnVal2~0; {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:15,214 INFO L290 TraceCheckUtils]: 21: Hoare triple {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} assume true; {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:15,215 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} #717#return; {14478#(and (= ~s~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,215 INFO L290 TraceCheckUtils]: 0: Hoare triple {14452#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {14452#true} is VALID [2022-02-21 00:02:15,216 INFO L290 TraceCheckUtils]: 1: Hoare triple {14452#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,216 INFO L290 TraceCheckUtils]: 2: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume { :end_inline__BLAST_init } true; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,216 INFO L290 TraceCheckUtils]: 3: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,217 INFO L290 TraceCheckUtils]: 4: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,217 INFO L290 TraceCheckUtils]: 5: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,217 INFO L290 TraceCheckUtils]: 6: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume { :end_inline_stub_driver_init } true; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,218 INFO L290 TraceCheckUtils]: 7: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,218 INFO L290 TraceCheckUtils]: 8: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,218 INFO L290 TraceCheckUtils]: 9: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,219 INFO L290 TraceCheckUtils]: 10: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume 3 == main_~tmp_ndt_3~0#1; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,219 INFO L290 TraceCheckUtils]: 11: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,219 INFO L290 TraceCheckUtils]: 12: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,220 INFO L290 TraceCheckUtils]: 13: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,220 INFO L290 TraceCheckUtils]: 14: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume !(~s~0 != ~NP~0); {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,220 INFO L290 TraceCheckUtils]: 15: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,221 INFO L290 TraceCheckUtils]: 16: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,221 INFO L272 TraceCheckUtils]: 17: Hoare triple {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {14479#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:15,221 INFO L290 TraceCheckUtils]: 18: Hoare triple {14479#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {14452#true} is VALID [2022-02-21 00:02:15,221 INFO L290 TraceCheckUtils]: 19: Hoare triple {14452#true} assume 0 != ~compRegistered~0; {14452#true} is VALID [2022-02-21 00:02:15,222 INFO L272 TraceCheckUtils]: 20: Hoare triple {14452#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {14488#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:15,222 INFO L290 TraceCheckUtils]: 21: Hoare triple {14488#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {14452#true} is VALID [2022-02-21 00:02:15,222 INFO L290 TraceCheckUtils]: 22: Hoare triple {14452#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {14452#true} is VALID [2022-02-21 00:02:15,222 INFO L290 TraceCheckUtils]: 23: Hoare triple {14452#true} assume true; {14452#true} is VALID [2022-02-21 00:02:15,222 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {14452#true} {14452#true} #753#return; {14452#true} is VALID [2022-02-21 00:02:15,222 INFO L290 TraceCheckUtils]: 25: Hoare triple {14452#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {14452#true} is VALID [2022-02-21 00:02:15,222 INFO L290 TraceCheckUtils]: 26: Hoare triple {14452#true} assume -1073741802 == ~__cil_tmp7~0; {14452#true} is VALID [2022-02-21 00:02:15,222 INFO L272 TraceCheckUtils]: 27: Hoare triple {14452#true} call stubMoreProcessingRequired(); {14489#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:15,222 INFO L290 TraceCheckUtils]: 28: Hoare triple {14489#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 29: Hoare triple {14452#true} assume true; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14452#true} {14452#true} #755#return; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 31: Hoare triple {14452#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 32: Hoare triple {14452#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 33: Hoare triple {14452#true} assume 1 == ~tmp_ndt_7~0; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 34: Hoare triple {14452#true} ~returnVal2~0 := -1073741823; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 35: Hoare triple {14452#true} assume !(~s~0 == ~NP~0); {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 36: Hoare triple {14452#true} assume ~s~0 == ~MPR1~0; {14452#true} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 37: Hoare triple {14452#true} assume !(259 == ~returnVal2~0);~s~0 := ~NP~0;~lowerDriverReturn~0 := ~returnVal2~0; {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:15,223 INFO L290 TraceCheckUtils]: 38: Hoare triple {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} #res := ~returnVal2~0; {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:15,224 INFO L290 TraceCheckUtils]: 39: Hoare triple {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} assume true; {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} is VALID [2022-02-21 00:02:15,224 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {14487#(or (= ~s~0 1) (= ~s~0 ~NP~0))} {14454#(and (= ~NP~0 1) (not (= ~MPR3~0 1)))} #717#return; {14478#(and (= ~s~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,225 INFO L290 TraceCheckUtils]: 41: Hoare triple {14478#(and (= ~s~0 1) (not (= ~MPR3~0 1)))} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {14478#(and (= ~s~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,225 INFO L290 TraceCheckUtils]: 42: Hoare triple {14478#(and (= ~s~0 1) (not (= ~MPR3~0 1)))} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet41#1, KeWaitForSingleObject_~tmp_ndt_8~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {14478#(and (= ~s~0 1) (not (= ~MPR3~0 1)))} is VALID [2022-02-21 00:02:15,225 INFO L290 TraceCheckUtils]: 43: Hoare triple {14478#(and (= ~s~0 1) (not (= ~MPR3~0 1)))} assume ~s~0 == ~MPR3~0; {14453#false} is VALID [2022-02-21 00:02:15,225 INFO L290 TraceCheckUtils]: 44: Hoare triple {14453#false} assume !(1 == ~setEventCalled~0); {14453#false} is VALID [2022-02-21 00:02:15,225 INFO L290 TraceCheckUtils]: 45: Hoare triple {14453#false} assume !(1 == ~customIrp~0); {14453#false} is VALID [2022-02-21 00:02:15,226 INFO L290 TraceCheckUtils]: 46: Hoare triple {14453#false} assume ~s~0 == ~MPR3~0; {14453#false} is VALID [2022-02-21 00:02:15,226 INFO L272 TraceCheckUtils]: 47: Hoare triple {14453#false} call errorFn(); {14453#false} is VALID [2022-02-21 00:02:15,226 INFO L290 TraceCheckUtils]: 48: Hoare triple {14453#false} assume !false; {14453#false} is VALID [2022-02-21 00:02:15,226 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:15,226 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:15,226 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1944748460] [2022-02-21 00:02:15,226 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1944748460] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:15,226 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:15,226 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-21 00:02:15,226 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [204385537] [2022-02-21 00:02:15,226 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:15,227 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.25) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-21 00:02:15,227 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:15,228 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 5.25) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,253 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:15,253 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-21 00:02:15,254 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:15,254 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-21 00:02:15,254 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2022-02-21 00:02:15,254 INFO L87 Difference]: Start difference. First operand 135 states and 150 transitions. Second operand has 8 states, 8 states have (on average 5.25) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,532 INFO L93 Difference]: Finished difference Result 132 states and 146 transitions. [2022-02-21 00:02:15,532 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-21 00:02:15,532 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 5.25) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-21 00:02:15,532 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:15,532 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 5.25) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,535 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 77 transitions. [2022-02-21 00:02:15,535 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 5.25) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,536 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 77 transitions. [2022-02-21 00:02:15,536 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 77 transitions. [2022-02-21 00:02:15,608 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 77 edges. 77 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:15,609 INFO L225 Difference]: With dead ends: 132 [2022-02-21 00:02:15,609 INFO L226 Difference]: Without dead ends: 115 [2022-02-21 00:02:15,609 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=51, Invalid=105, Unknown=0, NotChecked=0, Total=156 [2022-02-21 00:02:15,609 INFO L933 BasicCegarLoop]: 57 mSDtfsCounter, 106 mSDsluCounter, 140 mSDsCounter, 0 mSdLazyCounter, 91 mSolverCounterSat, 32 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 106 SdHoareTripleChecker+Valid, 197 SdHoareTripleChecker+Invalid, 123 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 32 IncrementalHoareTripleChecker+Valid, 91 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:15,610 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [106 Valid, 197 Invalid, 123 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [32 Valid, 91 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:15,610 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 115 states. [2022-02-21 00:02:15,611 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 115 to 115. [2022-02-21 00:02:15,611 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:15,612 INFO L82 GeneralOperation]: Start isEquivalent. First operand 115 states. Second operand has 115 states, 99 states have (on average 1.121212121212121) internal successors, (111), 100 states have internal predecessors, (111), 9 states have call successors, (9), 8 states have call predecessors, (9), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,612 INFO L74 IsIncluded]: Start isIncluded. First operand 115 states. Second operand has 115 states, 99 states have (on average 1.121212121212121) internal successors, (111), 100 states have internal predecessors, (111), 9 states have call successors, (9), 8 states have call predecessors, (9), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,612 INFO L87 Difference]: Start difference. First operand 115 states. Second operand has 115 states, 99 states have (on average 1.121212121212121) internal successors, (111), 100 states have internal predecessors, (111), 9 states have call successors, (9), 8 states have call predecessors, (9), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,613 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,613 INFO L93 Difference]: Finished difference Result 115 states and 126 transitions. [2022-02-21 00:02:15,613 INFO L276 IsEmpty]: Start isEmpty. Operand 115 states and 126 transitions. [2022-02-21 00:02:15,613 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:15,613 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:15,613 INFO L74 IsIncluded]: Start isIncluded. First operand has 115 states, 99 states have (on average 1.121212121212121) internal successors, (111), 100 states have internal predecessors, (111), 9 states have call successors, (9), 8 states have call predecessors, (9), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 115 states. [2022-02-21 00:02:15,613 INFO L87 Difference]: Start difference. First operand has 115 states, 99 states have (on average 1.121212121212121) internal successors, (111), 100 states have internal predecessors, (111), 9 states have call successors, (9), 8 states have call predecessors, (9), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 115 states. [2022-02-21 00:02:15,621 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,622 INFO L93 Difference]: Finished difference Result 115 states and 126 transitions. [2022-02-21 00:02:15,622 INFO L276 IsEmpty]: Start isEmpty. Operand 115 states and 126 transitions. [2022-02-21 00:02:15,622 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:15,622 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:15,622 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:15,622 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:15,622 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 115 states, 99 states have (on average 1.121212121212121) internal successors, (111), 100 states have internal predecessors, (111), 9 states have call successors, (9), 8 states have call predecessors, (9), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,623 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 