./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/ldv-memsafety/memleaks_test12-1.i --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test12-1.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 28b4a2248017400eafcc33919e1388faa83abd48459a3d9191abc0a1d3b17a56 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 23:49:50,888 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 23:49:50,894 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 23:49:50,942 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 23:49:50,947 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 23:49:50,952 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 23:49:50,954 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 23:49:50,957 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 23:49:50,959 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 23:49:50,965 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 23:49:50,966 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 23:49:50,966 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 23:49:50,967 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 23:49:50,969 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 23:49:50,971 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 23:49:50,972 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 23:49:50,973 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 23:49:50,973 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 23:49:50,975 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 23:49:50,976 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 23:49:50,977 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 23:49:50,978 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 23:49:50,979 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 23:49:50,980 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 23:49:50,983 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 23:49:50,985 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 23:49:50,985 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 23:49:50,986 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 23:49:50,987 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 23:49:50,988 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 23:49:50,989 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 23:49:50,990 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 23:49:50,991 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 23:49:50,992 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 23:49:50,993 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 23:49:50,993 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 23:49:50,994 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 23:49:50,994 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 23:49:50,994 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 23:49:50,995 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 23:49:50,995 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 23:49:50,996 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2022-02-20 23:49:51,017 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 23:49:51,017 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 23:49:51,017 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 23:49:51,018 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 23:49:51,018 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 23:49:51,018 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 23:49:51,019 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 23:49:51,019 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 23:49:51,019 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 23:49:51,020 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 23:49:51,020 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 23:49:51,020 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-02-20 23:49:51,020 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 23:49:51,020 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 23:49:51,021 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 23:49:51,021 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-02-20 23:49:51,021 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-02-20 23:49:51,021 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-02-20 23:49:51,021 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 23:49:51,022 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 23:49:51,022 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 23:49:51,022 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 23:49:51,022 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 23:49:51,022 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 23:49:51,023 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 23:49:51,023 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 23:49:51,023 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 23:49:51,023 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 23:49:51,023 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 23:49:51,024 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 23:49:51,024 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 28b4a2248017400eafcc33919e1388faa83abd48459a3d9191abc0a1d3b17a56 [2022-02-20 23:49:51,279 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 23:49:51,298 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 23:49:51,301 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 23:49:51,303 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 23:49:51,304 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 23:49:51,305 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test12-1.i [2022-02-20 23:49:51,368 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d750274da/06e95622f9734d799ee25d62d84b0346/FLAGfb36eadc4 [2022-02-20 23:49:51,879 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 23:49:51,880 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test12-1.i [2022-02-20 23:49:51,900 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d750274da/06e95622f9734d799ee25d62d84b0346/FLAGfb36eadc4 [2022-02-20 23:49:52,168 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d750274da/06e95622f9734d799ee25d62d84b0346 [2022-02-20 23:49:52,173 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 23:49:52,174 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 23:49:52,175 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:52,175 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 23:49:52,177 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 23:49:52,178 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:52" (1/1) ... [2022-02-20 23:49:52,179 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@51c80cb8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:52, skipping insertion in model container [2022-02-20 23:49:52,179 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:52" (1/1) ... [2022-02-20 23:49:52,185 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 23:49:52,218 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 23:49:52,692 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:52,709 ERROR L326 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types where the value type is smaller than the cast-to type while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2022-02-20 23:49:52,710 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@2ccb4b79 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:52, skipping insertion in model container [2022-02-20 23:49:52,710 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:52,711 INFO L184 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.procedureinliner [2022-02-20 23:49:52,714 INFO L158 Benchmark]: Toolchain (without parser) took 538.40ms. Allocated memory was 79.7MB in the beginning and 104.9MB in the end (delta: 25.2MB). Free memory was 46.7MB in the beginning and 75.0MB in the end (delta: -28.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 23:49:52,715 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 79.7MB. Free memory was 48.9MB in the beginning and 48.9MB in the end (delta: 29.9kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 23:49:52,716 INFO L158 Benchmark]: CACSL2BoogieTranslator took 535.97ms. Allocated memory was 79.7MB in the beginning and 104.9MB in the end (delta: 25.2MB). Free memory was 46.7MB in the beginning and 75.0MB in the end (delta: -28.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 23:49:52,718 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 79.7MB. Free memory was 48.9MB in the beginning and 48.9MB in the end (delta: 29.9kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 535.97ms. Allocated memory was 79.7MB in the beginning and 104.9MB in the end (delta: 25.2MB). Free memory was 46.7MB in the beginning and 75.0MB in the end (delta: -28.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 576]: Unsupported Syntax Found a cast between two array/pointer types where the value type is smaller than the cast-to type while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test12-1.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 28b4a2248017400eafcc33919e1388faa83abd48459a3d9191abc0a1d3b17a56 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 23:49:54,405 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 23:49:54,406 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 23:49:54,447 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 23:49:54,447 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 23:49:54,450 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 23:49:54,452 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 23:49:54,456 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 23:49:54,459 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 23:49:54,461 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 23:49:54,462 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 23:49:54,466 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 23:49:54,466 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 23:49:54,468 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 23:49:54,471 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 23:49:54,473 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 23:49:54,474 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 23:49:54,474 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 23:49:54,476 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 23:49:54,478 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 23:49:54,484 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 23:49:54,485 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 23:49:54,486 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 23:49:54,487 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 23:49:54,490 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 23:49:54,495 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 23:49:54,496 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 23:49:54,496 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 23:49:54,497 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 23:49:54,499 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 23:49:54,499 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 23:49:54,499 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 23:49:54,500 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 23:49:54,501 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 23:49:54,502 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 23:49:54,503 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 23:49:54,503 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 23:49:54,504 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 23:49:54,504 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 23:49:54,504 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 23:49:54,506 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 23:49:54,507 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2022-02-20 23:49:54,535 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 23:49:54,535 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 23:49:54,536 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 23:49:54,537 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 23:49:54,537 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 23:49:54,538 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 23:49:54,539 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 23:49:54,539 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 23:49:54,539 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 23:49:54,539 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 23:49:54,540 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 23:49:54,540 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-02-20 23:49:54,540 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 23:49:54,540 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 23:49:54,541 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 23:49:54,541 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-02-20 23:49:54,541 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-02-20 23:49:54,541 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-02-20 23:49:54,542 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 23:49:54,542 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 23:49:54,542 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-02-20 23:49:54,542 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-02-20 23:49:54,542 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 23:49:54,542 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 23:49:54,543 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 23:49:54,543 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 23:49:54,543 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 23:49:54,543 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 23:49:54,544 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 23:49:54,544 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 23:49:54,544 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-02-20 23:49:54,544 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-02-20 23:49:54,545 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-02-20 23:49:54,545 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 28b4a2248017400eafcc33919e1388faa83abd48459a3d9191abc0a1d3b17a56 [2022-02-20 23:49:54,819 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 23:49:54,839 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 23:49:54,841 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 23:49:54,842 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 23:49:54,844 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 23:49:54,845 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test12-1.i [2022-02-20 23:49:54,905 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/800a922c8/648d5a126a854da49679f5274291049a/FLAG817a5e70e [2022-02-20 23:49:55,470 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 23:49:55,471 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test12-1.i [2022-02-20 23:49:55,488 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/800a922c8/648d5a126a854da49679f5274291049a/FLAG817a5e70e [2022-02-20 23:49:55,772 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/800a922c8/648d5a126a854da49679f5274291049a [2022-02-20 23:49:55,774 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 23:49:55,775 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 23:49:55,776 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:55,776 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 23:49:55,782 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 23:49:55,784 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:55" (1/1) ... [2022-02-20 23:49:55,785 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@e5d0f9d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:55, skipping insertion in model container [2022-02-20 23:49:55,785 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:55" (1/1) ... [2022-02-20 23:49:55,791 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 23:49:55,845 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 23:49:56,250 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:56,271 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-02-20 23:49:56,279 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 23:49:56,363 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:56,376 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 23:49:56,461 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:56,515 INFO L208 MainTranslator]: Completed translation [2022-02-20 23:49:56,515 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56 WrapperNode [2022-02-20 23:49:56,516 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:56,517 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 23:49:56,517 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 23:49:56,517 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 23:49:56,523 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,557 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,609 INFO L137 Inliner]: procedures = 179, calls = 145, calls flagged for inlining = 33, calls inlined = 20, statements flattened = 331 [2022-02-20 23:49:56,613 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 23:49:56,614 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 23:49:56,614 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 23:49:56,614 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 23:49:56,621 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,621 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,638 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,651 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,687 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,691 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,698 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,707 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 23:49:56,712 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 23:49:56,715 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 23:49:56,715 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 23:49:56,716 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (1/1) ... [2022-02-20 23:49:56,721 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 23:49:56,730 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 23:49:56,753 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 23:49:56,776 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 23:49:56,792 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE1 [2022-02-20 23:49:56,792 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2022-02-20 23:49:56,793 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~$Pointer$ [2022-02-20 23:49:56,793 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~$Pointer$ [2022-02-20 23:49:56,793 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.C_memcpy [2022-02-20 23:49:56,793 INFO L138 BoogieDeclarations]: Found implementation of procedure #Ultimate.C_memcpy [2022-02-20 23:49:56,793 INFO L130 BoogieDeclarations]: Found specification of procedure LDV_INIT_LIST_HEAD [2022-02-20 23:49:56,794 INFO L138 BoogieDeclarations]: Found implementation of procedure LDV_INIT_LIST_HEAD [2022-02-20 23:49:56,794 INFO L130 BoogieDeclarations]: Found specification of procedure __ldv_list_add [2022-02-20 23:49:56,794 INFO L138 BoogieDeclarations]: Found implementation of procedure __ldv_list_add [2022-02-20 23:49:56,794 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2022-02-20 23:49:56,795 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2022-02-20 23:49:56,795 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~intINTTYPE4 [2022-02-20 23:49:56,795 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~intINTTYPE1 [2022-02-20 23:49:56,795 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2022-02-20 23:49:56,795 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 23:49:56,795 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_msg_free [2022-02-20 23:49:56,796 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_msg_free [2022-02-20 23:49:56,796 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnStack [2022-02-20 23:49:56,796 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2022-02-20 23:49:56,796 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~intINTTYPE4 [2022-02-20 23:49:56,796 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2022-02-20 23:49:56,796 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE1 [2022-02-20 23:49:56,796 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2022-02-20 23:49:56,797 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2022-02-20 23:49:56,797 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE4 [2022-02-20 23:49:56,797 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~intINTTYPE1 [2022-02-20 23:49:56,797 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 23:49:56,797 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 23:49:56,963 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 23:49:56,965 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 23:49:56,968 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-20 23:49:57,982 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 23:49:58,006 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 23:49:58,007 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 23:49:58,009 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 11:49:58 BoogieIcfgContainer [2022-02-20 23:49:58,009 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 23:49:58,011 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 23:49:58,012 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 23:49:58,014 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 23:49:58,014 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 11:49:55" (1/3) ... [2022-02-20 23:49:58,015 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2b688a99 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 11:49:58, skipping insertion in model container [2022-02-20 23:49:58,016 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:56" (2/3) ... [2022-02-20 23:49:58,016 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2b688a99 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 11:49:58, skipping insertion in model container [2022-02-20 23:49:58,016 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 11:49:58" (3/3) ... [2022-02-20 23:49:58,017 INFO L111 eAbstractionObserver]: Analyzing ICFG memleaks_test12-1.i [2022-02-20 23:49:58,022 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 23:49:58,022 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 124 error locations. [2022-02-20 23:49:58,069 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 23:49:58,080 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=false, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=All, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 23:49:58,080 INFO L340 AbstractCegarLoop]: Starting to check reachability of 124 error locations. [2022-02-20 23:49:58,112 INFO L276 IsEmpty]: Start isEmpty. Operand has 313 states, 171 states have (on average 1.8654970760233918) internal successors, (319), 294 states have internal predecessors, (319), 15 states have call successors, (15), 5 states have call predecessors, (15), 5 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-20 23:49:58,117 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-02-20 23:49:58,118 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:49:58,119 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:49:58,119 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr89REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:49:58,127 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:49:58,129 INFO L85 PathProgramCache]: Analyzing trace with hash -297378988, now seen corresponding path program 1 times [2022-02-20 23:49:58,139 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:49:58,140 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1638947054] [2022-02-20 23:49:58,140 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:49:58,141 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:49:58,142 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:49:58,144 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:49:58,152 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-02-20 23:49:58,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:49:58,256 INFO L263 TraceCheckSpWp]: Trace formula consists of 34 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 23:49:58,278 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:49:58,282 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:49:58,508 INFO L290 TraceCheckUtils]: 0: Hoare triple {316#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:49:58,509 INFO L290 TraceCheckUtils]: 1: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:49:58,510 INFO L272 TraceCheckUtils]: 2: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:49:58,511 INFO L290 TraceCheckUtils]: 3: Hoare triple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} ~size := #in~size; {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:49:58,512 INFO L290 TraceCheckUtils]: 4: Hoare triple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:49:58,513 INFO L290 TraceCheckUtils]: 5: Hoare triple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume true; {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:49:58,514 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} #456#return; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:49:58,516 INFO L290 TraceCheckUtils]: 7: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:49:58,517 INFO L290 TraceCheckUtils]: 8: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:49:58,518 INFO L290 TraceCheckUtils]: 9: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:49:58,518 INFO L290 TraceCheckUtils]: 10: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume !(1bv1 == #valid[~#ldv_global_msg_list~0.base]); {317#false} is VALID [2022-02-20 23:49:58,519 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:49:58,520 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:49:58,520 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:49:58,521 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1638947054] [2022-02-20 23:49:58,522 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1638947054] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:49:58,522 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:49:58,522 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 23:49:58,524 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2048256609] [2022-02-20 23:49:58,524 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:49:58,528 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:49:58,531 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:49:58,534 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:49:58,555 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:49:58,555 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 23:49:58,555 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:49:58,581 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 23:49:58,582 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 23:49:58,585 INFO L87 Difference]: Start difference. First operand has 313 states, 171 states have (on average 1.8654970760233918) internal successors, (319), 294 states have internal predecessors, (319), 15 states have call successors, (15), 5 states have call predecessors, (15), 5 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:01,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:01,139 INFO L93 Difference]: Finished difference Result 412 states and 459 transitions. [2022-02-20 23:50:01,139 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 23:50:01,139 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:01,140 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:01,141 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:01,169 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 463 transitions. [2022-02-20 23:50:01,170 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:01,179 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 463 transitions. [2022-02-20 23:50:01,179 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 463 transitions. [2022-02-20 23:50:01,670 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 463 edges. 