115 states to 115 states and 126 transitions. [2022-02-21 00:02:15,623 INFO L78 Accepts]: Start accepts. Automaton has 115 states and 126 transitions. Word has length 49 [2022-02-21 00:02:15,624 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:15,624 INFO L470 AbstractCegarLoop]: Abstraction has 115 states and 126 transitions. [2022-02-21 00:02:15,624 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 5.25) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,624 INFO L276 IsEmpty]: Start isEmpty. Operand 115 states and 126 transitions. [2022-02-21 00:02:15,624 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2022-02-21 00:02:15,624 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:15,624 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:15,625 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable18 [2022-02-21 00:02:15,625 INFO L402 AbstractCegarLoop]: === Iteration 20 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:15,625 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:15,625 INFO L85 PathProgramCache]: Analyzing trace with hash -635303633, now seen corresponding path program 1 times [2022-02-21 00:02:15,625 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:15,625 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1336795654] [2022-02-21 00:02:15,625 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:15,626 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:15,641 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,653 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:15,658 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,666 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:15,668 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,674 INFO L290 TraceCheckUtils]: 0: Hoare triple {15014#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,675 INFO L290 TraceCheckUtils]: 1: Hoare triple {15005#(= ~setEventCalled~0 1)} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,675 INFO L290 TraceCheckUtils]: 2: Hoare triple {15005#(= ~setEventCalled~0 1)} assume true; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,676 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15005#(= ~setEventCalled~0 1)} {14980#true} #753#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,678 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-21 00:02:15,679 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {15015#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {14980#true} is VALID [2022-02-21 00:02:15,681 INFO L290 TraceCheckUtils]: 1: Hoare triple {14980#true} assume true; {14980#true} is VALID [2022-02-21 00:02:15,681 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {14980#true} {15005#(= ~setEventCalled~0 1)} #755#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,681 INFO L290 TraceCheckUtils]: 0: Hoare triple {15006#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {14980#true} is VALID [2022-02-21 00:02:15,682 INFO L290 TraceCheckUtils]: 1: Hoare triple {14980#true} assume 0 != ~compRegistered~0; {14980#true} is VALID [2022-02-21 00:02:15,682 INFO L272 TraceCheckUtils]: 2: Hoare triple {14980#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {15014#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:15,682 INFO L290 TraceCheckUtils]: 3: Hoare triple {15014#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,683 INFO L290 TraceCheckUtils]: 4: Hoare triple {15005#(= ~setEventCalled~0 1)} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,683 INFO L290 TraceCheckUtils]: 5: Hoare triple {15005#(= ~setEventCalled~0 1)} assume true; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,683 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {15005#(= ~setEventCalled~0 1)} {14980#true} #753#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,684 INFO L290 TraceCheckUtils]: 7: Hoare triple {15005#(= ~setEventCalled~0 1)} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,684 INFO L290 TraceCheckUtils]: 8: Hoare triple {15005#(= ~setEventCalled~0 1)} assume -1073741802 == ~__cil_tmp7~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,684 INFO L272 TraceCheckUtils]: 9: Hoare triple {15005#(= ~setEventCalled~0 1)} call stubMoreProcessingRequired(); {15015#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:15,684 INFO L290 TraceCheckUtils]: 10: Hoare triple {15015#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {14980#true} is VALID [2022-02-21 00:02:15,684 INFO L290 TraceCheckUtils]: 11: Hoare triple {14980#true} assume true; {14980#true} is VALID [2022-02-21 00:02:15,685 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {14980#true} {15005#(= ~setEventCalled~0 1)} #755#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,685 INFO L290 TraceCheckUtils]: 13: Hoare triple {15005#(= ~setEventCalled~0 1)} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,685 INFO L290 TraceCheckUtils]: 14: Hoare triple {15005#(= ~setEventCalled~0 1)} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,685 INFO L290 TraceCheckUtils]: 15: Hoare triple {15005#(= ~setEventCalled~0 1)} assume !(1 == ~tmp_ndt_7~0); {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,686 INFO L290 TraceCheckUtils]: 16: Hoare triple {15005#(= ~setEventCalled~0 1)} ~returnVal2~0 := 259; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,686 INFO L290 TraceCheckUtils]: 17: Hoare triple {15005#(= ~setEventCalled~0 1)} assume !(~s~0 == ~NP~0); {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,686 INFO L290 TraceCheckUtils]: 18: Hoare triple {15005#(= ~setEventCalled~0 1)} assume ~s~0 == ~MPR1~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,686 INFO L290 TraceCheckUtils]: 19: Hoare triple {15005#(= ~setEventCalled~0 1)} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,687 INFO L290 TraceCheckUtils]: 20: Hoare triple {15005#(= ~setEventCalled~0 1)} #res := ~returnVal2~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,687 INFO L290 TraceCheckUtils]: 21: Hoare triple {15005#(= ~setEventCalled~0 1)} assume true; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,687 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {15005#(= ~setEventCalled~0 1)} {14980#true} #717#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 0: Hoare triple {14980#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 1: Hoare triple {14980#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 2: Hoare triple {14980#true} assume { :end_inline__BLAST_init } true; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 3: Hoare triple {14980#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 4: Hoare triple {14980#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 5: Hoare triple {14980#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 6: Hoare triple {14980#true} assume { :end_inline_stub_driver_init } true; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 7: Hoare triple {14980#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {14980#true} is VALID [2022-02-21 00:02:15,688 INFO L290 TraceCheckUtils]: 8: Hoare triple {14980#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 9: Hoare triple {14980#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 10: Hoare triple {14980#true} assume 3 == main_~tmp_ndt_3~0#1; {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 11: Hoare triple {14980#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 12: Hoare triple {14980#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 13: Hoare triple {14980#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 14: Hoare triple {14980#true} assume !(~s~0 != ~NP~0); {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 15: Hoare triple {14980#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {14980#true} is VALID [2022-02-21 00:02:15,689 INFO L290 TraceCheckUtils]: 16: Hoare triple {14980#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {14980#true} is VALID [2022-02-21 00:02:15,690 INFO L272 TraceCheckUtils]: 17: Hoare triple {14980#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {15006#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:15,690 INFO L290 TraceCheckUtils]: 18: Hoare triple {15006#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {14980#true} is VALID [2022-02-21 00:02:15,690 INFO L290 TraceCheckUtils]: 19: Hoare triple {14980#true} assume 0 != ~compRegistered~0; {14980#true} is VALID [2022-02-21 00:02:15,691 INFO L272 TraceCheckUtils]: 20: Hoare triple {14980#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {15014#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:15,691 INFO L290 TraceCheckUtils]: 21: Hoare triple {15014#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,691 INFO L290 TraceCheckUtils]: 22: Hoare triple {15005#(= ~setEventCalled~0 1)} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,691 INFO L290 TraceCheckUtils]: 23: Hoare triple {15005#(= ~setEventCalled~0 1)} assume true; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,692 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {15005#(= ~setEventCalled~0 1)} {14980#true} #753#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,692 INFO L290 TraceCheckUtils]: 25: Hoare triple {15005#(= ~setEventCalled~0 1)} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,692 INFO L290 TraceCheckUtils]: 26: Hoare triple {15005#(= ~setEventCalled~0 1)} assume -1073741802 == ~__cil_tmp7~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,693 INFO L272 TraceCheckUtils]: 27: Hoare triple {15005#(= ~setEventCalled~0 1)} call stubMoreProcessingRequired(); {15015#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:15,693 INFO L290 TraceCheckUtils]: 28: Hoare triple {15015#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {14980#true} is VALID [2022-02-21 00:02:15,693 INFO L290 TraceCheckUtils]: 29: Hoare triple {14980#true} assume true; {14980#true} is VALID [2022-02-21 00:02:15,693 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {14980#true} {15005#(= ~setEventCalled~0 1)} #755#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,693 INFO L290 TraceCheckUtils]: 31: Hoare triple {15005#(= ~setEventCalled~0 1)} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,694 INFO L290 TraceCheckUtils]: 32: Hoare triple {15005#(= ~setEventCalled~0 1)} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,694 INFO L290 TraceCheckUtils]: 33: Hoare triple {15005#(= ~setEventCalled~0 1)} assume !(1 == ~tmp_ndt_7~0); {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,694 INFO L290 TraceCheckUtils]: 34: Hoare triple {15005#(= ~setEventCalled~0 1)} ~returnVal2~0 := 259; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,694 INFO L290 TraceCheckUtils]: 35: Hoare triple {15005#(= ~setEventCalled~0 1)} assume !(~s~0 == ~NP~0); {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,695 INFO L290 TraceCheckUtils]: 36: Hoare triple {15005#(= ~setEventCalled~0 1)} assume ~s~0 == ~MPR1~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,695 INFO L290 TraceCheckUtils]: 37: Hoare triple {15005#(= ~setEventCalled~0 1)} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,695 INFO L290 TraceCheckUtils]: 38: Hoare triple {15005#(= ~setEventCalled~0 1)} #res := ~returnVal2~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,695 INFO L290 TraceCheckUtils]: 39: Hoare triple {15005#(= ~setEventCalled~0 1)} assume true; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,696 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {15005#(= ~setEventCalled~0 1)} {14980#true} #717#return; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,696 INFO L290 TraceCheckUtils]: 41: Hoare triple {15005#(= ~setEventCalled~0 1)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,696 INFO L290 TraceCheckUtils]: 42: Hoare triple {15005#(= ~setEventCalled~0 1)} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet41#1, KeWaitForSingleObject_~tmp_ndt_8~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,697 INFO L290 TraceCheckUtils]: 43: Hoare triple {15005#(= ~setEventCalled~0 1)} assume ~s~0 == ~MPR3~0; {15005#(= ~setEventCalled~0 1)} is VALID [2022-02-21 00:02:15,697 INFO L290 TraceCheckUtils]: 44: Hoare triple {15005#(= ~setEventCalled~0 1)} assume !(1 == ~setEventCalled~0); {14981#false} is VALID [2022-02-21 00:02:15,697 INFO L290 TraceCheckUtils]: 45: Hoare triple {14981#false} assume !(1 == ~customIrp~0); {14981#false} is VALID [2022-02-21 00:02:15,697 INFO L290 TraceCheckUtils]: 46: Hoare triple {14981#false} assume ~s~0 == ~MPR3~0; {14981#false} is VALID [2022-02-21 00:02:15,697 INFO L272 TraceCheckUtils]: 47: Hoare triple {14981#false} call errorFn(); {14981#false} is VALID [2022-02-21 00:02:15,697 INFO L290 TraceCheckUtils]: 48: Hoare triple {14981#false} assume !false; {14981#false} is VALID [2022-02-21 00:02:15,697 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:15,698 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:15,698 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1336795654] [2022-02-21 00:02:15,698 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1336795654] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:15,698 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:15,698 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-21 00:02:15,698 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [525831585] [2022-02-21 00:02:15,698 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:15,699 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-21 00:02:15,699 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:15,699 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,723 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:15,724 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-21 00:02:15,724 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:15,724 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-21 00:02:15,724 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:15,724 INFO L87 Difference]: Start difference. First operand 115 states and 126 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,852 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,852 INFO L93 Difference]: Finished difference Result 110 states and 117 transitions. [2022-02-21 00:02:15,852 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-21 00:02:15,852 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-21 00:02:15,852 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:15,853 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,854 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 66 transitions. [2022-02-21 00:02:15,854 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,855 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 66 transitions. [2022-02-21 00:02:15,855 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 66 transitions. [2022-02-21 00:02:15,901 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 66 edges. 66 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:15,903 INFO L225 Difference]: With dead ends: 110 [2022-02-21 00:02:15,903 INFO L226 Difference]: Without dead ends: 108 [2022-02-21 00:02:15,904 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 4 SyntacticMatches, 2 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-21 00:02:15,905 INFO L933 BasicCegarLoop]: 61 mSDtfsCounter, 41 mSDsluCounter, 95 mSDsCounter, 0 mSdLazyCounter, 33 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 156 SdHoareTripleChecker+Invalid, 50 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 33 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:15,905 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 156 Invalid, 50 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 33 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:15,910 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 108 states. [2022-02-21 00:02:15,912 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 108 to 108. [2022-02-21 00:02:15,913 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:15,913 INFO L82 GeneralOperation]: Start isEquivalent. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.086021505376344) internal successors, (101), 93 states have internal predecessors, (101), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,914 INFO L74 IsIncluded]: Start isIncluded. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.086021505376344) internal successors, (101), 93 states have internal predecessors, (101), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,914 INFO L87 Difference]: Start difference. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.086021505376344) internal successors, (101), 93 states have internal predecessors, (101), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,915 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,915 INFO L93 Difference]: Finished difference Result 108 states and 115 transitions. [2022-02-21 00:02:15,915 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 115 transitions. [2022-02-21 00:02:15,915 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:15,915 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:15,915 INFO L74 IsIncluded]: Start isIncluded. First operand has 108 states, 93 states have (on average 1.086021505376344) internal successors, (101), 93 states have internal predecessors, (101), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 108 states. [2022-02-21 00:02:15,916 INFO L87 Difference]: Start difference. First operand has 108 states, 93 states have (on average 1.086021505376344) internal successors, (101), 93 states have internal predecessors, (101), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 108 states. [2022-02-21 00:02:15,917 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:15,917 INFO L93 Difference]: Finished difference Result 108 states and 115 transitions. [2022-02-21 00:02:15,917 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 115 transitions. [2022-02-21 00:02:15,917 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:15,917 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:15,917 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:15,917 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:15,917 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 108 states, 93 states have (on average 1.086021505376344) internal successors, (101), 93 states have internal predecessors, (101), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:15,919 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 108 states to 108 states and 115 transitions. [2022-02-21 00:02:15,920 INFO L78 Accepts]: Start accepts. Automaton has 108 states and 115 transitions. Word has length 49 [2022-02-21 00:02:15,920 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:15,920 INFO L470 AbstractCegarLoop]: Abstraction has 108 states and 115 transitions. [2022-02-21 00:02:15,920 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 3 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-21 00:02:15,920 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 115 transitions. [2022-02-21 00:02:15,920 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-21 00:02:15,920 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:15,921 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:15,921 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable19 [2022-02-21 00:02:15,921 INFO L402 AbstractCegarLoop]: === Iteration 21 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:15,921 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:15,921 INFO L85 PathProgramCache]: Analyzing trace with hash -870094681, now seen corresponding path program 1 times [2022-02-21 00:02:15,921 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:15,922 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1402874948] [2022-02-21 00:02:15,922 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:15,922 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:15,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:15,975 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:15,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,003 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:16,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,008 INFO L290 TraceCheckUtils]: 0: Hoare triple {15495#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15458#true} is VALID [2022-02-21 00:02:16,008 INFO L290 TraceCheckUtils]: 1: Hoare triple {15458#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15458#true} is VALID [2022-02-21 00:02:16,008 INFO L290 TraceCheckUtils]: 2: Hoare triple {15458#true} assume true; {15458#true} is VALID [2022-02-21 00:02:16,008 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15458#true} {15458#true} #753#return; {15458#true} is VALID [2022-02-21 00:02:16,013 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-21 00:02:16,014 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,015 INFO L290 TraceCheckUtils]: 0: Hoare triple {15496#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {15458#true} is VALID [2022-02-21 00:02:16,015 INFO L290 TraceCheckUtils]: 1: Hoare triple {15458#true} assume true; {15458#true} is VALID [2022-02-21 00:02:16,016 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {15458#true} {15458#true} #755#return; {15458#true} is VALID [2022-02-21 00:02:16,016 INFO L290 TraceCheckUtils]: 0: Hoare triple {15485#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {15458#true} is VALID [2022-02-21 00:02:16,016 INFO L290 TraceCheckUtils]: 1: Hoare triple {15458#true} assume 0 != ~compRegistered~0; {15458#true} is VALID [2022-02-21 00:02:16,016 INFO L272 TraceCheckUtils]: 2: Hoare triple {15458#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {15495#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:16,017 INFO L290 TraceCheckUtils]: 3: Hoare triple {15495#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15458#true} is VALID [2022-02-21 00:02:16,017 INFO L290 TraceCheckUtils]: 4: Hoare triple {15458#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15458#true} is VALID [2022-02-21 00:02:16,017 INFO L290 TraceCheckUtils]: 5: Hoare triple {15458#true} assume true; {15458#true} is VALID [2022-02-21 00:02:16,017 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {15458#true} {15458#true} #753#return; {15458#true} is VALID [2022-02-21 00:02:16,017 INFO L290 TraceCheckUtils]: 7: Hoare triple {15458#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {15458#true} is VALID [2022-02-21 00:02:16,017 INFO L290 TraceCheckUtils]: 8: Hoare triple {15458#true} assume -1073741802 == ~__cil_tmp7~0; {15458#true} is VALID [2022-02-21 00:02:16,017 INFO L272 TraceCheckUtils]: 9: Hoare triple {15458#true} call stubMoreProcessingRequired(); {15496#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:16,018 INFO L290 TraceCheckUtils]: 10: Hoare triple {15496#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {15458#true} is VALID [2022-02-21 00:02:16,018 INFO L290 TraceCheckUtils]: 11: Hoare triple {15458#true} assume true; {15458#true} is VALID [2022-02-21 00:02:16,018 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {15458#true} {15458#true} #755#return; {15458#true} is VALID [2022-02-21 00:02:16,018 INFO L290 TraceCheckUtils]: 13: Hoare triple {15458#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {15458#true} is VALID [2022-02-21 00:02:16,018 INFO L290 TraceCheckUtils]: 14: Hoare triple {15458#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {15458#true} is VALID [2022-02-21 00:02:16,018 INFO L290 TraceCheckUtils]: 15: Hoare triple {15458#true} assume !(1 == ~tmp_ndt_7~0); {15458#true} is VALID [2022-02-21 00:02:16,018 INFO L290 TraceCheckUtils]: 16: Hoare triple {15458#true} ~returnVal2~0 := 259; {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,019 INFO L290 TraceCheckUtils]: 17: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} assume !(~s~0 == ~NP~0); {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,019 INFO L290 TraceCheckUtils]: 18: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} assume ~s~0 == ~MPR1~0; {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,019 INFO L290 TraceCheckUtils]: 19: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,020 INFO L290 TraceCheckUtils]: 20: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} #res := ~returnVal2~0; {15494#(<= 259 |IofCallDriver_#res|)} is VALID [2022-02-21 00:02:16,020 INFO L290 TraceCheckUtils]: 21: Hoare triple {15494#(<= 259 |IofCallDriver_#res|)} assume true; {15494#(<= 259 |IofCallDriver_#res|)} is VALID [2022-02-21 00:02:16,020 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {15494#(<= 259 |IofCallDriver_#res|)} {15458#true} #717#return; {15483#(<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|)} is VALID [2022-02-21 00:02:16,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {15458#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {15458#true} is VALID [2022-02-21 00:02:16,021 INFO L290 TraceCheckUtils]: 1: Hoare triple {15458#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {15458#true} is VALID [2022-02-21 00:02:16,021 INFO L290 TraceCheckUtils]: 2: Hoare triple {15458#true} assume { :end_inline__BLAST_init } true; {15458#true} is VALID [2022-02-21 00:02:16,021 INFO L290 TraceCheckUtils]: 3: Hoare triple {15458#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {15458#true} is VALID [2022-02-21 00:02:16,021 INFO L290 TraceCheckUtils]: 4: Hoare triple {15458#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {15458#true} is VALID [2022-02-21 00:02:16,021 INFO L290 TraceCheckUtils]: 5: Hoare triple {15458#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 6: Hoare triple {15458#true} assume { :end_inline_stub_driver_init } true; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 7: Hoare triple {15458#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 8: Hoare triple {15458#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 9: Hoare triple {15458#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 10: Hoare triple {15458#true} assume 3 == main_~tmp_ndt_3~0#1; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 11: Hoare triple {15458#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 12: Hoare triple {15458#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 13: Hoare triple {15458#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 14: Hoare triple {15458#true} assume !