463 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:01,700 INFO L225 Difference]: With dead ends: 412 [2022-02-20 23:50:01,701 INFO L226 Difference]: Without dead ends: 408 [2022-02-20 23:50:01,702 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:01,705 INFO L933 BasicCegarLoop]: 234 mSDtfsCounter, 299 mSDsluCounter, 288 mSDsCounter, 0 mSdLazyCounter, 309 mSolverCounterSat, 27 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 304 SdHoareTripleChecker+Valid, 522 SdHoareTripleChecker+Invalid, 336 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 27 IncrementalHoareTripleChecker+Valid, 309 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:01,706 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [304 Valid, 522 Invalid, 336 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [27 Valid, 309 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 23:50:01,721 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 408 states. [2022-02-20 23:50:01,747 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 408 to 344. [2022-02-20 23:50:01,747 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:01,750 INFO L82 GeneralOperation]: Start isEquivalent. First operand 408 states. Second operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:01,751 INFO L74 IsIncluded]: Start isIncluded. First operand 408 states. Second operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:01,752 INFO L87 Difference]: Start difference. First operand 408 states. Second operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:01,780 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:01,780 INFO L93 Difference]: Finished difference Result 408 states and 455 transitions. [2022-02-20 23:50:01,781 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 455 transitions. [2022-02-20 23:50:01,790 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:01,791 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:01,796 INFO L74 IsIncluded]: Start isIncluded. First operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) Second operand 408 states. [2022-02-20 23:50:01,797 INFO L87 Difference]: Start difference. First operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) Second operand 408 states. [2022-02-20 23:50:01,841 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:01,841 INFO L93 Difference]: Finished difference Result 408 states and 455 transitions. [2022-02-20 23:50:01,841 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 455 transitions. [2022-02-20 23:50:01,844 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:01,844 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:01,845 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:01,845 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:01,846 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:01,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 344 states to 344 states and 402 transitions. [2022-02-20 23:50:01,873 INFO L78 Accepts]: Start accepts. Automaton has 344 states and 402 transitions. Word has length 11 [2022-02-20 23:50:01,873 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:01,873 INFO L470 AbstractCegarLoop]: Abstraction has 344 states and 402 transitions. [2022-02-20 23:50:01,873 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:01,874 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 402 transitions. [2022-02-20 23:50:01,874 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-02-20 23:50:01,874 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:01,875 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:01,891 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:02,089 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:02,090 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr90REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:02,091 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:02,091 INFO L85 PathProgramCache]: Analyzing trace with hash -297378987, now seen corresponding path program 1 times [2022-02-20 23:50:02,091 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:02,092 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1509422168] [2022-02-20 23:50:02,092 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:02,092 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:02,092 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:02,093 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:02,095 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-02-20 23:50:02,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:02,171 INFO L263 TraceCheckSpWp]: Trace formula consists of 34 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 23:50:02,184 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:02,185 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:02,337 INFO L290 TraceCheckUtils]: 0: Hoare triple {1926#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,338 INFO L290 TraceCheckUtils]: 1: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,339 INFO L272 TraceCheckUtils]: 2: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,339 INFO L290 TraceCheckUtils]: 3: Hoare triple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} ~size := #in~size; {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,340 INFO L290 TraceCheckUtils]: 4: Hoare triple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,341 INFO L290 TraceCheckUtils]: 5: Hoare triple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume true; {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,342 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} #456#return; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,342 INFO L290 TraceCheckUtils]: 7: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,343 INFO L290 TraceCheckUtils]: 8: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,344 INFO L290 TraceCheckUtils]: 9: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:02,345 INFO L290 TraceCheckUtils]: 10: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume !((~bvule32(~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), #length[~#ldv_global_msg_list~0.base]) && ~bvule32(~#ldv_global_msg_list~0.offset, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset))) && ~bvule32(0bv32, ~#ldv_global_msg_list~0.offset)); {1927#false} is VALID [2022-02-20 23:50:02,345 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:02,345 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:02,345 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:02,345 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1509422168] [2022-02-20 23:50:02,346 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1509422168] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:02,346 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:02,346 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 23:50:02,346 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [287324730] [2022-02-20 23:50:02,346 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:02,348 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:02,348 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:02,348 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:02,360 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:02,361 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 23:50:02,361 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:02,361 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 23:50:02,362 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 23:50:02,362 INFO L87 Difference]: Start difference. First operand 344 states and 402 transitions. Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:05,070 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:05,070 INFO L93 Difference]: Finished difference Result 476 states and 564 transitions. [2022-02-20 23:50:05,071 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 23:50:05,071 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:05,071 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:05,071 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:05,077 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 472 transitions. [2022-02-20 23:50:05,077 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:05,082 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 472 transitions. [2022-02-20 23:50:05,082 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 472 transitions. [2022-02-20 23:50:05,516 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 472 edges. 472 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:05,530 INFO L225 Difference]: With dead ends: 476 [2022-02-20 23:50:05,530 INFO L226 Difference]: Without dead ends: 476 [2022-02-20 23:50:05,530 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:05,531 INFO L933 BasicCegarLoop]: 370 mSDtfsCounter, 131 mSDsluCounter, 479 mSDsCounter, 0 mSdLazyCounter, 306 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 132 SdHoareTripleChecker+Valid, 849 SdHoareTripleChecker+Invalid, 315 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 306 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:05,532 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [132 Valid, 849 Invalid, 315 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 306 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 23:50:05,533 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 476 states. [2022-02-20 23:50:05,559 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 476 to 407. [2022-02-20 23:50:05,566 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:05,569 INFO L82 GeneralOperation]: Start isEquivalent. First operand 476 states. Second operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:05,570 INFO L74 IsIncluded]: Start isIncluded. First operand 476 states. Second operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:05,571 INFO L87 Difference]: Start difference. First operand 476 states. Second operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:05,593 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:05,594 INFO L93 Difference]: Finished difference Result 476 states and 564 transitions. [2022-02-20 23:50:05,594 INFO L276 IsEmpty]: Start isEmpty. Operand 476 states and 564 transitions. [2022-02-20 23:50:05,595 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:05,595 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:05,599 INFO L74 IsIncluded]: Start isIncluded. First operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) Second operand 476 states. [2022-02-20 23:50:05,606 INFO L87 Difference]: Start difference. First operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) Second operand 476 states. [2022-02-20 23:50:05,626 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:05,627 INFO L93 Difference]: Finished difference Result 476 states and 564 transitions. [2022-02-20 23:50:05,627 INFO L276 IsEmpty]: Start isEmpty. Operand 476 states and 564 transitions. [2022-02-20 23:50:05,635 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:05,635 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:05,635 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:05,635 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:05,637 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:05,653 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 407 states to 407 states and 520 transitions. [2022-02-20 23:50:05,654 INFO L78 Accepts]: Start accepts. Automaton has 407 states and 520 transitions. Word has length 11 [2022-02-20 23:50:05,654 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:05,655 INFO L470 AbstractCegarLoop]: Abstraction has 407 states and 520 transitions. [2022-02-20 23:50:05,655 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:05,655 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 520 transitions. [2022-02-20 23:50:05,655 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-02-20 23:50:05,656 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:05,656 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:05,673 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:05,864 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:05,865 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting ULTIMATE.startErr90REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:05,865 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:05,865 INFO L85 PathProgramCache]: Analyzing trace with hash -1184882668, now seen corresponding path program 1 times [2022-02-20 23:50:05,866 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:05,866 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1607632770] [2022-02-20 23:50:05,866 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:05,866 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:05,867 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:05,868 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:05,871 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-02-20 23:50:05,938 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:05,939 INFO L263 TraceCheckSpWp]: Trace formula consists of 40 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 23:50:05,950 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:05,951 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:05,998 INFO L290 TraceCheckUtils]: 0: Hoare triple {3799#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {3799#true} is VALID [2022-02-20 23:50:06,000 INFO L290 TraceCheckUtils]: 1: Hoare triple {3799#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {3799#true} is VALID [2022-02-20 23:50:06,000 INFO L272 TraceCheckUtils]: 2: Hoare triple {3799#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {3799#true} is VALID [2022-02-20 23:50:06,001 INFO L290 TraceCheckUtils]: 3: Hoare triple {3799#true} ~size := #in~size; {3799#true} is VALID [2022-02-20 23:50:06,001 INFO L290 TraceCheckUtils]: 4: Hoare triple {3799#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:06,002 INFO L290 TraceCheckUtils]: 5: Hoare triple {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:06,003 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} {3799#true} #456#return; {3823#(not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:06,003 INFO L290 TraceCheckUtils]: 7: Hoare triple {3823#(not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {3827#(not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:06,004 INFO L290 TraceCheckUtils]: 8: Hoare triple {3827#(not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {3800#false} is VALID [2022-02-20 23:50:06,004 INFO L290 TraceCheckUtils]: 9: Hoare triple {3800#false} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {3800#false} is VALID [2022-02-20 23:50:06,004 INFO L290 TraceCheckUtils]: 10: Hoare triple {3800#false} assume !((~bvule32(~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), #length[~#ldv_global_msg_list~0.base]) && ~bvule32(~#ldv_global_msg_list~0.offset, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset))) && ~bvule32(0bv32, ~#ldv_global_msg_list~0.offset)); {3800#false} is VALID [2022-02-20 23:50:06,005 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:06,005 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:06,005 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:06,005 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1607632770] [2022-02-20 23:50:06,006 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1607632770] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:06,006 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:06,006 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 23:50:06,006 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1097410539] [2022-02-20 23:50:06,006 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:06,007 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:06,007 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:06,008 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:06,019 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:06,019 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:06,019 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:06,021 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:06,021 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:06,021 INFO L87 Difference]: Start difference. First operand 407 states and 520 transitions. Second operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:08,464 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:08,465 INFO L93 Difference]: Finished difference Result 649 states and 797 transitions. [2022-02-20 23:50:08,465 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:08,465 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:08,465 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:08,466 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:08,473 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 650 transitions. [2022-02-20 23:50:08,473 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:08,481 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 650 transitions. [2022-02-20 23:50:08,481 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 650 transitions. [2022-02-20 23:50:09,103 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 650 edges. 650 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:09,123 INFO L225 Difference]: With dead ends: 649 [2022-02-20 23:50:09,123 INFO L226 Difference]: Without dead ends: 649 [2022-02-20 23:50:09,124 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:09,125 INFO L933 BasicCegarLoop]: 390 mSDtfsCounter, 259 mSDsluCounter, 1111 mSDsCounter, 0 mSdLazyCounter, 72 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 277 SdHoareTripleChecker+Valid, 1501 SdHoareTripleChecker+Invalid, 73 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 72 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:09,125 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [277 Valid, 1501 Invalid, 73 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 72 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 23:50:09,127 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 649 states. [2022-02-20 23:50:09,137 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 649 to 392. [2022-02-20 23:50:09,137 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:09,138 INFO L82 GeneralOperation]: Start isEquivalent. First operand 649 states. Second operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:09,139 INFO L74 IsIncluded]: Start isIncluded. First operand 649 states. Second operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:09,140 INFO L87 Difference]: Start difference. First operand 649 states. Second operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:09,166 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:09,166 INFO L93 Difference]: Finished difference Result 649 states and 797 transitions. [2022-02-20 23:50:09,166 INFO L276 IsEmpty]: Start isEmpty. Operand 649 states and 797 transitions. [2022-02-20 23:50:09,168 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:09,168 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:09,170 INFO L74 IsIncluded]: Start isIncluded. First operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 649 states. [2022-02-20 23:50:09,171 INFO L87 Difference]: Start difference. First operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 649 states. [2022-02-20 23:50:09,195 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:09,196 INFO L93 Difference]: Finished difference Result 649 states and 797 transitions. [2022-02-20 23:50:09,196 INFO L276 IsEmpty]: Start isEmpty. Operand 649 states and 797 transitions. [2022-02-20 23:50:09,199 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:09,199 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:09,202 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:09,202 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:09,203 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:09,214 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 392 states to 392 states and 494 transitions. [2022-02-20 23:50:09,215 INFO L78 Accepts]: Start accepts. Automaton has 392 states and 494 transitions. Word has length 11 [2022-02-20 23:50:09,215 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:09,215 INFO L470 AbstractCegarLoop]: Abstraction has 392 states and 494 transitions. [2022-02-20 23:50:09,215 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:09,216 INFO L276 IsEmpty]: Start isEmpty. Operand 392 states and 494 transitions. [2022-02-20 23:50:09,216 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 14 [2022-02-20 23:50:09,217 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:09,217 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:09,227 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:09,425 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:09,426 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting ULTIMATE.startErr91REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:09,427 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:09,427 INFO L85 PathProgramCache]: Analyzing trace with hash 1981613461, now seen corresponding path program 1 times [2022-02-20 23:50:09,428 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:09,429 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1452065436] [2022-02-20 23:50:09,429 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:09,429 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:09,429 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:09,430 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:09,431 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-02-20 23:50:09,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:09,492 INFO L263 TraceCheckSpWp]: Trace formula consists of 44 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 23:50:09,504 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:09,507 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:09,720 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2022-02-20 23:50:09,748 INFO L290 TraceCheckUtils]: 0: Hoare triple {6175#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:09,748 INFO L290 TraceCheckUtils]: 1: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:09,749 INFO L272 TraceCheckUtils]: 2: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:09,750 INFO L290 TraceCheckUtils]: 3: Hoare triple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} ~size := #in~size; {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:09,750 INFO L290 TraceCheckUtils]: 4: Hoare triple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:09,751 INFO L290 TraceCheckUtils]: 5: Hoare triple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume true; {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:09,752 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} #456#return; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:09,753 INFO L290 TraceCheckUtils]: 7: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:09,754 INFO L290 TraceCheckUtils]: 8: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:09,754 INFO L290 TraceCheckUtils]: 9: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:09,755 INFO L290 TraceCheckUtils]: 10: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} SUMMARY for call ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset := read~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32); srcloc: L607 {6212#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} is VALID [2022-02-20 23:50:09,756 INFO L290 TraceCheckUtils]: 11: Hoare triple {6212#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset := ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset := ldv_destroy_msgs_~__mptr~0#1.base, ~bvsub32(ldv_destroy_msgs_~__mptr~0#1.offset, 4bv32); {6216#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} is VALID [2022-02-20 23:50:09,756 INFO L290 TraceCheckUtils]: 12: Hoare triple {6216#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} assume !(1bv1 == #valid[ldv_destroy_msgs_~msg~1#1.base]); {6176#false} is VALID [2022-02-20 23:50:09,757 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:09,757 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:09,758 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:09,758 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1452065436] [2022-02-20 23:50:09,758 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1452065436] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:09,758 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:09,758 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 23:50:09,759 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1443178268] [2022-02-20 23:50:09,759 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:09,760 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:09,760 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:09,760 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:09,774 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 13 edges. 13 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:09,775 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 23:50:09,775 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:09,776 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 23:50:09,776 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 23:50:09,777 INFO L87 Difference]: Start difference. First operand 392 states and 494 transitions. Second operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:13,186 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:13,186 INFO L93 Difference]: Finished difference Result 436 states and 541 transitions. [2022-02-20 23:50:13,193 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 23:50:13,193 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:13,194 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:13,194 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:13,197 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 387 transitions. [2022-02-20 23:50:13,197 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:13,200 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 387 transitions. [2022-02-20 23:50:13,200 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 387 transitions. [2022-02-20 23:50:13,541 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 387 edges. 387 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:13,551 INFO L225 Difference]: With dead ends: 436 [2022-02-20 23:50:13,551 INFO L226 Difference]: Without dead ends: 436 [2022-02-20 23:50:13,552 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 23:50:13,553 INFO L933 BasicCegarLoop]: 323 mSDtfsCounter, 59 mSDsluCounter, 829 mSDsCounter, 0 mSdLazyCounter, 562 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 59 SdHoareTripleChecker+Valid, 1152 SdHoareTripleChecker+Invalid, 567 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 562 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:13,553 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [59 Valid, 1152 Invalid, 567 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 562 Invalid, 0 Unknown, 0 Unchecked, 0.9s Time] [2022-02-20 23:50:13,554 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 436 states. [2022-02-20 23:50:13,561 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 436 to 404. [2022-02-20 23:50:13,561 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:13,562 INFO L82 GeneralOperation]: Start isEquivalent. First operand 436 states. Second operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:13,563 INFO L74 IsIncluded]: Start isIncluded. First operand 436 states. Second operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:13,564 INFO L87 Difference]: Start difference. First operand 436 states. Second operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:13,577 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:13,578 INFO L93 Difference]: Finished difference Result 436 states and 541 transitions. [2022-02-20 23:50:13,578 INFO L276 IsEmpty]: Start isEmpty. Operand 436 states and 541 transitions. [2022-02-20 23:50:13,579 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:13,579 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:13,580 INFO L74 IsIncluded]: Start isIncluded. First operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 436 states. [2022-02-20 23:50:13,581 INFO L87 Difference]: Start difference. First operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 436 states. [2022-02-20 23:50:13,594 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:13,594 INFO L93 Difference]: Finished difference Result 436 states and 541 transitions. [2022-02-20 23:50:13,594 INFO L276 IsEmpty]: Start isEmpty. Operand 436 states and 541 transitions. [2022-02-20 23:50:13,595 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:13,595 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:13,596 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:13,596 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:13,597 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:13,608 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 404 states to 404 states and 506 transitions. [2022-02-20 23:50:13,608 INFO L78 Accepts]: Start accepts. Automaton has 404 states and 506 transitions. Word has length 13 [2022-02-20 23:50:13,608 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:13,609 INFO L470 AbstractCegarLoop]: Abstraction has 404 states and 506 transitions. [2022-02-20 23:50:13,609 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:13,609 INFO L276 IsEmpty]: Start isEmpty. Operand 404 states and 506 transitions. [2022-02-20 23:50:13,609 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 14 [2022-02-20 23:50:13,610 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:13,610 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:13,618 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:13,818 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:13,818 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting ULTIMATE.startErr92REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:13,819 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:13,819 INFO L85 PathProgramCache]: Analyzing trace with hash 1981613462, now seen corresponding path program 1 times [2022-02-20 23:50:13,819 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:13,819 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1823414286] [2022-02-20 23:50:13,819 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:13,820 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:13,820 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:13,820 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:13,821 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-02-20 23:50:13,883 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:13,885 INFO L263 TraceCheckSpWp]: Trace formula consists of 44 conjuncts, 14 conjunts are in the unsatisfiable core [2022-02-20 23:50:13,892 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:13,894 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:14,149 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2022-02-20 23:50:14,156 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2022-02-20 23:50:14,200 INFO L290 TraceCheckUtils]: 0: Hoare triple {7937#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,201 INFO L290 TraceCheckUtils]: 1: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,202 INFO L272 TraceCheckUtils]: 2: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,202 INFO L290 TraceCheckUtils]: 3: Hoare triple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} ~size := #in~size; {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,203 INFO L290 TraceCheckUtils]: 4: Hoare triple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,204 INFO L290 TraceCheckUtils]: 5: Hoare triple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume true; {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,205 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} #456#return; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,206 INFO L290 TraceCheckUtils]: 7: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,207 INFO L290 TraceCheckUtils]: 8: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,207 INFO L290 TraceCheckUtils]: 9: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:14,208 INFO L290 TraceCheckUtils]: 10: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} SUMMARY for call ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset := read~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32); srcloc: L607 {7974#(and (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.offset| (_ bv0 32)) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} is VALID [2022-02-20 23:50:14,208 INFO L290 TraceCheckUtils]: 11: Hoare triple {7974#(and (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.offset| (_ bv0 32)) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset := ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset := ldv_destroy_msgs_~__mptr~0#1.base, ~bvsub32(ldv_destroy_msgs_~__mptr~0#1.offset, 4bv32); {7978#(and (= (_ bv4294967292 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.offset|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} is VALID [2022-02-20 23:50:14,209 INFO L290 TraceCheckUtils]: 12: Hoare triple {7978#(and (= (_ bv4294967292 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.offset|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} assume !