(~s~0 != ~NP~0); {15458#true} is VALID [2022-02-21 00:02:16,022 INFO L290 TraceCheckUtils]: 15: Hoare triple {15458#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {15458#true} is VALID [2022-02-21 00:02:16,023 INFO L290 TraceCheckUtils]: 16: Hoare triple {15458#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {15458#true} is VALID [2022-02-21 00:02:16,023 INFO L272 TraceCheckUtils]: 17: Hoare triple {15458#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {15485#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:16,023 INFO L290 TraceCheckUtils]: 18: Hoare triple {15485#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {15458#true} is VALID [2022-02-21 00:02:16,023 INFO L290 TraceCheckUtils]: 19: Hoare triple {15458#true} assume 0 != ~compRegistered~0; {15458#true} is VALID [2022-02-21 00:02:16,024 INFO L272 TraceCheckUtils]: 20: Hoare triple {15458#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {15495#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:16,024 INFO L290 TraceCheckUtils]: 21: Hoare triple {15495#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15458#true} is VALID [2022-02-21 00:02:16,024 INFO L290 TraceCheckUtils]: 22: Hoare triple {15458#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15458#true} is VALID [2022-02-21 00:02:16,024 INFO L290 TraceCheckUtils]: 23: Hoare triple {15458#true} assume true; {15458#true} is VALID [2022-02-21 00:02:16,024 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {15458#true} {15458#true} #753#return; {15458#true} is VALID [2022-02-21 00:02:16,025 INFO L290 TraceCheckUtils]: 25: Hoare triple {15458#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {15458#true} is VALID [2022-02-21 00:02:16,025 INFO L290 TraceCheckUtils]: 26: Hoare triple {15458#true} assume -1073741802 == ~__cil_tmp7~0; {15458#true} is VALID [2022-02-21 00:02:16,025 INFO L272 TraceCheckUtils]: 27: Hoare triple {15458#true} call stubMoreProcessingRequired(); {15496#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:16,025 INFO L290 TraceCheckUtils]: 28: Hoare triple {15496#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {15458#true} is VALID [2022-02-21 00:02:16,025 INFO L290 TraceCheckUtils]: 29: Hoare triple {15458#true} assume true; {15458#true} is VALID [2022-02-21 00:02:16,025 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15458#true} {15458#true} #755#return; {15458#true} is VALID [2022-02-21 00:02:16,025 INFO L290 TraceCheckUtils]: 31: Hoare triple {15458#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {15458#true} is VALID [2022-02-21 00:02:16,026 INFO L290 TraceCheckUtils]: 32: Hoare triple {15458#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {15458#true} is VALID [2022-02-21 00:02:16,026 INFO L290 TraceCheckUtils]: 33: Hoare triple {15458#true} assume !(1 == ~tmp_ndt_7~0); {15458#true} is VALID [2022-02-21 00:02:16,026 INFO L290 TraceCheckUtils]: 34: Hoare triple {15458#true} ~returnVal2~0 := 259; {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,026 INFO L290 TraceCheckUtils]: 35: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} assume !(~s~0 == ~NP~0); {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,026 INFO L290 TraceCheckUtils]: 36: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} assume ~s~0 == ~MPR1~0; {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,027 INFO L290 TraceCheckUtils]: 37: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {15493#(<= 259 IofCallDriver_~returnVal2~0)} is VALID [2022-02-21 00:02:16,027 INFO L290 TraceCheckUtils]: 38: Hoare triple {15493#(<= 259 IofCallDriver_~returnVal2~0)} #res := ~returnVal2~0; {15494#(<= 259 |IofCallDriver_#res|)} is VALID [2022-02-21 00:02:16,027 INFO L290 TraceCheckUtils]: 39: Hoare triple {15494#(<= 259 |IofCallDriver_#res|)} assume true; {15494#(<= 259 |IofCallDriver_#res|)} is VALID [2022-02-21 00:02:16,028 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {15494#(<= 259 |IofCallDriver_#res|)} {15458#true} #717#return; {15483#(<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|)} is VALID [2022-02-21 00:02:16,028 INFO L290 TraceCheckUtils]: 41: Hoare triple {15483#(<= 259 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {15484#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} is VALID [2022-02-21 00:02:16,029 INFO L290 TraceCheckUtils]: 42: Hoare triple {15484#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {15484#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} is VALID [2022-02-21 00:02:16,029 INFO L290 TraceCheckUtils]: 43: Hoare triple {15484#(<= 259 |ULTIMATE.start_KbFilter_PnP_~status~0#1|)} assume !(KbFilter_PnP_~status~0#1 >= 0); {15459#false} is VALID [2022-02-21 00:02:16,029 INFO L290 TraceCheckUtils]: 44: Hoare triple {15459#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0; {15459#false} is VALID [2022-02-21 00:02:16,029 INFO L272 TraceCheckUtils]: 45: Hoare triple {15459#false} call IofCompleteRequest(KbFilter_PnP_~Irp#1, 0); {15459#false} is VALID [2022-02-21 00:02:16,029 INFO L290 TraceCheckUtils]: 46: Hoare triple {15459#false} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {15459#false} is VALID [2022-02-21 00:02:16,029 INFO L290 TraceCheckUtils]: 47: Hoare triple {15459#false} assume !(~s~0 == ~NP~0); {15459#false} is VALID [2022-02-21 00:02:16,029 INFO L272 TraceCheckUtils]: 48: Hoare triple {15459#false} call errorFn(); {15459#false} is VALID [2022-02-21 00:02:16,029 INFO L290 TraceCheckUtils]: 49: Hoare triple {15459#false} assume !false; {15459#false} is VALID [2022-02-21 00:02:16,030 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:16,030 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:16,030 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1402874948] [2022-02-21 00:02:16,030 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1402874948] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:16,030 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:16,030 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-21 00:02:16,030 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [417403613] [2022-02-21 00:02:16,030 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:16,031 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 4.666666666666667) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 50 [2022-02-21 00:02:16,031 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:16,031 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 9 states have (on average 4.666666666666667) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,060 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:16,061 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-21 00:02:16,061 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:16,062 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-21 00:02:16,062 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=55, Unknown=0, NotChecked=0, Total=72 [2022-02-21 00:02:16,062 INFO L87 Difference]: Start difference. First operand 108 states and 115 transitions. Second operand has 9 states, 9 states have (on average 4.666666666666667) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,338 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:16,338 INFO L93 Difference]: Finished difference Result 108 states and 113 transitions. [2022-02-21 00:02:16,338 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-21 00:02:16,339 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 4.666666666666667) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 50 [2022-02-21 00:02:16,339 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:16,339 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 4.666666666666667) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,339 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 64 transitions. [2022-02-21 00:02:16,339 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 4.666666666666667) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,340 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 64 transitions. [2022-02-21 00:02:16,340 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 64 transitions. [2022-02-21 00:02:16,377 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 64 edges. 64 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:16,378 INFO L225 Difference]: With dead ends: 108 [2022-02-21 00:02:16,378 INFO L226 Difference]: Without dead ends: 108 [2022-02-21 00:02:16,379 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2022-02-21 00:02:16,379 INFO L933 BasicCegarLoop]: 55 mSDtfsCounter, 27 mSDsluCounter, 265 mSDsCounter, 0 mSdLazyCounter, 121 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 27 SdHoareTripleChecker+Valid, 320 SdHoareTripleChecker+Invalid, 129 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 121 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:16,379 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [27 Valid, 320 Invalid, 129 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 121 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:16,380 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 108 states. [2022-02-21 00:02:16,381 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 108 to 108. [2022-02-21 00:02:16,381 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:16,381 INFO L82 GeneralOperation]: Start isEquivalent. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.064516129032258) internal successors, (99), 93 states have internal predecessors, (99), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,381 INFO L74 IsIncluded]: Start isIncluded. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.064516129032258) internal successors, (99), 93 states have internal predecessors, (99), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,381 INFO L87 Difference]: Start difference. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.064516129032258) internal successors, (99), 93 states have internal predecessors, (99), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,382 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:16,382 INFO L93 Difference]: Finished difference Result 108 states and 113 transitions. [2022-02-21 00:02:16,382 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 113 transitions. [2022-02-21 00:02:16,383 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:16,383 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:16,383 INFO L74 IsIncluded]: Start isIncluded. First operand has 108 states, 93 states have (on average 1.064516129032258) internal successors, (99), 93 states have internal predecessors, (99), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 108 states. [2022-02-21 00:02:16,383 INFO L87 Difference]: Start difference. First operand has 108 states, 93 states have (on average 1.064516129032258) internal successors, (99), 93 states have internal predecessors, (99), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 108 states. [2022-02-21 00:02:16,384 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:16,384 INFO L93 Difference]: Finished difference Result 108 states and 113 transitions. [2022-02-21 00:02:16,384 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 113 transitions. [2022-02-21 00:02:16,384 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:16,384 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:16,385 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:16,385 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:16,385 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 108 states, 93 states have (on average 1.064516129032258) internal successors, (99), 93 states have internal predecessors, (99), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,386 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 108 states to 108 states and 113 transitions. [2022-02-21 00:02:16,386 INFO L78 Accepts]: Start accepts. Automaton has 108 states and 113 transitions. Word has length 50 [2022-02-21 00:02:16,386 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:16,386 INFO L470 AbstractCegarLoop]: Abstraction has 108 states and 113 transitions. [2022-02-21 00:02:16,386 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 4.666666666666667) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,386 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 113 transitions. [2022-02-21 00:02:16,387 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-02-21 00:02:16,387 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:16,387 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:16,387 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable20 [2022-02-21 00:02:16,387 INFO L402 AbstractCegarLoop]: === Iteration 22 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:16,387 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:16,387 INFO L85 PathProgramCache]: Analyzing trace with hash -1424240836, now seen corresponding path program 1 times [2022-02-21 00:02:16,388 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:16,388 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1907214766] [2022-02-21 00:02:16,388 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:16,388 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:16,423 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,454 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:16,461 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,500 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:16,502 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,504 INFO L290 TraceCheckUtils]: 0: Hoare triple {15970#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15933#true} is VALID [2022-02-21 00:02:16,504 INFO L290 TraceCheckUtils]: 1: Hoare triple {15933#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15933#true} is VALID [2022-02-21 00:02:16,504 INFO L290 TraceCheckUtils]: 2: Hoare triple {15933#true} assume true; {15933#true} is VALID [2022-02-21 00:02:16,504 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {15933#true} {15933#true} #753#return; {15933#true} is VALID [2022-02-21 00:02:16,509 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-21 00:02:16,509 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {15971#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {15933#true} is VALID [2022-02-21 00:02:16,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {15933#true} assume true; {15933#true} is VALID [2022-02-21 00:02:16,511 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {15933#true} {15933#true} #755#return; {15933#true} is VALID [2022-02-21 00:02:16,511 INFO L290 TraceCheckUtils]: 0: Hoare triple {15960#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {15933#true} is VALID [2022-02-21 00:02:16,511 INFO L290 TraceCheckUtils]: 1: Hoare triple {15933#true} assume 0 != ~compRegistered~0; {15933#true} is VALID [2022-02-21 00:02:16,512 INFO L272 TraceCheckUtils]: 2: Hoare triple {15933#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {15970#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:16,512 INFO L290 TraceCheckUtils]: 3: Hoare triple {15970#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15933#true} is VALID [2022-02-21 00:02:16,512 INFO L290 TraceCheckUtils]: 4: Hoare triple {15933#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15933#true} is VALID [2022-02-21 00:02:16,512 INFO L290 TraceCheckUtils]: 5: Hoare triple {15933#true} assume true; {15933#true} is VALID [2022-02-21 00:02:16,512 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {15933#true} {15933#true} #753#return; {15933#true} is VALID [2022-02-21 00:02:16,512 INFO L290 TraceCheckUtils]: 7: Hoare triple {15933#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {15933#true} is VALID [2022-02-21 00:02:16,512 INFO L290 TraceCheckUtils]: 8: Hoare triple {15933#true} assume -1073741802 == ~__cil_tmp7~0; {15933#true} is VALID [2022-02-21 00:02:16,513 INFO L272 TraceCheckUtils]: 9: Hoare triple {15933#true} call stubMoreProcessingRequired(); {15971#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:16,513 INFO L290 TraceCheckUtils]: 10: Hoare triple {15971#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {15933#true} is VALID [2022-02-21 00:02:16,513 INFO L290 TraceCheckUtils]: 11: Hoare triple {15933#true} assume true; {15933#true} is VALID [2022-02-21 00:02:16,513 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {15933#true} {15933#true} #755#return; {15933#true} is VALID [2022-02-21 00:02:16,513 INFO L290 TraceCheckUtils]: 13: Hoare triple {15933#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {15933#true} is VALID [2022-02-21 00:02:16,513 INFO L290 TraceCheckUtils]: 14: Hoare triple {15933#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {15933#true} is VALID [2022-02-21 00:02:16,513 INFO L290 TraceCheckUtils]: 15: Hoare triple {15933#true} assume !(1 == ~tmp_ndt_7~0); {15933#true} is VALID [2022-02-21 00:02:16,514 INFO L290 TraceCheckUtils]: 16: Hoare triple {15933#true} ~returnVal2~0 := 259; {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,514 INFO L290 TraceCheckUtils]: 17: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} assume !(~s~0 == ~NP~0); {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,514 INFO L290 TraceCheckUtils]: 18: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} assume ~s~0 == ~MPR1~0; {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,515 INFO L290 TraceCheckUtils]: 19: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,515 INFO L290 TraceCheckUtils]: 20: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} #res := ~returnVal2~0; {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} is VALID [2022-02-21 00:02:16,515 INFO L290 TraceCheckUtils]: 21: Hoare triple {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} assume true; {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} is VALID [2022-02-21 00:02:16,516 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} {15933#true} #717#return; {15958#(and (<= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 259) (< 258 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|))} is VALID [2022-02-21 00:02:16,516 INFO L290 TraceCheckUtils]: 0: Hoare triple {15933#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {15933#true} is VALID [2022-02-21 00:02:16,516 INFO L290 TraceCheckUtils]: 1: Hoare triple {15933#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {15933#true} is VALID [2022-02-21 00:02:16,516 INFO L290 TraceCheckUtils]: 2: Hoare triple {15933#true} assume { :end_inline__BLAST_init } true; {15933#true} is VALID [2022-02-21 00:02:16,516 INFO L290 TraceCheckUtils]: 3: Hoare triple {15933#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 4: Hoare triple {15933#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 5: Hoare triple {15933#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 6: Hoare triple {15933#true} assume { :end_inline_stub_driver_init } true; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 7: Hoare triple {15933#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 8: Hoare triple {15933#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 9: Hoare triple {15933#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 10: Hoare triple {15933#true} assume 3 == main_~tmp_ndt_3~0#1; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 11: Hoare triple {15933#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {15933#true} is VALID [2022-02-21 00:02:16,517 INFO L290 TraceCheckUtils]: 12: Hoare triple {15933#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {15933#true} is VALID [2022-02-21 00:02:16,518 INFO L290 TraceCheckUtils]: 13: Hoare triple {15933#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {15933#true} is VALID [2022-02-21 00:02:16,518 INFO L290 TraceCheckUtils]: 14: Hoare triple {15933#true} assume !(~s~0 != ~NP~0); {15933#true} is VALID [2022-02-21 00:02:16,518 INFO L290 TraceCheckUtils]: 15: Hoare triple {15933#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {15933#true} is VALID [2022-02-21 00:02:16,518 INFO L290 TraceCheckUtils]: 16: Hoare triple {15933#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {15933#true} is VALID [2022-02-21 00:02:16,518 INFO L272 TraceCheckUtils]: 17: Hoare triple {15933#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {15960#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:16,519 INFO L290 TraceCheckUtils]: 18: Hoare triple {15960#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {15933#true} is VALID [2022-02-21 00:02:16,519 INFO L290 TraceCheckUtils]: 19: Hoare triple {15933#true} assume 0 != ~compRegistered~0; {15933#true} is VALID [2022-02-21 00:02:16,519 INFO L272 TraceCheckUtils]: 20: Hoare triple {15933#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {15970#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:16,519 INFO L290 TraceCheckUtils]: 21: Hoare triple {15970#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {15933#true} is VALID [2022-02-21 00:02:16,519 INFO L290 TraceCheckUtils]: 22: Hoare triple {15933#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {15933#true} is VALID [2022-02-21 00:02:16,520 INFO L290 TraceCheckUtils]: 23: Hoare triple {15933#true} assume true; {15933#true} is VALID [2022-02-21 00:02:16,520 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {15933#true} {15933#true} #753#return; {15933#true} is VALID [2022-02-21 00:02:16,520 INFO L290 TraceCheckUtils]: 25: Hoare triple {15933#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {15933#true} is VALID [2022-02-21 00:02:16,520 INFO L290 TraceCheckUtils]: 26: Hoare triple {15933#true} assume -1073741802 == ~__cil_tmp7~0; {15933#true} is VALID [2022-02-21 00:02:16,520 INFO L272 TraceCheckUtils]: 27: Hoare triple {15933#true} call stubMoreProcessingRequired(); {15971#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:16,520 INFO L290 TraceCheckUtils]: 28: Hoare triple {15971#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {15933#true} is VALID [2022-02-21 00:02:16,520 INFO L290 TraceCheckUtils]: 29: Hoare triple {15933#true} assume true; {15933#true} is VALID [2022-02-21 00:02:16,520 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {15933#true} {15933#true} #755#return; {15933#true} is VALID [2022-02-21 00:02:16,521 INFO L290 TraceCheckUtils]: 31: Hoare triple {15933#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {15933#true} is VALID [2022-02-21 00:02:16,521 INFO L290 TraceCheckUtils]: 32: Hoare triple {15933#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {15933#true} is VALID [2022-02-21 00:02:16,521 INFO L290 TraceCheckUtils]: 33: Hoare triple {15933#true} assume !(1 == ~tmp_ndt_7~0); {15933#true} is VALID [2022-02-21 00:02:16,521 INFO L290 TraceCheckUtils]: 34: Hoare triple {15933#true} ~returnVal2~0 := 259; {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,521 INFO L290 TraceCheckUtils]: 35: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} assume !(~s~0 == ~NP~0); {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,522 INFO L290 TraceCheckUtils]: 36: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} assume ~s~0 == ~MPR1~0; {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,522 INFO L290 TraceCheckUtils]: 37: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} is VALID [2022-02-21 00:02:16,522 INFO L290 TraceCheckUtils]: 38: Hoare triple {15968#(and (<= IofCallDriver_~returnVal2~0 259) (<= 259 IofCallDriver_~returnVal2~0))} #res := ~returnVal2~0; {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} is VALID [2022-02-21 00:02:16,523 INFO L290 TraceCheckUtils]: 39: Hoare triple {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} assume true; {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} is VALID [2022-02-21 00:02:16,523 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {15969#(and (<= 259 |IofCallDriver_#res|) (<= |IofCallDriver_#res| 259))} {15933#true} #717#return; {15958#(and (<= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 259) (< 258 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|))} is VALID [2022-02-21 00:02:16,524 INFO L290 TraceCheckUtils]: 41: Hoare triple {15958#(and (<= |ULTIMATE.start_KbFilter_PnP_#t~ret12#1| 259) (< 258 |ULTIMATE.start_KbFilter_PnP_#t~ret12#1|))} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {15959#(= 259 |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1|)} is VALID [2022-02-21 00:02:16,524 INFO L290 TraceCheckUtils]: 42: Hoare triple {15959#(= 259 |ULTIMATE.start_KbFilter_PnP_~__cil_tmp23~0#1|)} assume !(259 == KbFilter_PnP_~__cil_tmp23~0#1); {15934#false} is VALID [2022-02-21 00:02:16,524 INFO L290 TraceCheckUtils]: 43: Hoare triple {15934#false} assume KbFilter_PnP_~status~0#1 >= 0; {15934#false} is VALID [2022-02-21 00:02:16,524 INFO L290 TraceCheckUtils]: 44: Hoare triple {15934#false} assume !(~myStatus~0 >= 0); {15934#false} is VALID [2022-02-21 00:02:16,524 INFO L290 TraceCheckUtils]: 45: Hoare triple {15934#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0; {15934#false} is VALID [2022-02-21 00:02:16,525 INFO L272 TraceCheckUtils]: 46: Hoare triple {15934#false} call IofCompleteRequest(KbFilter_PnP_~Irp#1, 0); {15934#false} is VALID [2022-02-21 00:02:16,525 INFO L290 TraceCheckUtils]: 47: Hoare triple {15934#false} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {15934#false} is VALID [2022-02-21 00:02:16,525 INFO L290 TraceCheckUtils]: 48: Hoare triple {15934#false} assume !(~s~0 == ~NP~0); {15934#false} is VALID [2022-02-21 00:02:16,525 INFO L272 TraceCheckUtils]: 49: Hoare triple {15934#false} call errorFn(); {15934#false} is VALID [2022-02-21 00:02:16,525 INFO L290 TraceCheckUtils]: 50: Hoare triple {15934#false} assume !false; {15934#false} is VALID [2022-02-21 00:02:16,525 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:16,525 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:16,525 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1907214766] [2022-02-21 00:02:16,526 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1907214766] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:16,526 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:16,526 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2022-02-21 00:02:16,526 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1883116308] [2022-02-21 00:02:16,526 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:16,526 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 4.777777777777778) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 51 [2022-02-21 00:02:16,527 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:16,527 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 9 states have (on average 4.777777777777778) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,555 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 51 edges. 51 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:16,555 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-21 00:02:16,555 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:16,556 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-21 00:02:16,556 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=55, Unknown=0, NotChecked=0, Total=72 [2022-02-21 00:02:16,556 INFO L87 Difference]: Start difference. First operand 108 states and 113 transitions. Second operand has 9 states, 9 states have (on average 4.777777777777778) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,822 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:16,822 INFO L93 Difference]: Finished difference Result 108 states and 111 transitions. [2022-02-21 00:02:16,822 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-21 00:02:16,823 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 4.777777777777778) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 51 [2022-02-21 00:02:16,823 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:16,823 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 4.777777777777778) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,823 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 63 transitions. [2022-02-21 00:02:16,824 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 9 states have (on average 4.777777777777778) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,824 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 63 transitions. [2022-02-21 00:02:16,824 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 63 transitions. [2022-02-21 00:02:16,863 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:16,864 INFO L225 Difference]: With dead ends: 108 [2022-02-21 00:02:16,864 INFO L226 Difference]: Without dead ends: 108 [2022-02-21 00:02:16,864 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=21, Invalid=69, Unknown=0, NotChecked=0, Total=90 [2022-02-21 00:02:16,864 INFO L933 BasicCegarLoop]: 55 mSDtfsCounter, 32 mSDsluCounter, 235 mSDsCounter, 0 mSdLazyCounter, 98 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 290 SdHoareTripleChecker+Invalid, 109 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 98 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:16,865 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [32 Valid, 290 Invalid, 109 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 98 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-21 00:02:16,865 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 108 states. [2022-02-21 00:02:16,866 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 108 to 108. [2022-02-21 00:02:16,866 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:16,866 INFO L82 GeneralOperation]: Start isEquivalent. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.043010752688172) internal successors, (97), 93 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,867 INFO L74 IsIncluded]: Start isIncluded. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.043010752688172) internal successors, (97), 93 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,867 INFO L87 Difference]: Start difference. First operand 108 states. Second operand has 108 states, 93 states have (on average 1.043010752688172) internal successors, (97), 93 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,868 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:16,868 INFO L93 Difference]: Finished difference Result 108 states and 111 transitions. [2022-02-21 00:02:16,868 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 111 transitions. [2022-02-21 00:02:16,868 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:16,868 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:16,868 INFO L74 IsIncluded]: Start isIncluded. First operand has 108 states, 93 states have (on average 1.043010752688172) internal successors, (97), 93 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 108 states. [2022-02-21 00:02:16,869 INFO L87 Difference]: Start difference. First operand has 108 states, 93 states have (on average 1.043010752688172) internal successors, (97), 93 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 108 states. [2022-02-21 00:02:16,869 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:16,870 INFO L93 Difference]: Finished difference Result 108 states and 111 transitions. [2022-02-21 00:02:16,870 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 111 transitions. [2022-02-21 00:02:16,870 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:16,870 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:16,870 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:16,870 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:16,870 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 108 states, 93 states have (on average 1.043010752688172) internal successors, (97), 93 states have internal predecessors, (97), 8 states have call successors, (8), 8 states have call predecessors, (8), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-21 00:02:16,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 108 states to 108 states and 111 transitions. [2022-02-21 00:02:16,871 INFO L78 Accepts]: Start accepts. Automaton has 108 states and 111 transitions. Word has length 51 [2022-02-21 00:02:16,871 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:16,871 INFO L470 AbstractCegarLoop]: Abstraction has 108 states and 111 transitions. [2022-02-21 00:02:16,872 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 4.777777777777778) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,872 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 111 transitions. [2022-02-21 00:02:16,872 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 59 [2022-02-21 00:02:16,872 INFO L506 BasicCegarLoop]: Found error trace [2022-02-21 00:02:16,872 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:16,872 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable21 [2022-02-21 00:02:16,873 INFO L402 AbstractCegarLoop]: === Iteration 23 === Targeting errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK === [errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK, ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK] === [2022-02-21 00:02:16,873 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-21 00:02:16,873 INFO L85 PathProgramCache]: Analyzing trace with hash -613501158, now seen corresponding path program 1 times [2022-02-21 00:02:16,873 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-21 00:02:16,873 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1400872454] [2022-02-21 00:02:16,873 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-21 00:02:16,873 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-21 00:02:16,890 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,903 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-21 00:02:16,908 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,915 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-21 00:02:16,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,918 INFO L290 TraceCheckUtils]: 0: Hoare triple {16442#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {16408#true} is VALID [2022-02-21 00:02:16,919 INFO L290 TraceCheckUtils]: 1: Hoare triple {16408#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {16408#true} is VALID [2022-02-21 00:02:16,919 INFO L290 TraceCheckUtils]: 2: Hoare triple {16408#true} assume true; {16408#true} is VALID [2022-02-21 00:02:16,919 INFO L284 TraceCheckUtils]: 3: Hoare quadruple {16408#true} {16408#true} #753#return; {16408#true} is VALID [2022-02-21 00:02:16,922 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-21 00:02:16,922 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-21 00:02:16,923 INFO L290 TraceCheckUtils]: 0: Hoare triple {16443#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {16408#true} is VALID [2022-02-21 00:02:16,923 INFO L290 TraceCheckUtils]: 1: Hoare triple {16408#true} assume true; {16408#true} is VALID [2022-02-21 00:02:16,924 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {16408#true} {16408#true} #755#return; {16408#true} is VALID [2022-02-21 00:02:16,924 INFO L290 TraceCheckUtils]: 0: Hoare triple {16434#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {16408#true} is VALID [2022-02-21 00:02:16,924 INFO L290 TraceCheckUtils]: 1: Hoare triple {16408#true} assume 0 != ~compRegistered~0; {16408#true} is VALID [2022-02-21 00:02:16,924 INFO L272 TraceCheckUtils]: 2: Hoare triple {16408#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {16442#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:16,924 INFO L290 TraceCheckUtils]: 3: Hoare triple {16442#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {16408#true} is VALID [2022-02-21 00:02:16,925 INFO L290 TraceCheckUtils]: 4: Hoare triple {16408#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {16408#true} is VALID [2022-02-21 00:02:16,925 INFO L290 TraceCheckUtils]: 5: Hoare triple {16408#true} assume true; {16408#true} is VALID [2022-02-21 00:02:16,925 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {16408#true} {16408#true} #753#return; {16408#true} is VALID [2022-02-21 00:02:16,925 INFO L290 TraceCheckUtils]: 7: Hoare triple {16408#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {16408#true} is VALID [2022-02-21 00:02:16,925 INFO L290 TraceCheckUtils]: 8: Hoare triple {16408#true} assume -1073741802 == ~__cil_tmp7~0; {16408#true} is VALID [2022-02-21 00:02:16,925 INFO L272 TraceCheckUtils]: 9: Hoare triple {16408#true} call stubMoreProcessingRequired(); {16443#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:16,925 INFO L290 TraceCheckUtils]: 10: Hoare triple {16443#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L290 TraceCheckUtils]: 11: Hoare triple {16408#true} assume true; {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {16408#true} {16408#true} #755#return; {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L290 TraceCheckUtils]: 13: Hoare triple {16408#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L290 TraceCheckUtils]: 14: Hoare triple {16408#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L290 TraceCheckUtils]: 15: Hoare triple {16408#true} assume !(1 == ~tmp_ndt_7~0); {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L290 TraceCheckUtils]: 16: Hoare triple {16408#true} ~returnVal2~0 := 259; {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L290 TraceCheckUtils]: 17: Hoare triple {16408#true} assume !(~s~0 == ~NP~0); {16408#true} is VALID [2022-02-21 00:02:16,926 INFO L290 TraceCheckUtils]: 18: Hoare triple {16408#true} assume ~s~0 == ~MPR1~0; {16408#true} is VALID [2022-02-21 00:02:16,927 INFO L290 TraceCheckUtils]: 19: Hoare triple {16408#true} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,927 INFO L290 TraceCheckUtils]: 20: Hoare triple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} #res := ~returnVal2~0; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,927 INFO L290 TraceCheckUtils]: 21: Hoare triple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume true; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,928 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} {16408#true} #717#return; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,928 INFO L290 TraceCheckUtils]: 0: Hoare triple {16408#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(23, 2);call #Ultimate.allocInit(12, 3);~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 0;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0; {16408#true} is VALID [2022-02-21 00:02:16,928 INFO L290 TraceCheckUtils]: 1: Hoare triple {16408#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~nondet23#1, main_#t~nondet24#1, main_#t~nondet25#1, main_#t~nondet26#1, main_#t~nondet27#1, main_#t~nondet28#1, main_#t~nondet29#1, main_#t~nondet30#1, main_#t~ret31#1, main_#t~ret32#1, main_#t~ret33#1, main_#t~ret34#1, main_#t~ret35#1, main_~tmp_ndt_5~0#1, main_~tmp_ndt_4~0#1, main_~tmp_ndt_3~0#1, main_~tmp_ndt_2~0#1, main_~tmp_ndt_1~0#1, main_~status~1#1, main_~irp~0#1, main_~pirp~0#1, main_~pirp__IoStatus__Status~0#1, main_~irp_choice~0#1, main_~devobj~0#1, main_~__cil_tmp8~0#1;havoc main_~status~1#1;assume -2147483648 <= main_#t~nondet23#1 && main_#t~nondet23#1 <= 2147483647;main_~irp~0#1 := main_#t~nondet23#1;havoc main_#t~nondet23#1;havoc main_~pirp~0#1;havoc main_~pirp__IoStatus__Status~0#1;assume -2147483648 <= main_#t~nondet24#1 && main_#t~nondet24#1 <= 2147483647;main_~irp_choice~0#1 := main_#t~nondet24#1;havoc main_#t~nondet24#1;assume -2147483648 <= main_#t~nondet25#1 && main_#t~nondet25#1 <= 2147483647;main_~devobj~0#1 := main_#t~nondet25#1;havoc main_#t~nondet25#1;havoc main_~__cil_tmp8~0#1;~KernelMode~0 := 0;~Executive~0 := 0;~DevicePowerState~0 := 1;~s~0 := 0;~UNLOADED~0 := 0;~NP~0 := 0;~DC~0 := 0;~SKIP1~0 := 0;~SKIP2~0 := 0;~MPR1~0 := 0;~MPR3~0 := 0;~IPC~0 := 0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0;~myStatus~0 := 0;main_~status~1#1 := 0;main_~pirp~0#1 := main_~irp~0#1;assume { :begin_inline__BLAST_init } true;~UNLOADED~0 := 0;~NP~0 := 1;~DC~0 := 2;~SKIP1~0 := 3;~SKIP2~0 := 4;~MPR1~0 := 5;~MPR3~0 := 6;~IPC~0 := 7;~s~0 := ~UNLOADED~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {16408#true} is VALID [2022-02-21 00:02:16,928 INFO L290 TraceCheckUtils]: 2: Hoare triple {16408#true} assume { :end_inline__BLAST_init } true; {16408#true} is VALID [2022-02-21 00:02:16,928 INFO L290 TraceCheckUtils]: 3: Hoare triple {16408#true} assume main_~status~1#1 >= 0;~s~0 := ~NP~0;~customIrp~0 := 0;~setEventCalled~0 := ~customIrp~0;~lowerDriverReturn~0 := ~setEventCalled~0;~compRegistered~0 := ~lowerDriverReturn~0;~pended~0 := ~compRegistered~0;main_~pirp__IoStatus__Status~0#1 := 0;~myStatus~0 := 0; {16408#true} is VALID [2022-02-21 00:02:16,928 INFO L290 TraceCheckUtils]: 4: Hoare triple {16408#true} assume 0 == main_~irp_choice~0#1;main_~pirp__IoStatus__Status~0#1 := -1073741637;~myStatus~0 := -1073741637; {16408#true} is VALID [2022-02-21 00:02:16,928 INFO L290 TraceCheckUtils]: 5: Hoare triple {16408#true} assume { :begin_inline_stub_driver_init } true;~s~0 := ~NP~0;~pended~0 := 0;~compFptr~0 := 0;~compRegistered~0 := 0;~lowerDriverReturn~0 := 0;~setEventCalled~0 := 0;~customIrp~0 := 0; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 6: Hoare triple {16408#true} assume { :end_inline_stub_driver_init } true; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 7: Hoare triple {16408#true} assume !(main_~status~1#1 < 0);havoc main_~tmp_ndt_1~0#1;assume -2147483648 <= main_#t~nondet26#1 && main_#t~nondet26#1 <= 2147483647;main_~tmp_ndt_1~0#1 := main_#t~nondet26#1;havoc main_#t~nondet26#1; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 8: Hoare triple {16408#true} assume !(0 == main_~tmp_ndt_1~0#1);havoc main_~tmp_ndt_2~0#1;assume -2147483648 <= main_#t~nondet27#1 && main_#t~nondet27#1 <= 2147483647;main_~tmp_ndt_2~0#1 := main_#t~nondet27#1;havoc main_#t~nondet27#1; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 9: Hoare triple {16408#true} assume !