((~bvule32(~bvadd32(4bv32, ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset)), #length[ldv_destroy_msgs_~msg~1#1.base]) && ~bvule32(~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset), ~bvadd32(4bv32, ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset)))) && ~bvule32(0bv32, ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset))); {7938#false} is VALID [2022-02-20 23:50:14,209 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:14,209 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:14,209 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:14,209 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1823414286] [2022-02-20 23:50:14,209 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1823414286] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:14,209 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:14,210 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 23:50:14,210 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [394011279] [2022-02-20 23:50:14,210 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:14,210 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:14,210 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:14,211 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:14,225 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 13 edges. 13 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:14,225 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 23:50:14,225 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:14,226 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 23:50:14,226 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 23:50:14,226 INFO L87 Difference]: Start difference. First operand 404 states and 506 transitions. Second operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:17,995 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:17,995 INFO L93 Difference]: Finished difference Result 424 states and 522 transitions. [2022-02-20 23:50:17,995 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 23:50:17,995 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:17,995 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:17,996 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:17,998 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 380 transitions. [2022-02-20 23:50:17,998 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:18,001 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 380 transitions. [2022-02-20 23:50:18,001 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 380 transitions. [2022-02-20 23:50:18,380 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 380 edges. 380 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:18,389 INFO L225 Difference]: With dead ends: 424 [2022-02-20 23:50:18,389 INFO L226 Difference]: Without dead ends: 424 [2022-02-20 23:50:18,390 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 23:50:18,390 INFO L933 BasicCegarLoop]: 349 mSDtfsCounter, 33 mSDsluCounter, 943 mSDsCounter, 0 mSdLazyCounter, 489 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 33 SdHoareTripleChecker+Valid, 1292 SdHoareTripleChecker+Invalid, 493 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 489 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:18,391 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [33 Valid, 1292 Invalid, 493 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 489 Invalid, 0 Unknown, 0 Unchecked, 1.1s Time] [2022-02-20 23:50:18,392 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 424 states. [2022-02-20 23:50:18,398 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 424 to 413. [2022-02-20 23:50:18,399 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:18,399 INFO L82 GeneralOperation]: Start isEquivalent. First operand 424 states. Second operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:18,400 INFO L74 IsIncluded]: Start isIncluded. First operand 424 states. Second operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:18,401 INFO L87 Difference]: Start difference. First operand 424 states. Second operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:18,413 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:18,413 INFO L93 Difference]: Finished difference Result 424 states and 522 transitions. [2022-02-20 23:50:18,413 INFO L276 IsEmpty]: Start isEmpty. Operand 424 states and 522 transitions. [2022-02-20 23:50:18,414 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:18,414 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:18,415 INFO L74 IsIncluded]: Start isIncluded. First operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 424 states. [2022-02-20 23:50:18,416 INFO L87 Difference]: Start difference. First operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 424 states. [2022-02-20 23:50:18,428 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:18,428 INFO L93 Difference]: Finished difference Result 424 states and 522 transitions. [2022-02-20 23:50:18,428 INFO L276 IsEmpty]: Start isEmpty. Operand 424 states and 522 transitions. [2022-02-20 23:50:18,429 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:18,429 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:18,429 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:18,430 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:18,431 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:18,441 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 413 states to 413 states and 519 transitions. [2022-02-20 23:50:18,442 INFO L78 Accepts]: Start accepts. Automaton has 413 states and 519 transitions. Word has length 13 [2022-02-20 23:50:18,442 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:18,442 INFO L470 AbstractCegarLoop]: Abstraction has 413 states and 519 transitions. [2022-02-20 23:50:18,442 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:18,442 INFO L276 IsEmpty]: Start isEmpty. Operand 413 states and 519 transitions. [2022-02-20 23:50:18,443 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:18,443 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:18,443 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:18,458 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:18,652 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:18,652 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting ULTIMATE.startErr86ASSERT_VIOLATIONMEMORY_FREE === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:18,652 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:18,653 INFO L85 PathProgramCache]: Analyzing trace with hash 1895308392, now seen corresponding path program 1 times [2022-02-20 23:50:18,653 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:18,653 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1090547824] [2022-02-20 23:50:18,653 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:18,653 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:18,653 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:18,655 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:18,656 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Waiting until timeout for monitored process [2022-02-20 23:50:18,712 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:18,713 INFO L263 TraceCheckSpWp]: Trace formula consists of 48 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 23:50:18,719 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:18,719 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:18,823 INFO L290 TraceCheckUtils]: 0: Hoare triple {9672#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {9672#true} is VALID [2022-02-20 23:50:18,824 INFO L290 TraceCheckUtils]: 1: Hoare triple {9672#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {9672#true} is VALID [2022-02-20 23:50:18,824 INFO L272 TraceCheckUtils]: 2: Hoare triple {9672#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {9672#true} is VALID [2022-02-20 23:50:18,824 INFO L290 TraceCheckUtils]: 3: Hoare triple {9672#true} ~size := #in~size; {9672#true} is VALID [2022-02-20 23:50:18,825 INFO L290 TraceCheckUtils]: 4: Hoare triple {9672#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:18,825 INFO L290 TraceCheckUtils]: 5: Hoare triple {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:18,826 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} {9672#true} #456#return; {9696#(and (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)) (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|))} is VALID [2022-02-20 23:50:18,826 INFO L290 TraceCheckUtils]: 7: Hoare triple {9696#(and (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)) (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {9700#(and (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:18,827 INFO L290 TraceCheckUtils]: 8: Hoare triple {9700#(and (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {9673#false} is VALID [2022-02-20 23:50:18,827 INFO L272 TraceCheckUtils]: 9: Hoare triple {9673#false} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {9673#false} is VALID [2022-02-20 23:50:18,827 INFO L290 TraceCheckUtils]: 10: Hoare triple {9673#false} ~size := #in~size; {9673#false} is VALID [2022-02-20 23:50:18,828 INFO L290 TraceCheckUtils]: 11: Hoare triple {9673#false} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {9673#false} is VALID [2022-02-20 23:50:18,828 INFO L290 TraceCheckUtils]: 12: Hoare triple {9673#false} assume true; {9673#false} is VALID [2022-02-20 23:50:18,828 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {9673#false} {9673#false} #458#return; {9673#false} is VALID [2022-02-20 23:50:18,828 INFO L290 TraceCheckUtils]: 14: Hoare triple {9673#false} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {9673#false} is VALID [2022-02-20 23:50:18,828 INFO L290 TraceCheckUtils]: 15: Hoare triple {9673#false} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {9673#false} is VALID [2022-02-20 23:50:18,829 INFO L290 TraceCheckUtils]: 16: Hoare triple {9673#false} assume !(0bv32 == entry_point_~client~0#1.offset); {9673#false} is VALID [2022-02-20 23:50:18,829 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:18,829 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:18,829 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:18,830 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1090547824] [2022-02-20 23:50:18,830 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1090547824] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:18,830 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:18,830 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 23:50:18,830 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1125862251] [2022-02-20 23:50:18,831 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:18,831 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:18,831 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:18,831 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:18,844 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 17 edges. 17 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:18,844 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:18,844 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:18,845 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:18,845 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:18,845 INFO L87 Difference]: Start difference. First operand 413 states and 519 transitions. Second operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:20,671 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:20,672 INFO L93 Difference]: Finished difference Result 351 states and 397 transitions. [2022-02-20 23:50:20,672 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:20,672 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:20,672 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:20,673 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:20,675 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 365 transitions. [2022-02-20 23:50:20,675 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:20,678 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 365 transitions. [2022-02-20 23:50:20,678 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 365 transitions. [2022-02-20 23:50:21,059 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 365 edges. 365 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:21,066 INFO L225 Difference]: With dead ends: 351 [2022-02-20 23:50:21,067 INFO L226 Difference]: Without dead ends: 351 [2022-02-20 23:50:21,067 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:21,069 INFO L933 BasicCegarLoop]: 343 mSDtfsCounter, 10 mSDsluCounter, 1007 mSDsCounter, 0 mSdLazyCounter, 28 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 1350 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 28 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:21,070 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [10 Valid, 1350 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 28 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 23:50:21,071 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 351 states. [2022-02-20 23:50:21,085 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 351 to 345. [2022-02-20 23:50:21,085 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:21,086 INFO L82 GeneralOperation]: Start isEquivalent. First operand 351 states. Second operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:21,087 INFO L74 IsIncluded]: Start isIncluded. First operand 351 states. Second operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:21,087 INFO L87 Difference]: Start difference. First operand 351 states. Second operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:21,095 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:21,096 INFO L93 Difference]: Finished difference Result 351 states and 397 transitions. [2022-02-20 23:50:21,096 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 397 transitions. [2022-02-20 23:50:21,098 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:21,098 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:21,099 INFO L74 IsIncluded]: Start isIncluded. First operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 351 states. [2022-02-20 23:50:21,101 INFO L87 Difference]: Start difference. First operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 351 states. [2022-02-20 23:50:21,109 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:21,109 INFO L93 Difference]: Finished difference Result 351 states and 397 transitions. [2022-02-20 23:50:21,109 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 397 transitions. [2022-02-20 23:50:21,111 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:21,111 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:21,111 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:21,111 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:21,112 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:21,120 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 345 states to 345 states and 387 transitions. [2022-02-20 23:50:21,120 INFO L78 Accepts]: Start accepts. Automaton has 345 states and 387 transitions. Word has length 17 [2022-02-20 23:50:21,121 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:21,121 INFO L470 AbstractCegarLoop]: Abstraction has 345 states and 387 transitions. [2022-02-20 23:50:21,121 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:21,121 INFO L276 IsEmpty]: Start isEmpty. Operand 345 states and 387 transitions. [2022-02-20 23:50:21,122 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:21,122 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:21,122 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:21,136 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:21,331 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:21,331 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting ULTIMATE.startErr86ASSERT_VIOLATIONMEMORY_FREE === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:21,332 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:21,332 INFO L85 PathProgramCache]: Analyzing trace with hash -2106255897, now seen corresponding path program 1 times [2022-02-20 23:50:21,332 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:21,332 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1721360196] [2022-02-20 23:50:21,332 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:21,332 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:21,333 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:21,334 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:21,334 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-02-20 23:50:21,404 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:21,405 INFO L263 TraceCheckSpWp]: Trace formula consists of 54 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 23:50:21,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:21,413 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:21,463 INFO L290 TraceCheckUtils]: 0: Hoare triple {11125#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {11125#true} is VALID [2022-02-20 23:50:21,463 INFO L290 TraceCheckUtils]: 1: Hoare triple {11125#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {11125#true} is VALID [2022-02-20 23:50:21,463 INFO L272 TraceCheckUtils]: 2: Hoare triple {11125#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {11125#true} is VALID [2022-02-20 23:50:21,464 INFO L290 TraceCheckUtils]: 3: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:21,464 INFO L290 TraceCheckUtils]: 4: Hoare triple {11125#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,465 INFO L290 TraceCheckUtils]: 5: Hoare triple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} assume true; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,465 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} {11125#true} #456#return; {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} is VALID [2022-02-20 23:50:21,466 INFO L290 TraceCheckUtils]: 7: Hoare triple {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,469 INFO L290 TraceCheckUtils]: 8: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,469 INFO L272 TraceCheckUtils]: 9: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {11125#true} is VALID [2022-02-20 23:50:21,470 INFO L290 TraceCheckUtils]: 10: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:21,470 INFO L290 TraceCheckUtils]: 11: Hoare triple {11125#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {11125#true} is VALID [2022-02-20 23:50:21,470 INFO L290 TraceCheckUtils]: 12: Hoare triple {11125#true} assume true; {11125#true} is VALID [2022-02-20 23:50:21,470 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {11125#true} {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} #458#return; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,471 INFO L290 TraceCheckUtils]: 14: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,471 INFO L290 TraceCheckUtils]: 15: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,471 INFO L290 TraceCheckUtils]: 16: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(0bv32 == entry_point_~client~0#1.offset); {11126#false} is VALID [2022-02-20 23:50:21,472 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:50:21,472 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:21,550 INFO L290 TraceCheckUtils]: 16: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(0bv32 == entry_point_~client~0#1.offset); {11126#false} is VALID [2022-02-20 23:50:21,551 INFO L290 TraceCheckUtils]: 15: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,551 INFO L290 TraceCheckUtils]: 14: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,552 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {11125#true} {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} #458#return; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,552 INFO L290 TraceCheckUtils]: 12: Hoare triple {11125#true} assume true; {11125#true} is VALID [2022-02-20 23:50:21,552 INFO L290 TraceCheckUtils]: 11: Hoare triple {11125#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {11125#true} is VALID [2022-02-20 23:50:21,553 INFO L290 TraceCheckUtils]: 10: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:21,553 INFO L272 TraceCheckUtils]: 9: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {11125#true} is VALID [2022-02-20 23:50:21,553 INFO L290 TraceCheckUtils]: 8: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,554 INFO L290 TraceCheckUtils]: 7: Hoare triple {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,558 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} {11125#true} #456#return; {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} is VALID [2022-02-20 23:50:21,559 INFO L290 TraceCheckUtils]: 5: Hoare triple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} assume true; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,559 INFO L290 TraceCheckUtils]: 4: Hoare triple {11125#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:21,559 INFO L290 TraceCheckUtils]: 3: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:21,559 INFO L272 TraceCheckUtils]: 2: Hoare triple {11125#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {11125#true} is VALID [2022-02-20 23:50:21,559 INFO L290 TraceCheckUtils]: 1: Hoare triple {11125#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {11125#true} is VALID [2022-02-20 23:50:21,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {11125#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {11125#true} is VALID [2022-02-20 23:50:21,560 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:50:21,560 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:21,560 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1721360196] [2022-02-20 23:50:21,560 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1721360196] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 23:50:21,560 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 23:50:21,560 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [4, 4] total 4 [2022-02-20 23:50:21,561 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2086964426] [2022-02-20 23:50:21,561 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 23:50:21,561 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:21,561 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:21,561 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:21,577 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 16 edges. 16 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:21,577 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:21,577 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:21,578 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:21,578 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:21,578 INFO L87 Difference]: Start difference. First operand 345 states and 387 transitions. Second operand has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:23,332 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:23,332 INFO L93 Difference]: Finished difference Result 344 states and 386 transitions. [2022-02-20 23:50:23,333 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:23,333 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:23,333 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:23,333 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:23,335 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 345 transitions. [2022-02-20 23:50:23,336 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:23,338 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 345 transitions. [2022-02-20 23:50:23,338 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 345 transitions. [2022-02-20 23:50:23,710 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 345 edges. 345 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:23,716 INFO L225 Difference]: With dead ends: 344 [2022-02-20 23:50:23,717 INFO L226 Difference]: Without dead ends: 344 [2022-02-20 23:50:23,717 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 32 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:23,718 INFO L933 BasicCegarLoop]: 332 mSDtfsCounter, 256 mSDsluCounter, 728 mSDsCounter, 0 mSdLazyCounter, 38 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 269 SdHoareTripleChecker+Valid, 1060 SdHoareTripleChecker+Invalid, 39 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 38 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:23,718 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [269 Valid, 1060 Invalid, 39 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 38 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 23:50:23,719 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 344 states. [2022-02-20 23:50:23,723 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 344 to 344. [2022-02-20 23:50:23,724 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:23,724 INFO L82 GeneralOperation]: Start isEquivalent. First operand 344 states. Second operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:23,725 INFO L74 IsIncluded]: Start isIncluded. First operand 344 states. Second operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:23,726 INFO L87 Difference]: Start difference. First operand 344 states. Second operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:23,733 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:23,733 INFO L93 Difference]: Finished difference Result 344 states and 386 transitions. [2022-02-20 23:50:23,733 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 386 transitions. [2022-02-20 23:50:23,734 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:23,734 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:23,735 INFO L74 IsIncluded]: Start isIncluded. First operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 344 states. [2022-02-20 23:50:23,736 INFO L87 Difference]: Start difference. First operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 344 states. [2022-02-20 23:50:23,743 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:23,743 INFO L93 Difference]: Finished difference Result 344 states and 386 transitions. [2022-02-20 23:50:23,743 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 386 transitions. [2022-02-20 23:50:23,744 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:23,744 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:23,744 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:23,745 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:23,745 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:23,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 344 states to 344 states and 386 transitions. [2022-02-20 23:50:23,753 INFO L78 Accepts]: Start accepts. Automaton has 344 states and 386 transitions. Word has length 17 [2022-02-20 23:50:23,753 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:23,753 INFO L470 AbstractCegarLoop]: Abstraction has 344 states and 386 transitions. [2022-02-20 23:50:23,753 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:23,753 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 386 transitions. [2022-02-20 23:50:23,754 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:23,754 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:23,754 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:23,770 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:23,967 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:23,967 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:23,968 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:23,968 INFO L85 PathProgramCache]: Analyzing trace with hash -2106256148, now seen corresponding path program 1 times [2022-02-20 23:50:23,968 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:23,968 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1318521851] [2022-02-20 23:50:23,968 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:23,968 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:23,968 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:23,969 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:23,971 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-02-20 23:50:24,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:24,026 INFO L263 TraceCheckSpWp]: Trace formula consists of 53 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 23:50:24,036 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:24,037 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:24,106 INFO L290 TraceCheckUtils]: 0: Hoare triple {12604#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {12604#true} is VALID [2022-02-20 23:50:24,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {12604#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {12604#true} is VALID [2022-02-20 23:50:24,106 INFO L272 TraceCheckUtils]: 2: Hoare triple {12604#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {12604#true} is VALID [2022-02-20 23:50:24,106 INFO L290 TraceCheckUtils]: 3: Hoare triple {12604#true} ~size := #in~size; {12604#true} is VALID [2022-02-20 23:50:24,106 INFO L290 TraceCheckUtils]: 4: Hoare triple {12604#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {12604#true} is VALID [2022-02-20 23:50:24,107 INFO L290 TraceCheckUtils]: 5: Hoare triple {12604#true} assume true; {12604#true} is VALID [2022-02-20 23:50:24,107 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12604#true} {12604#true} #456#return; {12604#true} is VALID [2022-02-20 23:50:24,107 INFO L290 TraceCheckUtils]: 7: Hoare triple {12604#true} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {12604#true} is VALID [2022-02-20 23:50:24,107 INFO L290 TraceCheckUtils]: 8: Hoare triple {12604#true} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {12604#true} is VALID [2022-02-20 23:50:24,107 INFO L272 TraceCheckUtils]: 9: Hoare triple {12604#true} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {12604#true} is VALID [2022-02-20 23:50:24,108 INFO L290 TraceCheckUtils]: 10: Hoare triple {12604#true} ~size := #in~size; {12604#true} is VALID [2022-02-20 23:50:24,111 INFO L290 TraceCheckUtils]: 11: Hoare triple {12604#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,115 INFO L290 TraceCheckUtils]: 12: Hoare triple {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,116 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} {12604#true} #458#return; {12649#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret66#1.offset|) (= |ULTIMATE.start_entry_point_#t~ret66#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,117 INFO L290 TraceCheckUtils]: 14: Hoare triple {12649#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret66#1.offset|) (= |ULTIMATE.start_entry_point_#t~ret66#1.base| (_ bv0 32)))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {12653#(and (= |ULTIMATE.start_entry_point_~cfg~2#1.offset| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~cfg~2#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,118 INFO L290 TraceCheckUtils]: 15: Hoare triple {12653#(and (= |ULTIMATE.start_entry_point_~cfg~2#1.offset| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~cfg~2#1.base| (_ bv0 32)))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {12605#false} is VALID [2022-02-20 23:50:24,118 INFO L290 TraceCheckUtils]: 16: Hoare triple {12605#false} assume !(1bv1 == #valid[entry_point_~client~0#1.base]); {12605#false} is VALID [2022-02-20 23:50:24,118 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:50:24,118 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:24,118 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:24,119 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1318521851] [2022-02-20 23:50:24,119 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1318521851] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:24,119 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:24,119 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 23:50:24,119 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [355605818] [2022-02-20 23:50:24,119 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:24,120 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 17 [2022-02-20 23:50:24,120 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:24,120 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:24,133 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 16 edges. 16 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:24,133 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:24,133 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:24,133 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:24,134 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:24,134 INFO L87 Difference]: Start difference. First operand 344 states and 386 transitions. Second operand has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:25,852 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:25,852 INFO L93 Difference]: Finished difference Result 388 states and 436 transitions. [2022-02-20 23:50:25,852 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:25,852 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 17 [2022-02-20 23:50:25,853 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:25,853 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:25,855 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 397 transitions. [2022-02-20 23:50:25,856 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:25,858 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 397 transitions. [2022-02-20 23:50:25,858 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 397 transitions. [2022-02-20 23:50:26,257 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 397 edges. 397 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:26,265 INFO L225 Difference]: With dead ends: 388 [2022-02-20 23:50:26,265 INFO L226 Difference]: Without dead ends: 388 [2022-02-20 23:50:26,265 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:26,266 INFO L933 BasicCegarLoop]: 352 mSDtfsCounter, 40 mSDsluCounter, 1031 mSDsCounter, 0 mSdLazyCounter, 21 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 1383 SdHoareTripleChecker+Invalid, 22 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 21 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:26,266 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 1383 Invalid, 22 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 21 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 23:50:26,267 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 388 states. [2022-02-20 23:50:26,274 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 388 to 346. [2022-02-20 23:50:26,274 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:26,275 INFO L82 GeneralOperation]: Start isEquivalent. First operand 388 states. Second operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:26,280 INFO L74 IsIncluded]: Start isIncluded. First operand 388 states. Second operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:26,282 INFO L87 Difference]: Start difference. First operand 388 states. Second operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:26,292 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:26,292 INFO L93 Difference]: Finished difference Result 388 states and 436 transitions. [2022-02-20 23:50:26,292 INFO L276 IsEmpty]: Start isEmpty. Operand 388 states and 436 transitions. [2022-02-20 23:50:26,293 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:26,293 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:26,294 INFO L74 IsIncluded]: Start isIncluded. First operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) Second operand 388 states. [2022-02-20 23:50:26,296 INFO L87 Difference]: Start difference. First operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) Second operand 388 states. [2022-02-20 23:50:26,313 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:26,313 INFO L93 Difference]: Finished difference Result 388 states and 436 transitions. [2022-02-20 23:50:26,313 INFO L276 IsEmpty]: Start isEmpty. Operand 388 states and 436 transitions. [2022-02-20 23:50:26,314 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:26,314 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:26,314 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:26,315 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:26,316 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:26,323 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 346 states to 346 states and 388 transitions. [2022-02-20 23:50:26,323 INFO L78 Accepts]: Start accepts. Automaton has 346 states and 388 transitions. Word has length 17 [2022-02-20 23:50:26,323 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:26,324 INFO L470 AbstractCegarLoop]: Abstraction has 346 states and 388 transitions. [2022-02-20 23:50:26,324 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:26,324 INFO L276 IsEmpty]: Start isEmpty. Operand 346 states and 388 transitions. [2022-02-20 23:50:26,324 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:26,324 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:26,325 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:26,338 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:26,533 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:26,534 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:26,534 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:26,534 INFO L85 PathProgramCache]: Analyzing trace with hash -2134885299, now seen corresponding path program 1 times [2022-02-20 23:50:26,534 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:26,534 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1629950791] [2022-02-20 23:50:26,534 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:26,534 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:26,535 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:26,535 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:26,536 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-02-20 23:50:26,600 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:26,602 INFO L263 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 23:50:26,610 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:26,610 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:26,631 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:26,782 INFO L356 Elim1Store]: treesize reduction 15, result has 46.4 percent of original size [2022-02-20 23:50:26,783 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 24 [2022-02-20 23:50:26,808 INFO L290 TraceCheckUtils]: 0: Hoare triple {14169#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {14169#true} is VALID [2022-02-20 23:50:26,808 INFO L290 TraceCheckUtils]: 1: Hoare triple {14169#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {14169#true} is VALID [2022-02-20 23:50:26,808 INFO L272 TraceCheckUtils]: 2: Hoare triple {14169#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {14169#true} is VALID [2022-02-20 23:50:26,808 INFO L290 TraceCheckUtils]: 3: Hoare triple {14169#true} ~size := #in~size; {14169#true} is VALID [2022-02-20 23:50:26,809 INFO L290 TraceCheckUtils]: 4: Hoare triple {14169#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:26,810 INFO L290 TraceCheckUtils]: 5: Hoare triple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} assume true; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:26,811 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} {14169#true} #456#return; {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:26,812 INFO L290 TraceCheckUtils]: 7: Hoare triple {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:26,812 INFO L290 TraceCheckUtils]: 8: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:26,813 INFO L272 TraceCheckUtils]: 9: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {14204#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:50:26,813 INFO L290 TraceCheckUtils]: 10: Hoare triple {14204#(= |old(#valid)| |#valid|)} ~size := #in~size; {14204#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:50:26,815 INFO L290 TraceCheckUtils]: 11: Hoare triple {14204#(= |old(#valid)| |#valid|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:26,815 INFO L290 TraceCheckUtils]: 12: Hoare triple {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} assume true; {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:26,816 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} #458#return; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:26,817 INFO L290 TraceCheckUtils]: 14: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:26,817 INFO L290 TraceCheckUtils]: 15: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:26,817 INFO L290 TraceCheckUtils]: 16: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(1bv1 == #valid[entry_point_~client~0#1.base]); {14170#false} is VALID [2022-02-20 23:50:26,818 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:26,818 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:29,173 INFO L290 TraceCheckUtils]: 16: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(1bv1 == #valid[entry_point_~client~0#1.base]); {14170#false} is VALID [2022-02-20 23:50:29,173 INFO L290 TraceCheckUtils]: 15: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:29,174 INFO L290 TraceCheckUtils]: 14: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:29,175 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} #458#return; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:29,176 INFO L290 TraceCheckUtils]: 12: Hoare triple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} assume true; {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:29,177 INFO L290 TraceCheckUtils]: 11: Hoare triple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:29,178 INFO L290 TraceCheckUtils]: 10: Hoare triple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} ~size := #in~size; {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:29,179 INFO L272 TraceCheckUtils]: 9: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:29,179 INFO L290 TraceCheckUtils]: 8: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:29,180 INFO L290 TraceCheckUtils]: 7: Hoare triple {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:29,181 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} {14169#true} #456#return; {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:29,181 INFO L290 TraceCheckUtils]: 5: Hoare triple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} assume true; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:29,182 INFO L290 TraceCheckUtils]: 4: Hoare triple {14169#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:29,183 INFO L290 TraceCheckUtils]: 3: Hoare triple {14169#true} ~size := #in~size; {14169#true} is VALID [2022-02-20 23:50:29,183 INFO L272 TraceCheckUtils]: 2: Hoare triple {14169#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {14169#true} is VALID [2022-02-20 23:50:29,183 INFO L290 TraceCheckUtils]: 1: Hoare triple {14169#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {14169#true} is VALID [2022-02-20 23:50:29,183 INFO L290 TraceCheckUtils]: 0: Hoare triple {14169#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {14169#true} is VALID [2022-02-20 23:50:29,183 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:29,184 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:29,184 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1629950791] [2022-02-20 23:50:29,184 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1629950791] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 23:50:29,184 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 23:50:29,184 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 5] total 7 [2022-02-20 23:50:29,184 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1819577807] [2022-02-20 23:50:29,185 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 23:50:29,185 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-02-20 23:50:29,185 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:29,185 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:29,216 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:29,216 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 23:50:29,216 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:29,217 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 23:50:29,217 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2022-02-20 23:50:29,217 INFO L87 Difference]: Start difference. First operand 346 states and 388 transitions. Second operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:33,596 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:33,596 INFO L93 Difference]: Finished difference Result 488 states and 560 transitions. [2022-02-20 23:50:33,596 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 23:50:33,596 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-02-20 23:50:33,596 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:33,596 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:33,600 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 524 transitions. [2022-02-20 23:50:33,600 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:33,604 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 524 transitions. [2022-02-20 23:50:33,604 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 524 transitions. [2022-02-20 23:50:34,143 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 524 edges. 524 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:34,152 INFO L225 Difference]: With dead ends: 488 [2022-02-20 23:50:34,152 INFO L226 Difference]: Without dead ends: 488 [2022-02-20 23:50:34,152 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 23 SyntacticMatches, 3 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 2.1s TimeCoverageRelationStatistics Valid=20, Invalid=52, Unknown=0, NotChecked=0, Total=72 [2022-02-20 23:50:34,153 INFO L933 BasicCegarLoop]: 273 mSDtfsCounter, 190 mSDsluCounter, 1070 mSDsCounter, 0 mSdLazyCounter, 748 mSolverCounterSat, 38 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 195 SdHoareTripleChecker+Valid, 1343 SdHoareTripleChecker+Invalid, 1231 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 38 IncrementalHoareTripleChecker+Valid, 748 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 445 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:34,153 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [195 Valid, 1343 Invalid, 1231 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [38 Valid, 748 Invalid, 0 Unknown, 445 Unchecked, 1.3s Time] [2022-02-20 23:50:34,154 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 488 states. [2022-02-20 23:50:34,160 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 488 to 362. [2022-02-20 23:50:34,160 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:34,160 INFO L82 GeneralOperation]: Start isEquivalent. First operand 488 states. Second operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:34,161 INFO L74 IsIncluded]: Start isIncluded. First operand 488 states. Second operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:34,161 INFO L87 Difference]: Start difference. First operand 488 states. Second operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:34,175 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:34,175 INFO L93 Difference]: Finished difference Result 488 states and 560 transitions. [2022-02-20 23:50:34,175 INFO L276 IsEmpty]: Start isEmpty. Operand 488 states and 560 transitions. [2022-02-20 23:50:34,177 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:34,177 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:34,177 INFO L74 IsIncluded]: Start isIncluded. First operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) Second operand 488 states. [2022-02-20 23:50:34,178 INFO L87 Difference]: Start difference. First operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) Second operand 488 states. [2022-02-20 23:50:34,191 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:34,191 INFO L93 Difference]: Finished difference Result 488 states and 560 transitions. [2022-02-20 23:50:34,192 INFO L276 IsEmpty]: Start isEmpty. Operand 488 states and 560 transitions. [2022-02-20 23:50:34,193 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:34,193 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:34,193 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:34,193 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:34,194 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:34,204 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 362 states to 362 states and 419 transitions. [2022-02-20 23:50:34,204 INFO L78 Accepts]: Start accepts. Automaton has 362 states and 419 transitions. Word has length 17 [2022-02-20 23:50:34,204 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:34,204 INFO L470 AbstractCegarLoop]: Abstraction has 362 states and 419 transitions. [2022-02-20 23:50:34,205 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:34,205 INFO L276 IsEmpty]: Start isEmpty. Operand 362 states and 419 transitions. [2022-02-20 23:50:34,205 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:34,205 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:34,205 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:34,214 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:34,414 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:34,414 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:34,414 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:34,414 INFO L85 PathProgramCache]: Analyzing trace with hash -2134885298, now seen corresponding path program 1 times [2022-02-20 23:50:34,415 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:34,415 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [713413673] [2022-02-20 23:50:34,415 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:34,415 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:34,415 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:34,416 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:34,419 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Waiting until timeout for monitored process [2022-02-20 23:50:34,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:34,487 INFO L263 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 18 conjunts are in the unsatisfiable core [2022-02-20 23:50:34,496 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:34,497 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:34,522 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:34,528 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:36,724 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-02-20 23:50:36,725 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-02-20 23:50:36,738 INFO L356 Elim1Store]: treesize reduction 4, result has 50.0 percent of original size [2022-02-20 23:50:36,738 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 11 [2022-02-20 23:50:36,776 INFO L290 TraceCheckUtils]: 0: Hoare triple {16103#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {16103#true} is VALID [2022-02-20 23:50:36,777 INFO L290 TraceCheckUtils]: 1: Hoare triple {16103#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {16103#true} is VALID [2022-02-20 23:50:36,777 INFO L272 TraceCheckUtils]: 2: Hoare triple {16103#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {16103#true} is VALID [2022-02-20 23:50:36,777 INFO L290 TraceCheckUtils]: 3: Hoare triple {16103#true} ~size := #in~size; {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} is VALID [2022-02-20 23:50:36,779 INFO L290 TraceCheckUtils]: 4: Hoare triple {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:36,779 INFO L290 TraceCheckUtils]: 5: Hoare triple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} assume true; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:36,780 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} {16103#true} #456#return; {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} is VALID [2022-02-20 23:50:36,780 INFO L290 TraceCheckUtils]: 7: Hoare triple {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:36,781 INFO L290 TraceCheckUtils]: 8: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:36,782 INFO L272 TraceCheckUtils]: 9: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:36,782 INFO L290 TraceCheckUtils]: 10: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} ~size := #in~size; {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:36,784 INFO L290 TraceCheckUtils]: 11: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:36,784 INFO L290 TraceCheckUtils]: 12: Hoare triple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} assume true; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:36,786 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} #458#return; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:36,787 INFO L290 TraceCheckUtils]: 14: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:36,787 INFO L290 TraceCheckUtils]: 15: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:36,788 INFO L290 TraceCheckUtils]: 16: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !((~bvule32(~bvadd32(4bv32, entry_point_~client~0#1.offset), #length[entry_point_~client~0#1.base]) && ~bvule32(entry_point_~client~0#1.offset, ~bvadd32(4bv32, entry_point_~client~0#1.offset))) && ~bvule32(0bv32, entry_point_~client~0#1.offset)); {16104#false} is VALID [2022-02-20 23:50:36,788 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:36,788 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:41,007 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:41,007 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [713413673] [2022-02-20 23:50:41,007 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [713413673] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 23:50:41,007 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [937468188] [2022-02-20 23:50:41,007 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:41,007 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-02-20 23:50:41,008 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2022-02-20 23:50:41,010 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-02-20 23:50:41,011 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (12)] Waiting until timeout for monitored process [2022-02-20 23:50:41,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:41,122 INFO L263 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 18 conjunts are in the unsatisfiable core [2022-02-20 23:50:41,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:41,132 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:41,152 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:41,157 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:41,314 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-02-20 23:50:41,315 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-02-20 23:50:41,325 INFO L356 Elim1Store]: treesize reduction 4, result has 50.0 percent of original size [2022-02-20 23:50:41,327 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 11 [2022-02-20 23:50:41,356 INFO L290 TraceCheckUtils]: 0: Hoare triple {16103#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {16103#true} is VALID [2022-02-20 23:50:41,357 INFO L290 TraceCheckUtils]: 1: Hoare triple {16103#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {16103#true} is VALID [2022-02-20 23:50:41,357 INFO L272 TraceCheckUtils]: 2: Hoare triple {16103#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {16103#true} is VALID [2022-02-20 23:50:41,357 INFO L290 TraceCheckUtils]: 3: Hoare triple {16103#true} ~size := #in~size; {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} is VALID [2022-02-20 23:50:41,358 INFO L290 TraceCheckUtils]: 4: Hoare triple {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:41,358 INFO L290 TraceCheckUtils]: 5: Hoare triple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} assume true; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:41,359 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} {16103#true} #456#return; {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} is VALID [2022-02-20 23:50:41,360 INFO L290 TraceCheckUtils]: 7: Hoare triple {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:41,360 INFO L290 TraceCheckUtils]: 8: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:41,361 INFO L272 TraceCheckUtils]: 9: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:41,361 INFO L290 TraceCheckUtils]: 10: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} ~size := #in~size; {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:41,362 INFO L290 TraceCheckUtils]: 11: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:41,363 INFO L290 TraceCheckUtils]: 12: Hoare triple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} assume true; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:41,365 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} #458#return; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:41,365 INFO L290 TraceCheckUtils]: 14: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:41,366 INFO L290 TraceCheckUtils]: 15: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:41,366 INFO L290 TraceCheckUtils]: 16: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !((~bvule32(~bvadd32(4bv32, entry_point_~client~0#1.offset), #length[entry_point_~client~0#1.base]) && ~bvule32(entry_point_~client~0#1.offset, ~bvadd32(4bv32, entry_point_~client~0#1.offset))) && ~bvule32(0bv32, entry_point_~client~0#1.offset)); {16104#false} is VALID [2022-02-20 23:50:41,366 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:41,366 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:45,585 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [937468188] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 23:50:45,585 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 23:50:45,585 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 8 [2022-02-20 23:50:45,585 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [479159117] [2022-02-20 23:50:45,585 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 23:50:45,586 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:45,586 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:45,586 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:45,602 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 17 edges. 17 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:45,602 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 23:50:45,602 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:45,603 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 23:50:45,603 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=84, Unknown=3, NotChecked=0, Total=110 [2022-02-20 23:50:45,603 INFO L87 Difference]: Start difference. First operand 362 states and 419 transitions. Second operand has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2)