(1 == main_~tmp_ndt_2~0#1);havoc main_~tmp_ndt_3~0#1;assume -2147483648 <= main_#t~nondet28#1 && main_#t~nondet28#1 <= 2147483647;main_~tmp_ndt_3~0#1 := main_#t~nondet28#1;havoc main_#t~nondet28#1; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 10: Hoare triple {16408#true} assume 3 == main_~tmp_ndt_3~0#1; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 11: Hoare triple {16408#true} assume { :begin_inline_KbFilter_PnP } true;KbFilter_PnP_#in~DeviceObject#1, KbFilter_PnP_#in~Irp#1 := main_~devobj~0#1, main_~pirp~0#1;havoc KbFilter_PnP_#res#1;havoc KbFilter_PnP_#t~nondet6#1, KbFilter_PnP_#t~nondet7#1, KbFilter_PnP_#t~nondet8#1, KbFilter_PnP_#t~nondet9#1, KbFilter_PnP_#t~nondet10#1, KbFilter_PnP_#t~nondet11#1, KbFilter_PnP_#t~ret12#1, KbFilter_PnP_#t~ret13#1, KbFilter_PnP_#t~post14#1, KbFilter_PnP_#t~post15#1, KbFilter_PnP_#t~ret16#1, KbFilter_PnP_#t~post17#1, KbFilter_PnP_#t~post18#1, KbFilter_PnP_#t~ret19#1, KbFilter_PnP_#t~post20#1, KbFilter_PnP_#t~post21#1, KbFilter_PnP_#t~ret22#1, KbFilter_PnP_~DeviceObject#1, KbFilter_PnP_~Irp#1, KbFilter_PnP_~devExt~0#1, KbFilter_PnP_~irpStack~0#1, KbFilter_PnP_~status~0#1, KbFilter_PnP_~event~0#1, KbFilter_PnP_~DeviceObject__DeviceExtension~0#1, KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1, KbFilter_PnP_~irpStack__MinorFunction~0#1, KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~devExt__Started~0#1, KbFilter_PnP_~devExt__Removed~0#1, KbFilter_PnP_~devExt__SurpriseRemoved~0#1, KbFilter_PnP_~Irp__IoStatus__Status~0#1, KbFilter_PnP_~Irp__IoStatus__Information~0#1, KbFilter_PnP_~Irp__CurrentLocation~0#1, KbFilter_PnP_~irpSp~0#1, KbFilter_PnP_~nextIrpSp~0#1, KbFilter_PnP_~nextIrpSp__Control~0#1, KbFilter_PnP_~irpSp___0~0#1, KbFilter_PnP_~irpSp__Context~0#1, KbFilter_PnP_~irpSp__Control~0#1, KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~DeviceObject#1 := KbFilter_PnP_#in~DeviceObject#1;KbFilter_PnP_~Irp#1 := KbFilter_PnP_#in~Irp#1;havoc KbFilter_PnP_~devExt~0#1;havoc KbFilter_PnP_~irpStack~0#1;havoc KbFilter_PnP_~status~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet6#1 && KbFilter_PnP_#t~nondet6#1 <= 2147483647;KbFilter_PnP_~event~0#1 := KbFilter_PnP_#t~nondet6#1;havoc KbFilter_PnP_#t~nondet6#1;assume -2147483648 <= KbFilter_PnP_#t~nondet7#1 && KbFilter_PnP_#t~nondet7#1 <= 2147483647;KbFilter_PnP_~DeviceObject__DeviceExtension~0#1 := KbFilter_PnP_#t~nondet7#1;havoc KbFilter_PnP_#t~nondet7#1;assume -2147483648 <= KbFilter_PnP_#t~nondet8#1 && KbFilter_PnP_#t~nondet8#1 <= 2147483647;KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 := KbFilter_PnP_#t~nondet8#1;havoc KbFilter_PnP_#t~nondet8#1;assume -2147483648 <= KbFilter_PnP_#t~nondet9#1 && KbFilter_PnP_#t~nondet9#1 <= 2147483647;KbFilter_PnP_~irpStack__MinorFunction~0#1 := KbFilter_PnP_#t~nondet9#1;havoc KbFilter_PnP_#t~nondet9#1;assume -2147483648 <= KbFilter_PnP_#t~nondet10#1 && KbFilter_PnP_#t~nondet10#1 <= 2147483647;KbFilter_PnP_~devExt__TopOfStack~0#1 := KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_#t~nondet10#1;havoc KbFilter_PnP_~devExt__Started~0#1;havoc KbFilter_PnP_~devExt__Removed~0#1;havoc KbFilter_PnP_~devExt__SurpriseRemoved~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Status~0#1;havoc KbFilter_PnP_~Irp__IoStatus__Information~0#1;assume -2147483648 <= KbFilter_PnP_#t~nondet11#1 && KbFilter_PnP_#t~nondet11#1 <= 2147483647;KbFilter_PnP_~Irp__CurrentLocation~0#1 := KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_#t~nondet11#1;havoc KbFilter_PnP_~irpSp~0#1;havoc KbFilter_PnP_~nextIrpSp~0#1;havoc KbFilter_PnP_~nextIrpSp__Control~0#1;havoc KbFilter_PnP_~irpSp___0~0#1;havoc KbFilter_PnP_~irpSp__Context~0#1;havoc KbFilter_PnP_~irpSp__Control~0#1;havoc KbFilter_PnP_~__cil_tmp23~0#1;KbFilter_PnP_~status~0#1 := 0;KbFilter_PnP_~devExt~0#1 := KbFilter_PnP_~DeviceObject__DeviceExtension~0#1;KbFilter_PnP_~irpStack~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 12: Hoare triple {16408#true} assume 0 == KbFilter_PnP_~irpStack__MinorFunction~0#1; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 13: Hoare triple {16408#true} KbFilter_PnP_~irpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1;KbFilter_PnP_~nextIrpSp~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~nextIrpSp__Control~0#1 := 0; {16408#true} is VALID [2022-02-21 00:02:16,929 INFO L290 TraceCheckUtils]: 14: Hoare triple {16408#true} assume !(~s~0 != ~NP~0); {16408#true} is VALID [2022-02-21 00:02:16,930 INFO L290 TraceCheckUtils]: 15: Hoare triple {16408#true} assume !(0 != ~compRegistered~0);~compRegistered~0 := 1; {16408#true} is VALID [2022-02-21 00:02:16,930 INFO L290 TraceCheckUtils]: 16: Hoare triple {16408#true} KbFilter_PnP_~irpSp___0~0#1 := KbFilter_PnP_~Irp__Tail__Overlay__CurrentStackLocation~0#1 - 1;KbFilter_PnP_~irpSp__Context~0#1 := KbFilter_PnP_~event~0#1;KbFilter_PnP_~irpSp__Control~0#1 := 224; {16408#true} is VALID [2022-02-21 00:02:16,930 INFO L272 TraceCheckUtils]: 17: Hoare triple {16408#true} call KbFilter_PnP_#t~ret12#1 := IofCallDriver(KbFilter_PnP_~devExt__TopOfStack~0#1, KbFilter_PnP_~Irp#1); {16434#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} is VALID [2022-02-21 00:02:16,930 INFO L290 TraceCheckUtils]: 18: Hoare triple {16434#(and (= ~setEventCalled~0 |old(~setEventCalled~0)|) (= ~lowerDriverReturn~0 |old(~lowerDriverReturn~0)|) (= ~s~0 |old(~s~0)|))} ~DeviceObject := #in~DeviceObject;~Irp := #in~Irp;havoc ~returnVal2~0;havoc ~compRetStatus~0;assume -2147483648 <= #t~nondet36 && #t~nondet36 <= 2147483647;~lcontext~0 := #t~nondet36;havoc #t~nondet36;havoc ~__cil_tmp7~0; {16408#true} is VALID [2022-02-21 00:02:16,930 INFO L290 TraceCheckUtils]: 19: Hoare triple {16408#true} assume 0 != ~compRegistered~0; {16408#true} is VALID [2022-02-21 00:02:16,931 INFO L272 TraceCheckUtils]: 20: Hoare triple {16408#true} call #t~ret37 := KbFilter_Complete(~DeviceObject, ~Irp, ~lcontext~0); {16442#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} is VALID [2022-02-21 00:02:16,931 INFO L290 TraceCheckUtils]: 21: Hoare triple {16442#(= ~setEventCalled~0 |old(~setEventCalled~0)|)} ~DeviceObject#1 := #in~DeviceObject#1;~Irp#1 := #in~Irp#1;~Context#1 := #in~Context#1;havoc ~event~1#1;~event~1#1 := ~Context#1;assume { :begin_inline_KeSetEvent } true;KeSetEvent_#in~Event#1, KeSetEvent_#in~Increment#1, KeSetEvent_#in~Wait#1 := ~event~1#1, 0, 0;havoc KeSetEvent_#res#1;havoc KeSetEvent_#t~nondet40#1, KeSetEvent_~Event#1, KeSetEvent_~Increment#1, KeSetEvent_~Wait#1, KeSetEvent_~l~0#1;KeSetEvent_~Event#1 := KeSetEvent_#in~Event#1;KeSetEvent_~Increment#1 := KeSetEvent_#in~Increment#1;KeSetEvent_~Wait#1 := KeSetEvent_#in~Wait#1;assume -2147483648 <= KeSetEvent_#t~nondet40#1 && KeSetEvent_#t~nondet40#1 <= 2147483647;KeSetEvent_~l~0#1 := KeSetEvent_#t~nondet40#1;havoc KeSetEvent_#t~nondet40#1;~setEventCalled~0 := 1;KeSetEvent_#res#1 := KeSetEvent_~l~0#1; {16408#true} is VALID [2022-02-21 00:02:16,931 INFO L290 TraceCheckUtils]: 22: Hoare triple {16408#true} #t~ret42#1 := KeSetEvent_#res#1;assume { :end_inline_KeSetEvent } true;assume -2147483648 <= #t~ret42#1 && #t~ret42#1 <= 2147483647;havoc #t~ret42#1;#res#1 := -1073741802; {16408#true} is VALID [2022-02-21 00:02:16,931 INFO L290 TraceCheckUtils]: 23: Hoare triple {16408#true} assume true; {16408#true} is VALID [2022-02-21 00:02:16,931 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {16408#true} {16408#true} #753#return; {16408#true} is VALID [2022-02-21 00:02:16,931 INFO L290 TraceCheckUtils]: 25: Hoare triple {16408#true} assume -2147483648 <= #t~ret37 && #t~ret37 <= 2147483647;~compRetStatus~0 := #t~ret37;havoc #t~ret37;~__cil_tmp7~0 := ~compRetStatus~0; {16408#true} is VALID [2022-02-21 00:02:16,932 INFO L290 TraceCheckUtils]: 26: Hoare triple {16408#true} assume -1073741802 == ~__cil_tmp7~0; {16408#true} is VALID [2022-02-21 00:02:16,932 INFO L272 TraceCheckUtils]: 27: Hoare triple {16408#true} call stubMoreProcessingRequired(); {16443#(= ~s~0 |old(~s~0)|)} is VALID [2022-02-21 00:02:16,932 INFO L290 TraceCheckUtils]: 28: Hoare triple {16443#(= ~s~0 |old(~s~0)|)} assume ~s~0 == ~NP~0;~s~0 := ~MPR1~0; {16408#true} is VALID [2022-02-21 00:02:16,932 INFO L290 TraceCheckUtils]: 29: Hoare triple {16408#true} assume true; {16408#true} is VALID [2022-02-21 00:02:16,932 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {16408#true} {16408#true} #755#return; {16408#true} is VALID [2022-02-21 00:02:16,932 INFO L290 TraceCheckUtils]: 31: Hoare triple {16408#true} havoc ~tmp_ndt_6~0;assume -2147483648 <= #t~nondet38 && #t~nondet38 <= 2147483647;~tmp_ndt_6~0 := #t~nondet38;havoc #t~nondet38; {16408#true} is VALID [2022-02-21 00:02:16,932 INFO L290 TraceCheckUtils]: 32: Hoare triple {16408#true} assume !(0 == ~tmp_ndt_6~0);havoc ~tmp_ndt_7~0;assume -2147483648 <= #t~nondet39 && #t~nondet39 <= 2147483647;~tmp_ndt_7~0 := #t~nondet39;havoc #t~nondet39; {16408#true} is VALID [2022-02-21 00:02:16,932 INFO L290 TraceCheckUtils]: 33: Hoare triple {16408#true} assume !(1 == ~tmp_ndt_7~0); {16408#true} is VALID [2022-02-21 00:02:16,933 INFO L290 TraceCheckUtils]: 34: Hoare triple {16408#true} ~returnVal2~0 := 259; {16408#true} is VALID [2022-02-21 00:02:16,933 INFO L290 TraceCheckUtils]: 35: Hoare triple {16408#true} assume !(~s~0 == ~NP~0); {16408#true} is VALID [2022-02-21 00:02:16,933 INFO L290 TraceCheckUtils]: 36: Hoare triple {16408#true} assume ~s~0 == ~MPR1~0; {16408#true} is VALID [2022-02-21 00:02:16,933 INFO L290 TraceCheckUtils]: 37: Hoare triple {16408#true} assume 259 == ~returnVal2~0;~s~0 := ~MPR3~0;~lowerDriverReturn~0 := ~returnVal2~0; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,933 INFO L290 TraceCheckUtils]: 38: Hoare triple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} #res := ~returnVal2~0; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,934 INFO L290 TraceCheckUtils]: 39: Hoare triple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume true; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,934 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} {16408#true} #717#return; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,934 INFO L290 TraceCheckUtils]: 41: Hoare triple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume -2147483648 <= KbFilter_PnP_#t~ret12#1 && KbFilter_PnP_#t~ret12#1 <= 2147483647;KbFilter_PnP_~status~0#1 := KbFilter_PnP_#t~ret12#1;havoc KbFilter_PnP_#t~ret12#1;KbFilter_PnP_~__cil_tmp23~0#1 := KbFilter_PnP_~status~0#1; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,935 INFO L290 TraceCheckUtils]: 42: Hoare triple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume 259 == KbFilter_PnP_~__cil_tmp23~0#1;assume { :begin_inline_KeWaitForSingleObject } true;KeWaitForSingleObject_#in~Object#1, KeWaitForSingleObject_#in~WaitReason#1, KeWaitForSingleObject_#in~WaitMode#1, KeWaitForSingleObject_#in~Alertable#1, KeWaitForSingleObject_#in~Timeout#1 := KbFilter_PnP_~event~0#1, ~Executive~0, ~KernelMode~0, 0, 0;havoc KeWaitForSingleObject_#res#1;havoc KeWaitForSingleObject_#t~nondet41#1, KeWaitForSingleObject_~tmp_ndt_8~0#1, KeWaitForSingleObject_~Object#1, KeWaitForSingleObject_~WaitReason#1, KeWaitForSingleObject_~WaitMode#1, KeWaitForSingleObject_~Alertable#1, KeWaitForSingleObject_~Timeout#1;KeWaitForSingleObject_~Object#1 := KeWaitForSingleObject_#in~Object#1;KeWaitForSingleObject_~WaitReason#1 := KeWaitForSingleObject_#in~WaitReason#1;KeWaitForSingleObject_~WaitMode#1 := KeWaitForSingleObject_#in~WaitMode#1;KeWaitForSingleObject_~Alertable#1 := KeWaitForSingleObject_#in~Alertable#1;KeWaitForSingleObject_~Timeout#1 := KeWaitForSingleObject_#in~Timeout#1; {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} is VALID [2022-02-21 00:02:16,935 INFO L290 TraceCheckUtils]: 43: Hoare triple {16433#(= (+ ~MPR3~0 (* (- 1) ~s~0)) 0)} assume !(~s~0 == ~MPR3~0); {16409#false} is VALID [2022-02-21 00:02:16,935 INFO L290 TraceCheckUtils]: 44: Hoare triple {16409#false} assume !(1 == ~customIrp~0); {16409#false} is VALID [2022-02-21 00:02:16,935 INFO L290 TraceCheckUtils]: 45: Hoare triple {16409#false} assume !(~s~0 == ~MPR3~0); {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 46: Hoare triple {16409#false} havoc KeWaitForSingleObject_~tmp_ndt_8~0#1;assume -2147483648 <= KeWaitForSingleObject_#t~nondet41#1 && KeWaitForSingleObject_#t~nondet41#1 <= 2147483647;KeWaitForSingleObject_~tmp_ndt_8~0#1 := KeWaitForSingleObject_#t~nondet41#1;havoc KeWaitForSingleObject_#t~nondet41#1; {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 47: Hoare triple {16409#false} assume !(0 == KeWaitForSingleObject_~tmp_ndt_8~0#1); {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 48: Hoare triple {16409#false} KeWaitForSingleObject_#res#1 := -1073741823; {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 49: Hoare triple {16409#false} KbFilter_PnP_#t~ret13#1 := KeWaitForSingleObject_#res#1;assume { :end_inline_KeWaitForSingleObject } true;assume -2147483648 <= KbFilter_PnP_#t~ret13#1 && KbFilter_PnP_#t~ret13#1 <= 2147483647;havoc KbFilter_PnP_#t~ret13#1; {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 50: Hoare triple {16409#false} assume KbFilter_PnP_~status~0#1 >= 0; {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 51: Hoare triple {16409#false} assume !(~myStatus~0 >= 0); {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 52: Hoare triple {16409#false} KbFilter_PnP_~Irp__IoStatus__Status~0#1 := KbFilter_PnP_~status~0#1;~myStatus~0 := KbFilter_PnP_~status~0#1;KbFilter_PnP_~Irp__IoStatus__Information~0#1 := 0; {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L272 TraceCheckUtils]: 53: Hoare triple {16409#false} call IofCompleteRequest(KbFilter_PnP_~Irp#1, 0); {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 54: Hoare triple {16409#false} ~Irp := #in~Irp;~PriorityBoost := #in~PriorityBoost; {16409#false} is VALID [2022-02-21 00:02:16,936 INFO L290 TraceCheckUtils]: 55: Hoare triple {16409#false} assume !(~s~0 == ~NP~0); {16409#false} is VALID [2022-02-21 00:02:16,937 INFO L272 TraceCheckUtils]: 56: Hoare triple {16409#false} call errorFn(); {16409#false} is VALID [2022-02-21 00:02:16,937 INFO L290 TraceCheckUtils]: 57: Hoare triple {16409#false} assume !false; {16409#false} is VALID [2022-02-21 00:02:16,937 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-21 00:02:16,937 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-21 00:02:16,937 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1400872454] [2022-02-21 00:02:16,937 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1400872454] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-21 00:02:16,937 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-21 00:02:16,937 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-21 00:02:16,938 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2062519812] [2022-02-21 00:02:16,938 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-21 00:02:16,939 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 8.333333333333334) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 58 [2022-02-21 00:02:16,939 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-21 00:02:16,939 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 8.333333333333334) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:16,969 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 58 edges. 58 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:16,969 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-21 00:02:16,969 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-21 00:02:16,969 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-21 00:02:16,970 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:16,970 INFO L87 Difference]: Start difference. First operand 108 states and 111 transitions. Second operand has 6 states, 6 states have (on average 8.333333333333334) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:17,069 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:17,069 INFO L93 Difference]: Finished difference Result 83 states and 82 transitions. [2022-02-21 00:02:17,069 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-21 00:02:17,069 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 8.333333333333334) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 58 [2022-02-21 00:02:17,069 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-21 00:02:17,069 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 8.333333333333334) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:17,070 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 45 transitions. [2022-02-21 00:02:17,070 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 8.333333333333334) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:17,070 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 45 transitions. [2022-02-21 00:02:17,071 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 45 transitions. [2022-02-21 00:02:17,098 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 45 edges. 45 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-21 00:02:17,098 INFO L225 Difference]: With dead ends: 83 [2022-02-21 00:02:17,098 INFO L226 Difference]: Without dead ends: 0 [2022-02-21 00:02:17,098 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-02-21 00:02:17,098 INFO L933 BasicCegarLoop]: 42 mSDtfsCounter, 10 mSDsluCounter, 73 mSDsCounter, 0 mSdLazyCounter, 42 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 115 SdHoareTripleChecker+Invalid, 50 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 42 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-21 00:02:17,099 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [10 Valid, 115 Invalid, 50 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 42 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-21 00:02:17,099 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-21 00:02:17,099 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-21 00:02:17,099 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-21 00:02:17,099 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:17,099 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:17,099 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:17,100 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:17,100 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-21 00:02:17,100 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-21 00:02:17,100 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:17,100 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:17,100 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-21 00:02:17,100 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-21 00:02:17,100 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-21 00:02:17,100 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-21 00:02:17,100 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-21 00:02:17,101 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:17,101 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-21 00:02:17,101 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-21 00:02:17,101 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-21 00:02:17,101 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-21 00:02:17,101 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-21 00:02:17,101 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 58 [2022-02-21 00:02:17,101 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-21 00:02:17,101 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-21 00:02:17,102 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 8.333333333333334) internal successors, (50), 3 states have internal predecessors, (50), 2 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-21 00:02:17,102 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-21 00:02:17,102 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-21 00:02:17,104 INFO L764 garLoopResultBuilder]: Registering result SAFE for location errorFnErr0ASSERT_VIOLATIONMEMORY_LEAK (1 of 2 remaining) [2022-02-21 00:02:17,106 INFO L764 garLoopResultBuilder]: Registering result SAFE for location ULTIMATE.startErr0ASSERT_VIOLATIONMEMORY_LEAK (0 of 2 remaining) [2022-02-21 00:02:17,106 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable22 [2022-02-21 00:02:17,108 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-21 00:02:17,109 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-21 00:02:17,110 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 21.02 12:02:17 BoogieIcfgContainer [2022-02-21 00:02:17,111 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-21 00:02:17,111 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-21 00:02:17,111 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-21 00:02:17,111 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-21 00:02:17,112 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 21.02 12:02:03" (3/4) ... [2022-02-21 00:02:17,113 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-21 00:02:17,117 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure KbFilter_Complete [2022-02-21 00:02:17,117 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure KbFilter_CreateClose [2022-02-21 00:02:17,117 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure IofCompleteRequest [2022-02-21 00:02:17,117 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure errorFn [2022-02-21 00:02:17,117 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure KbFilter_DispatchPassThrough [2022-02-21 00:02:17,117 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure IofCallDriver [2022-02-21 00:02:17,118 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure stubMoreProcessingRequired [2022-02-21 00:02:17,128 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 36 nodes and edges [2022-02-21 00:02:17,129 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 18 nodes and edges [2022-02-21 00:02:17,130 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 4 nodes and edges [2022-02-21 00:02:17,131 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-21 00:02:17,186 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-21 00:02:17,186 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-21 00:02:17,187 INFO L158 Benchmark]: Toolchain (without parser) took 14548.59ms. Allocated memory was 96.5MB in the beginning and 220.2MB in the end (delta: 123.7MB). Free memory was 64.7MB in the beginning and 93.4MB in the end (delta: -28.8MB). Peak memory consumption was 94.8MB. Max. memory is 16.1GB. [2022-02-21 00:02:17,187 INFO L158 Benchmark]: CDTParser took 0.14ms. Allocated memory is still 96.5MB. Free memory was 53.4MB in the beginning and 53.4MB in the end (delta: 38.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-21 00:02:17,187 INFO L158 Benchmark]: CACSL2BoogieTranslator took 338.04ms. Allocated memory is still 96.5MB. Free memory was 64.5MB in the beginning and 64.0MB in the end (delta: 531.3kB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-21 00:02:17,188 INFO L158 Benchmark]: Boogie Procedure Inliner took 79.29ms. Allocated memory is still 96.5MB. Free memory was 64.0MB in the beginning and 58.9MB in the end (delta: 5.1MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-21 00:02:17,188 INFO L158 Benchmark]: Boogie Preprocessor took 31.46ms. Allocated memory is still 96.5MB. Free memory was 58.9MB in the beginning and 56.0MB in the end (delta: 2.9MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-21 00:02:17,188 INFO L158 Benchmark]: RCFGBuilder took 760.84ms. Allocated memory was 96.5MB in the beginning and 117.4MB in the end (delta: 21.0MB). Free memory was 56.0MB in the beginning and 60.1MB in the end (delta: -4.0MB). Peak memory consumption was 27.3MB. Max. memory is 16.1GB. [2022-02-21 00:02:17,188 INFO L158 Benchmark]: TraceAbstraction took 13254.34ms. Allocated memory was 117.4MB in the beginning and 220.2MB in the end (delta: 102.8MB). Free memory was 59.5MB in the beginning and 105.0MB in the end (delta: -45.5MB). Peak memory consumption was 57.4MB. Max. memory is 16.1GB. [2022-02-21 00:02:17,188 INFO L158 Benchmark]: Witness Printer took 75.28ms. Allocated memory is still 220.2MB. Free memory was 105.0MB in the beginning and 93.4MB in the end (delta: 11.5MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-21 00:02:17,189 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.14ms. Allocated memory is still 96.5MB. Free memory was 53.4MB in the beginning and 53.4MB in the end (delta: 38.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 338.04ms. Allocated memory is still 96.5MB. Free memory was 64.5MB in the beginning and 64.0MB in the end (delta: 531.3kB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 79.29ms. Allocated memory is still 96.5MB. Free memory was 64.0MB in the beginning and 58.9MB in the end (delta: 5.1MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 31.46ms. Allocated memory is still 96.5MB. Free memory was 58.9MB in the beginning and 56.0MB in the end (delta: 2.9MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * RCFGBuilder took 760.84ms. Allocated memory was 96.5MB in the beginning and 117.4MB in the end (delta: 21.0MB). Free memory was 56.0MB in the beginning and 60.1MB in the end (delta: -4.0MB). Peak memory consumption was 27.3MB. Max. memory is 16.1GB. * TraceAbstraction took 13254.34ms. Allocated memory was 117.4MB in the beginning and 220.2MB in the end (delta: 102.8MB). Free memory was 59.5MB in the beginning and 105.0MB in the end (delta: -45.5MB). Peak memory consumption was 57.4MB. Max. memory is 16.1GB. * Witness Printer took 75.28ms. Allocated memory is still 220.2MB. Free memory was 105.0MB in the beginning and 93.4MB in the end (delta: 11.5MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 1013]: all allocated memory was freed For all program executions holds that all allocated memory was freed at this location - PositiveResult [Line: 295]: all allocated memory was freed For all program executions holds that all allocated memory was freed at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 209 locations, 2 error locations. Started 1 CEGAR loops. OverallTime: 13.2s, OverallIterations: 23, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 9.9s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2899 SdHoareTripleChecker+Valid, 1.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2869 mSDsluCounter, 8275 SdHoareTripleChecker+Invalid, 1.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4684 mSDsCounter, 378 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1715 IncrementalHoareTripleChecker+Invalid, 2093 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 378 mSolverCounterUnsat, 3591 mSDtfsCounter, 1715 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 218 GetRequests, 98 SyntacticMatches, 2 SemanticMatches, 118 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 32 ImplicationChecksByTransitivity, 0.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=297occurred in iteration=7, InterpolantAutomatonStates: 139, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.5s AutomataMinimizationTime, 23 MinimizatonAttempts, 113 StatesRemovedByMinimization, 12 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.5s InterpolantComputationTime, 866 NumberOfCodeBlocks, 866 NumberOfCodeBlocksAsserted, 23 NumberOfCheckSat, 843 ConstructedInterpolants, 0 QuantifiedInterpolants, 2221 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 23 InterpolantComputations, 23 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 2 specifications checked. All of them hold RESULT: Ultimate proved your program to be correct! [2022-02-21 00:02:17,230 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE