./Ultimate.py --spec ../sv-benchmarks/c/properties/valid-memsafety.prp --file ../sv-benchmarks/c/ldv-memsafety/memleaks_test12-2.i --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test12-2.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 7f08d75c904d21d6573220c7737d451cd978e8a22a153e855f8d685d88a1eb60 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 23:49:53,879 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 23:49:53,882 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 23:49:53,922 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 23:49:53,923 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 23:49:53,924 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 23:49:53,926 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 23:49:53,928 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 23:49:53,930 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 23:49:53,931 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 23:49:53,932 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 23:49:53,933 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 23:49:53,934 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 23:49:53,937 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 23:49:53,938 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 23:49:53,939 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 23:49:53,941 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 23:49:53,942 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 23:49:53,943 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 23:49:53,949 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 23:49:53,953 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 23:49:53,954 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 23:49:53,954 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 23:49:53,955 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 23:49:53,957 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 23:49:53,959 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 23:49:53,960 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 23:49:53,960 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 23:49:53,961 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 23:49:53,962 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 23:49:53,963 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 23:49:53,963 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 23:49:53,964 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 23:49:53,965 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 23:49:53,966 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 23:49:53,966 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 23:49:53,967 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 23:49:53,967 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 23:49:53,968 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 23:49:53,968 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 23:49:53,969 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 23:49:53,969 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2022-02-20 23:49:53,994 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 23:49:53,995 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 23:49:53,996 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 23:49:53,996 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 23:49:53,997 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 23:49:53,997 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 23:49:53,998 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 23:49:53,998 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 23:49:53,998 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 23:49:53,998 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 23:49:53,999 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 23:49:53,999 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-02-20 23:49:53,999 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 23:49:53,999 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 23:49:53,999 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 23:49:54,000 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-02-20 23:49:54,000 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-02-20 23:49:54,000 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-02-20 23:49:54,000 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 23:49:54,001 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 23:49:54,001 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 23:49:54,003 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 23:49:54,006 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 23:49:54,006 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 23:49:54,007 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 23:49:54,007 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 23:49:54,007 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 23:49:54,007 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 23:49:54,007 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 23:49:54,007 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 23:49:54,008 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 7f08d75c904d21d6573220c7737d451cd978e8a22a153e855f8d685d88a1eb60 [2022-02-20 23:49:54,222 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 23:49:54,243 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 23:49:54,245 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 23:49:54,246 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 23:49:54,246 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 23:49:54,247 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test12-2.i [2022-02-20 23:49:54,293 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3bfacd69c/27b38bbf6dc64ac68cde8ad9bc316e78/FLAG5614eb44f [2022-02-20 23:49:54,780 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 23:49:54,780 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test12-2.i [2022-02-20 23:49:54,800 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3bfacd69c/27b38bbf6dc64ac68cde8ad9bc316e78/FLAG5614eb44f [2022-02-20 23:49:55,277 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3bfacd69c/27b38bbf6dc64ac68cde8ad9bc316e78 [2022-02-20 23:49:55,279 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 23:49:55,280 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 23:49:55,281 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:55,281 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 23:49:55,283 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 23:49:55,284 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:55" (1/1) ... [2022-02-20 23:49:55,285 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@661b8e65 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:55, skipping insertion in model container [2022-02-20 23:49:55,285 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:55" (1/1) ... [2022-02-20 23:49:55,289 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 23:49:55,331 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 23:49:55,677 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:55,687 ERROR L326 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types where the value type is smaller than the cast-to type while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2022-02-20 23:49:55,688 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@77e35b49 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:55, skipping insertion in model container [2022-02-20 23:49:55,688 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:55,689 INFO L184 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.procedureinliner [2022-02-20 23:49:55,691 INFO L158 Benchmark]: Toolchain (without parser) took 409.52ms. Allocated memory was 94.4MB in the beginning and 163.6MB in the end (delta: 69.2MB). Free memory was 63.3MB in the beginning and 131.1MB in the end (delta: -67.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 23:49:55,692 INFO L158 Benchmark]: CDTParser took 0.16ms. Allocated memory is still 94.4MB. Free memory is still 51.5MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 23:49:55,693 INFO L158 Benchmark]: CACSL2BoogieTranslator took 407.57ms. Allocated memory was 94.4MB in the beginning and 163.6MB in the end (delta: 69.2MB). Free memory was 63.3MB in the beginning and 131.1MB in the end (delta: -67.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 23:49:55,694 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.16ms. Allocated memory is still 94.4MB. Free memory is still 51.5MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 407.57ms. Allocated memory was 94.4MB in the beginning and 163.6MB in the end (delta: 69.2MB). Free memory was 63.3MB in the beginning and 131.1MB in the end (delta: -67.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 576]: Unsupported Syntax Found a cast between two array/pointer types where the value type is smaller than the cast-to type while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerMemDerefMemtrack.xml -i ../sv-benchmarks/c/ldv-memsafety/memleaks_test12-2.i -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 7f08d75c904d21d6573220c7737d451cd978e8a22a153e855f8d685d88a1eb60 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 23:49:57,152 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 23:49:57,154 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 23:49:57,188 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 23:49:57,188 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 23:49:57,191 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 23:49:57,192 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 23:49:57,196 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 23:49:57,198 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 23:49:57,201 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 23:49:57,202 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 23:49:57,209 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 23:49:57,210 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 23:49:57,212 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 23:49:57,213 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 23:49:57,216 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 23:49:57,218 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 23:49:57,218 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 23:49:57,219 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 23:49:57,220 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 23:49:57,221 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 23:49:57,222 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 23:49:57,222 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 23:49:57,224 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 23:49:57,228 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 23:49:57,231 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 23:49:57,232 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 23:49:57,233 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 23:49:57,234 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 23:49:57,234 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 23:49:57,235 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 23:49:57,235 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 23:49:57,236 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 23:49:57,237 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 23:49:57,238 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 23:49:57,238 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 23:49:57,239 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 23:49:57,239 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 23:49:57,239 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 23:49:57,241 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 23:49:57,241 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 23:49:57,242 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2022-02-20 23:49:57,265 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 23:49:57,266 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 23:49:57,267 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 23:49:57,267 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 23:49:57,268 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 23:49:57,268 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 23:49:57,269 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 23:49:57,269 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 23:49:57,269 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 23:49:57,270 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 23:49:57,270 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 23:49:57,270 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-02-20 23:49:57,270 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 23:49:57,271 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 23:49:57,271 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 23:49:57,271 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-02-20 23:49:57,271 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-02-20 23:49:57,271 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-02-20 23:49:57,271 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 23:49:57,272 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 23:49:57,272 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-02-20 23:49:57,272 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-02-20 23:49:57,272 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 23:49:57,272 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 23:49:57,272 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 23:49:57,273 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 23:49:57,273 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 23:49:57,273 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 23:49:57,273 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 23:49:57,273 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 23:49:57,273 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-02-20 23:49:57,273 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-02-20 23:49:57,274 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-02-20 23:49:57,274 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 7f08d75c904d21d6573220c7737d451cd978e8a22a153e855f8d685d88a1eb60 [2022-02-20 23:49:57,540 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 23:49:57,558 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 23:49:57,559 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 23:49:57,560 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 23:49:57,561 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 23:49:57,562 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/ldv-memsafety/memleaks_test12-2.i [2022-02-20 23:49:57,614 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/acf8c305e/aaa63de1fd184cbeb3aa8b9a1360ae76/FLAG8c77b1de5 [2022-02-20 23:49:58,067 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 23:49:58,068 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/ldv-memsafety/memleaks_test12-2.i [2022-02-20 23:49:58,089 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/acf8c305e/aaa63de1fd184cbeb3aa8b9a1360ae76/FLAG8c77b1de5 [2022-02-20 23:49:58,585 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/acf8c305e/aaa63de1fd184cbeb3aa8b9a1360ae76 [2022-02-20 23:49:58,588 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 23:49:58,590 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 23:49:58,592 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:58,592 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 23:49:58,595 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 23:49:58,596 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:58" (1/1) ... [2022-02-20 23:49:58,596 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1da5ded5 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:58, skipping insertion in model container [2022-02-20 23:49:58,596 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 11:49:58" (1/1) ... [2022-02-20 23:49:58,601 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 23:49:58,645 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 23:49:59,023 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:59,048 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-02-20 23:49:59,053 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 23:49:59,118 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:59,132 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 23:49:59,194 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 23:49:59,233 INFO L208 MainTranslator]: Completed translation [2022-02-20 23:49:59,234 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59 WrapperNode [2022-02-20 23:49:59,234 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 23:49:59,235 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 23:49:59,235 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 23:49:59,235 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 23:49:59,240 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,266 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,289 INFO L137 Inliner]: procedures = 179, calls = 145, calls flagged for inlining = 33, calls inlined = 20, statements flattened = 332 [2022-02-20 23:49:59,290 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 23:49:59,290 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 23:49:59,290 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 23:49:59,290 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 23:49:59,295 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,296 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,299 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,309 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,324 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,327 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,329 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,333 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 23:49:59,333 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 23:49:59,334 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 23:49:59,334 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 23:49:59,334 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (1/1) ... [2022-02-20 23:49:59,346 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 23:49:59,362 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 23:49:59,372 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 23:49:59,390 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 23:49:59,400 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE1 [2022-02-20 23:49:59,401 INFO L130 BoogieDeclarations]: Found specification of procedure read~intINTTYPE4 [2022-02-20 23:49:59,401 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~$Pointer$ [2022-02-20 23:49:59,401 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~$Pointer$ [2022-02-20 23:49:59,401 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.C_memcpy [2022-02-20 23:49:59,401 INFO L138 BoogieDeclarations]: Found implementation of procedure #Ultimate.C_memcpy [2022-02-20 23:49:59,401 INFO L130 BoogieDeclarations]: Found specification of procedure LDV_INIT_LIST_HEAD [2022-02-20 23:49:59,401 INFO L138 BoogieDeclarations]: Found implementation of procedure LDV_INIT_LIST_HEAD [2022-02-20 23:49:59,401 INFO L130 BoogieDeclarations]: Found specification of procedure __ldv_list_add [2022-02-20 23:49:59,401 INFO L138 BoogieDeclarations]: Found implementation of procedure __ldv_list_add [2022-02-20 23:49:59,402 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2022-02-20 23:49:59,402 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2022-02-20 23:49:59,402 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~intINTTYPE4 [2022-02-20 23:49:59,402 INFO L130 BoogieDeclarations]: Found specification of procedure write~unchecked~intINTTYPE1 [2022-02-20 23:49:59,402 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2022-02-20 23:49:59,402 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 23:49:59,402 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_msg_free [2022-02-20 23:49:59,402 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_msg_free [2022-02-20 23:49:59,402 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnStack [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~intINTTYPE4 [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure read~$Pointer$ [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure write~intINTTYPE1 [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.dealloc [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE4 [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure read~unchecked~intINTTYPE1 [2022-02-20 23:49:59,403 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 23:49:59,404 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 23:49:59,548 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 23:49:59,549 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 23:49:59,551 WARN L813 $ProcedureCfgBuilder]: Label in the middle of a codeblock. [2022-02-20 23:50:00,469 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 23:50:00,483 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 23:50:00,484 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 23:50:00,486 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 11:50:00 BoogieIcfgContainer [2022-02-20 23:50:00,486 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 23:50:00,488 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 23:50:00,488 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 23:50:00,490 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 23:50:00,491 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 11:49:58" (1/3) ... [2022-02-20 23:50:00,491 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5d22d760 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 11:50:00, skipping insertion in model container [2022-02-20 23:50:00,492 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 11:49:59" (2/3) ... [2022-02-20 23:50:00,492 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@5d22d760 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 11:50:00, skipping insertion in model container [2022-02-20 23:50:00,492 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 11:50:00" (3/3) ... [2022-02-20 23:50:00,493 INFO L111 eAbstractionObserver]: Analyzing ICFG memleaks_test12-2.i [2022-02-20 23:50:00,497 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 23:50:00,497 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 124 error locations. [2022-02-20 23:50:00,527 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 23:50:00,532 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=false, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=All, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 23:50:00,532 INFO L340 AbstractCegarLoop]: Starting to check reachability of 124 error locations. [2022-02-20 23:50:00,549 INFO L276 IsEmpty]: Start isEmpty. Operand has 313 states, 171 states have (on average 1.8654970760233918) internal successors, (319), 294 states have internal predecessors, (319), 15 states have call successors, (15), 5 states have call predecessors, (15), 5 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-20 23:50:00,553 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-02-20 23:50:00,553 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:00,553 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:00,554 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr89REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:00,556 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:00,557 INFO L85 PathProgramCache]: Analyzing trace with hash -297378988, now seen corresponding path program 1 times [2022-02-20 23:50:00,564 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:00,565 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1601883679] [2022-02-20 23:50:00,565 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:00,566 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:00,566 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:00,568 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:00,569 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-02-20 23:50:00,666 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:00,668 INFO L263 TraceCheckSpWp]: Trace formula consists of 34 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 23:50:00,696 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:00,698 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:00,947 INFO L290 TraceCheckUtils]: 0: Hoare triple {316#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:00,948 INFO L290 TraceCheckUtils]: 1: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:00,949 INFO L272 TraceCheckUtils]: 2: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:00,949 INFO L290 TraceCheckUtils]: 3: Hoare triple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} ~size := #in~size; {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:00,950 INFO L290 TraceCheckUtils]: 4: Hoare triple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:00,950 INFO L290 TraceCheckUtils]: 5: Hoare triple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume true; {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:00,951 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {328#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} #456#return; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:00,953 INFO L290 TraceCheckUtils]: 7: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:00,954 INFO L290 TraceCheckUtils]: 8: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:00,954 INFO L290 TraceCheckUtils]: 9: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:00,955 INFO L290 TraceCheckUtils]: 10: Hoare triple {321#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume !(1bv1 == #valid[~#ldv_global_msg_list~0.base]); {317#false} is VALID [2022-02-20 23:50:00,956 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:00,956 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:00,957 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:00,957 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1601883679] [2022-02-20 23:50:00,957 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1601883679] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:00,957 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:00,958 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 23:50:00,959 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [175550306] [2022-02-20 23:50:00,961 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:00,964 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:00,965 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:00,973 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:00,986 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:00,986 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 23:50:00,986 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:01,003 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 23:50:01,005 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 23:50:01,010 INFO L87 Difference]: Start difference. First operand has 313 states, 171 states have (on average 1.8654970760233918) internal successors, (319), 294 states have internal predecessors, (319), 15 states have call successors, (15), 5 states have call predecessors, (15), 5 states have return successors, (15), 15 states have call predecessors, (15), 15 states have call successors, (15) Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:03,176 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:03,176 INFO L93 Difference]: Finished difference Result 412 states and 459 transitions. [2022-02-20 23:50:03,177 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 23:50:03,177 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:03,177 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:03,178 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:03,188 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 463 transitions. [2022-02-20 23:50:03,189 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:03,195 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 463 transitions. [2022-02-20 23:50:03,196 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 463 transitions. [2022-02-20 23:50:03,658 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 463 edges. 463 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:03,677 INFO L225 Difference]: With dead ends: 412 [2022-02-20 23:50:03,677 INFO L226 Difference]: Without dead ends: 408 [2022-02-20 23:50:03,678 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:03,681 INFO L933 BasicCegarLoop]: 234 mSDtfsCounter, 299 mSDsluCounter, 288 mSDsCounter, 0 mSdLazyCounter, 309 mSolverCounterSat, 27 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 304 SdHoareTripleChecker+Valid, 522 SdHoareTripleChecker+Invalid, 336 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 27 IncrementalHoareTripleChecker+Valid, 309 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:03,681 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [304 Valid, 522 Invalid, 336 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [27 Valid, 309 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2022-02-20 23:50:03,693 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 408 states. [2022-02-20 23:50:03,711 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 408 to 344. [2022-02-20 23:50:03,711 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:03,713 INFO L82 GeneralOperation]: Start isEquivalent. First operand 408 states. Second operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:03,714 INFO L74 IsIncluded]: Start isIncluded. First operand 408 states. Second operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:03,716 INFO L87 Difference]: Start difference. First operand 408 states. Second operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:03,733 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:03,733 INFO L93 Difference]: Finished difference Result 408 states and 455 transitions. [2022-02-20 23:50:03,733 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 455 transitions. [2022-02-20 23:50:03,736 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:03,736 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:03,737 INFO L74 IsIncluded]: Start isIncluded. First operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) Second operand 408 states. [2022-02-20 23:50:03,737 INFO L87 Difference]: Start difference. First operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) Second operand 408 states. [2022-02-20 23:50:03,753 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:03,753 INFO L93 Difference]: Finished difference Result 408 states and 455 transitions. [2022-02-20 23:50:03,753 INFO L276 IsEmpty]: Start isEmpty. Operand 408 states and 455 transitions. [2022-02-20 23:50:03,755 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:03,755 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:03,755 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:03,755 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:03,756 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 344 states, 200 states have (on average 1.83) internal successors, (366), 321 states have internal predecessors, (366), 17 states have call successors, (17), 7 states have call predecessors, (17), 7 states have return successors, (19), 17 states have call predecessors, (19), 17 states have call successors, (19) [2022-02-20 23:50:03,766 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 344 states to 344 states and 402 transitions. [2022-02-20 23:50:03,767 INFO L78 Accepts]: Start accepts. Automaton has 344 states and 402 transitions. Word has length 11 [2022-02-20 23:50:03,768 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:03,768 INFO L470 AbstractCegarLoop]: Abstraction has 344 states and 402 transitions. [2022-02-20 23:50:03,768 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:03,768 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 402 transitions. [2022-02-20 23:50:03,769 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-02-20 23:50:03,769 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:03,769 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:03,795 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:03,976 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:03,976 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr90REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:03,976 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:03,977 INFO L85 PathProgramCache]: Analyzing trace with hash -297378987, now seen corresponding path program 1 times [2022-02-20 23:50:03,977 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:03,977 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2074084318] [2022-02-20 23:50:03,977 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:03,977 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:03,978 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:03,978 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:03,981 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-02-20 23:50:04,161 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:04,176 INFO L263 TraceCheckSpWp]: Trace formula consists of 34 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 23:50:04,186 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:04,187 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:04,339 INFO L290 TraceCheckUtils]: 0: Hoare triple {1926#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,340 INFO L290 TraceCheckUtils]: 1: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,340 INFO L272 TraceCheckUtils]: 2: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,341 INFO L290 TraceCheckUtils]: 3: Hoare triple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} ~size := #in~size; {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,342 INFO L290 TraceCheckUtils]: 4: Hoare triple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,342 INFO L290 TraceCheckUtils]: 5: Hoare triple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume true; {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,343 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {1938#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} #456#return; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,344 INFO L290 TraceCheckUtils]: 7: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,344 INFO L290 TraceCheckUtils]: 8: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,345 INFO L290 TraceCheckUtils]: 9: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:04,345 INFO L290 TraceCheckUtils]: 10: Hoare triple {1931#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume !((~bvule32(~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), #length[~#ldv_global_msg_list~0.base]) && ~bvule32(~#ldv_global_msg_list~0.offset, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset))) && ~bvule32(0bv32, ~#ldv_global_msg_list~0.offset)); {1927#false} is VALID [2022-02-20 23:50:04,346 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:04,346 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:04,346 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:04,346 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2074084318] [2022-02-20 23:50:04,346 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2074084318] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:04,346 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:04,347 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 23:50:04,347 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [413043146] [2022-02-20 23:50:04,347 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:04,348 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:04,348 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:04,348 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:04,357 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:04,358 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 23:50:04,358 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:04,358 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 23:50:04,359 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 23:50:04,359 INFO L87 Difference]: Start difference. First operand 344 states and 402 transitions. Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:06,663 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:06,663 INFO L93 Difference]: Finished difference Result 476 states and 564 transitions. [2022-02-20 23:50:06,663 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 23:50:06,663 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:06,664 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:06,664 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:06,669 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 472 transitions. [2022-02-20 23:50:06,669 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:06,674 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 472 transitions. [2022-02-20 23:50:06,674 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 472 transitions. [2022-02-20 23:50:07,065 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 472 edges. 472 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:07,091 INFO L225 Difference]: With dead ends: 476 [2022-02-20 23:50:07,091 INFO L226 Difference]: Without dead ends: 476 [2022-02-20 23:50:07,091 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:07,092 INFO L933 BasicCegarLoop]: 370 mSDtfsCounter, 131 mSDsluCounter, 479 mSDsCounter, 0 mSdLazyCounter, 306 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 132 SdHoareTripleChecker+Valid, 849 SdHoareTripleChecker+Invalid, 315 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 306 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:07,093 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [132 Valid, 849 Invalid, 315 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 306 Invalid, 0 Unknown, 0 Unchecked, 0.7s Time] [2022-02-20 23:50:07,094 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 476 states. [2022-02-20 23:50:07,112 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 476 to 407. [2022-02-20 23:50:07,116 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:07,117 INFO L82 GeneralOperation]: Start isEquivalent. First operand 476 states. Second operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:07,118 INFO L74 IsIncluded]: Start isIncluded. First operand 476 states. Second operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:07,119 INFO L87 Difference]: Start difference. First operand 476 states. Second operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:07,133 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:07,133 INFO L93 Difference]: Finished difference Result 476 states and 564 transitions. [2022-02-20 23:50:07,133 INFO L276 IsEmpty]: Start isEmpty. Operand 476 states and 564 transitions. [2022-02-20 23:50:07,135 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:07,135 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:07,137 INFO L74 IsIncluded]: Start isIncluded. First operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) Second operand 476 states. [2022-02-20 23:50:07,139 INFO L87 Difference]: Start difference. First operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) Second operand 476 states. [2022-02-20 23:50:07,151 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:07,152 INFO L93 Difference]: Finished difference Result 476 states and 564 transitions. [2022-02-20 23:50:07,152 INFO L276 IsEmpty]: Start isEmpty. Operand 476 states and 564 transitions. [2022-02-20 23:50:07,153 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:07,153 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:07,153 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:07,153 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:07,154 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 407 states, 256 states have (on average 1.83203125) internal successors, (469), 376 states have internal predecessors, (469), 22 states have call successors, (22), 9 states have call predecessors, (22), 9 states have return successors, (29), 23 states have call predecessors, (29), 22 states have call successors, (29) [2022-02-20 23:50:07,163 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 407 states to 407 states and 520 transitions. [2022-02-20 23:50:07,164 INFO L78 Accepts]: Start accepts. Automaton has 407 states and 520 transitions. Word has length 11 [2022-02-20 23:50:07,164 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:07,164 INFO L470 AbstractCegarLoop]: Abstraction has 407 states and 520 transitions. [2022-02-20 23:50:07,164 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 3 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:07,165 INFO L276 IsEmpty]: Start isEmpty. Operand 407 states and 520 transitions. [2022-02-20 23:50:07,165 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-02-20 23:50:07,165 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:07,165 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:07,173 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:07,372 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:07,372 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting ULTIMATE.startErr90REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:07,372 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:07,372 INFO L85 PathProgramCache]: Analyzing trace with hash -1184882668, now seen corresponding path program 1 times [2022-02-20 23:50:07,373 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:07,373 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [310784543] [2022-02-20 23:50:07,373 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:07,373 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:07,373 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:07,374 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:07,376 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-02-20 23:50:07,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:07,436 INFO L263 TraceCheckSpWp]: Trace formula consists of 40 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 23:50:07,444 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:07,445 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:07,478 INFO L290 TraceCheckUtils]: 0: Hoare triple {3799#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {3799#true} is VALID [2022-02-20 23:50:07,478 INFO L290 TraceCheckUtils]: 1: Hoare triple {3799#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {3799#true} is VALID [2022-02-20 23:50:07,483 INFO L272 TraceCheckUtils]: 2: Hoare triple {3799#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {3799#true} is VALID [2022-02-20 23:50:07,483 INFO L290 TraceCheckUtils]: 3: Hoare triple {3799#true} ~size := #in~size; {3799#true} is VALID [2022-02-20 23:50:07,483 INFO L290 TraceCheckUtils]: 4: Hoare triple {3799#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:07,484 INFO L290 TraceCheckUtils]: 5: Hoare triple {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:07,484 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {3816#(not (= |ldv_malloc_#res.base| (_ bv0 32)))} {3799#true} #456#return; {3823#(not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:07,485 INFO L290 TraceCheckUtils]: 7: Hoare triple {3823#(not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {3827#(not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:07,485 INFO L290 TraceCheckUtils]: 8: Hoare triple {3827#(not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {3800#false} is VALID [2022-02-20 23:50:07,485 INFO L290 TraceCheckUtils]: 9: Hoare triple {3800#false} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {3800#false} is VALID [2022-02-20 23:50:07,485 INFO L290 TraceCheckUtils]: 10: Hoare triple {3800#false} assume !((~bvule32(~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), #length[~#ldv_global_msg_list~0.base]) && ~bvule32(~#ldv_global_msg_list~0.offset, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset))) && ~bvule32(0bv32, ~#ldv_global_msg_list~0.offset)); {3800#false} is VALID [2022-02-20 23:50:07,486 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:07,486 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:07,486 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:07,486 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [310784543] [2022-02-20 23:50:07,486 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [310784543] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:07,486 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:07,486 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 23:50:07,487 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1463101171] [2022-02-20 23:50:07,487 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:07,487 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:07,487 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:07,487 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:07,495 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 11 edges. 11 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:07,495 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:07,496 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:07,496 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:07,496 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:07,496 INFO L87 Difference]: Start difference. First operand 407 states and 520 transitions. Second operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:09,706 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:09,706 INFO L93 Difference]: Finished difference Result 649 states and 797 transitions. [2022-02-20 23:50:09,707 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:09,707 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-02-20 23:50:09,707 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:09,707 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:09,712 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 650 transitions. [2022-02-20 23:50:09,713 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:09,718 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 650 transitions. [2022-02-20 23:50:09,718 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 650 transitions. [2022-02-20 23:50:10,259 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 650 edges. 650 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:10,272 INFO L225 Difference]: With dead ends: 649 [2022-02-20 23:50:10,273 INFO L226 Difference]: Without dead ends: 649 [2022-02-20 23:50:10,273 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:10,274 INFO L933 BasicCegarLoop]: 390 mSDtfsCounter, 259 mSDsluCounter, 1111 mSDsCounter, 0 mSdLazyCounter, 72 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 277 SdHoareTripleChecker+Valid, 1501 SdHoareTripleChecker+Invalid, 73 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 72 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:10,274 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [277 Valid, 1501 Invalid, 73 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 72 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 23:50:10,275 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 649 states. [2022-02-20 23:50:10,283 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 649 to 392. [2022-02-20 23:50:10,284 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:10,284 INFO L82 GeneralOperation]: Start isEquivalent. First operand 649 states. Second operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:10,285 INFO L74 IsIncluded]: Start isIncluded. First operand 649 states. Second operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:10,286 INFO L87 Difference]: Start difference. First operand 649 states. Second operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:10,303 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:10,303 INFO L93 Difference]: Finished difference Result 649 states and 797 transitions. [2022-02-20 23:50:10,303 INFO L276 IsEmpty]: Start isEmpty. Operand 649 states and 797 transitions. [2022-02-20 23:50:10,305 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:10,305 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:10,306 INFO L74 IsIncluded]: Start isIncluded. First operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 649 states. [2022-02-20 23:50:10,306 INFO L87 Difference]: Start difference. First operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 649 states. [2022-02-20 23:50:10,322 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:10,323 INFO L93 Difference]: Finished difference Result 649 states and 797 transitions. [2022-02-20 23:50:10,323 INFO L276 IsEmpty]: Start isEmpty. Operand 649 states and 797 transitions. [2022-02-20 23:50:10,325 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:10,325 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:10,327 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:10,327 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:10,329 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 392 states, 241 states have (on average 1.8215767634854771) internal successors, (439), 362 states have internal predecessors, (439), 21 states have call successors, (21), 9 states have call predecessors, (21), 10 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:10,341 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 392 states to 392 states and 494 transitions. [2022-02-20 23:50:10,341 INFO L78 Accepts]: Start accepts. Automaton has 392 states and 494 transitions. Word has length 11 [2022-02-20 23:50:10,342 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:10,342 INFO L470 AbstractCegarLoop]: Abstraction has 392 states and 494 transitions. [2022-02-20 23:50:10,342 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:10,342 INFO L276 IsEmpty]: Start isEmpty. Operand 392 states and 494 transitions. [2022-02-20 23:50:10,342 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 14 [2022-02-20 23:50:10,342 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:10,343 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:10,353 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:10,553 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:10,553 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting ULTIMATE.startErr91REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:10,554 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:10,554 INFO L85 PathProgramCache]: Analyzing trace with hash 1981613461, now seen corresponding path program 1 times [2022-02-20 23:50:10,555 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:10,555 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [822132952] [2022-02-20 23:50:10,555 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:10,556 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:10,556 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:10,557 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:10,558 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-02-20 23:50:10,611 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:10,613 INFO L263 TraceCheckSpWp]: Trace formula consists of 44 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 23:50:10,620 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:10,621 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:10,768 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2022-02-20 23:50:10,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {6175#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:10,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:10,792 INFO L272 TraceCheckUtils]: 2: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:10,793 INFO L290 TraceCheckUtils]: 3: Hoare triple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} ~size := #in~size; {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:10,793 INFO L290 TraceCheckUtils]: 4: Hoare triple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:10,793 INFO L290 TraceCheckUtils]: 5: Hoare triple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume true; {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:50:10,794 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {6187#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} #456#return; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:10,795 INFO L290 TraceCheckUtils]: 7: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:10,795 INFO L290 TraceCheckUtils]: 8: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:10,796 INFO L290 TraceCheckUtils]: 9: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:50:10,796 INFO L290 TraceCheckUtils]: 10: Hoare triple {6180#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} SUMMARY for call ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset := read~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32); srcloc: L607 {6212#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} is VALID [2022-02-20 23:50:10,797 INFO L290 TraceCheckUtils]: 11: Hoare triple {6212#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset := ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset := ldv_destroy_msgs_~__mptr~0#1.base, ~bvsub32(ldv_destroy_msgs_~__mptr~0#1.offset, 4bv32); {6216#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} is VALID [2022-02-20 23:50:10,797 INFO L290 TraceCheckUtils]: 12: Hoare triple {6216#(and (= (_ bv1 1) (select |#valid| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} assume !(1bv1 == #valid[ldv_destroy_msgs_~msg~1#1.base]); {6176#false} is VALID [2022-02-20 23:50:10,798 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:10,798 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:10,798 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:10,798 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [822132952] [2022-02-20 23:50:10,798 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [822132952] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:10,798 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:10,798 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 23:50:10,798 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1522575443] [2022-02-20 23:50:10,799 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:10,799 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:10,799 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:10,799 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:10,811 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 13 edges. 13 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:10,811 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 23:50:10,811 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:10,812 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 23:50:10,812 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 23:50:10,812 INFO L87 Difference]: Start difference. First operand 392 states and 494 transitions. Second operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:14,345 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:14,345 INFO L93 Difference]: Finished difference Result 436 states and 541 transitions. [2022-02-20 23:50:14,345 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 23:50:14,346 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:14,346 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:14,346 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:14,349 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 387 transitions. [2022-02-20 23:50:14,350 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:14,352 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 387 transitions. [2022-02-20 23:50:14,352 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 387 transitions. [2022-02-20 23:50:14,658 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 387 edges. 387 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:14,664 INFO L225 Difference]: With dead ends: 436 [2022-02-20 23:50:14,665 INFO L226 Difference]: Without dead ends: 436 [2022-02-20 23:50:14,665 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 23:50:14,666 INFO L933 BasicCegarLoop]: 323 mSDtfsCounter, 59 mSDsluCounter, 829 mSDsCounter, 0 mSdLazyCounter, 562 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 59 SdHoareTripleChecker+Valid, 1152 SdHoareTripleChecker+Invalid, 567 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 562 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:14,666 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [59 Valid, 1152 Invalid, 567 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 562 Invalid, 0 Unknown, 0 Unchecked, 0.8s Time] [2022-02-20 23:50:14,667 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 436 states. [2022-02-20 23:50:14,672 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 436 to 404. [2022-02-20 23:50:14,672 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:14,673 INFO L82 GeneralOperation]: Start isEquivalent. First operand 436 states. Second operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:14,674 INFO L74 IsIncluded]: Start isIncluded. First operand 436 states. Second operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:14,674 INFO L87 Difference]: Start difference. First operand 436 states. Second operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:14,683 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:14,683 INFO L93 Difference]: Finished difference Result 436 states and 541 transitions. [2022-02-20 23:50:14,683 INFO L276 IsEmpty]: Start isEmpty. Operand 436 states and 541 transitions. [2022-02-20 23:50:14,684 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:14,684 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:14,685 INFO L74 IsIncluded]: Start isIncluded. First operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 436 states. [2022-02-20 23:50:14,685 INFO L87 Difference]: Start difference. First operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 436 states. [2022-02-20 23:50:14,694 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:14,694 INFO L93 Difference]: Finished difference Result 436 states and 541 transitions. [2022-02-20 23:50:14,694 INFO L276 IsEmpty]: Start isEmpty. Operand 436 states and 541 transitions. [2022-02-20 23:50:14,695 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:14,695 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:14,695 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:14,695 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:14,696 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 404 states, 250 states have (on average 1.804) internal successors, (451), 372 states have internal predecessors, (451), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:14,703 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 404 states to 404 states and 506 transitions. [2022-02-20 23:50:14,703 INFO L78 Accepts]: Start accepts. Automaton has 404 states and 506 transitions. Word has length 13 [2022-02-20 23:50:14,704 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:14,704 INFO L470 AbstractCegarLoop]: Abstraction has 404 states and 506 transitions. [2022-02-20 23:50:14,704 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:14,704 INFO L276 IsEmpty]: Start isEmpty. Operand 404 states and 506 transitions. [2022-02-20 23:50:14,704 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 14 [2022-02-20 23:50:14,704 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:14,704 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:14,711 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Ended with exit code 0 [2022-02-20 23:50:14,910 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:14,911 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting ULTIMATE.startErr92REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:14,911 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:14,911 INFO L85 PathProgramCache]: Analyzing trace with hash 1981613462, now seen corresponding path program 1 times [2022-02-20 23:50:14,911 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:14,912 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [996491924] [2022-02-20 23:50:14,912 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:14,912 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:14,912 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:14,913 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:14,915 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-02-20 23:50:14,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:14,965 INFO L263 TraceCheckSpWp]: Trace formula consists of 44 conjuncts, 14 conjunts are in the unsatisfiable core [2022-02-20 23:50:14,973 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:14,973 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:15,206 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2022-02-20 23:50:15,211 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 7 [2022-02-20 23:50:15,249 INFO L290 TraceCheckUtils]: 0: Hoare triple {7937#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,250 INFO L290 TraceCheckUtils]: 1: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,255 INFO L272 TraceCheckUtils]: 2: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,256 INFO L290 TraceCheckUtils]: 3: Hoare triple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} ~size := #in~size; {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,256 INFO L290 TraceCheckUtils]: 4: Hoare triple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,257 INFO L290 TraceCheckUtils]: 5: Hoare triple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume true; {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,276 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {7949#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |#length| |old(#length)|) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} #456#return; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,276 INFO L290 TraceCheckUtils]: 7: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,277 INFO L290 TraceCheckUtils]: 8: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,277 INFO L290 TraceCheckUtils]: 9: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:15,278 INFO L290 TraceCheckUtils]: 10: Hoare triple {7942#(and (= |~#ldv_global_msg_list~0.base| (select (select |#memory_$Pointer$.base| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (select (select |#memory_$Pointer$.offset| |~#ldv_global_msg_list~0.base|) |~#ldv_global_msg_list~0.offset|) |~#ldv_global_msg_list~0.offset|) (= |~#ldv_global_msg_list~0.offset| (_ bv0 32)))} SUMMARY for call ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset := read~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32); srcloc: L607 {7974#(and (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.offset| (_ bv0 32)) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} is VALID [2022-02-20 23:50:15,278 INFO L290 TraceCheckUtils]: 11: Hoare triple {7974#(and (= (_ bv8 32) (select |#length| (_ bv1 32))) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.offset| (_ bv0 32)) (= |ULTIMATE.start_ldv_destroy_msgs_#t~mem23#1.base| (_ bv1 32)))} ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset := ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset := ldv_destroy_msgs_~__mptr~0#1.base, ~bvsub32(ldv_destroy_msgs_~__mptr~0#1.offset, 4bv32); {7978#(and (= (_ bv4294967292 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.offset|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} is VALID [2022-02-20 23:50:15,279 INFO L290 TraceCheckUtils]: 12: Hoare triple {7978#(and (= (_ bv4294967292 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.offset|) (= (_ bv8 32) (select |#length| (_ bv1 32))) (= (_ bv1 32) |ULTIMATE.start_ldv_destroy_msgs_~msg~1#1.base|))} assume !((~bvule32(~bvadd32(4bv32, ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset)), #length[ldv_destroy_msgs_~msg~1#1.base]) && ~bvule32(~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset), ~bvadd32(4bv32, ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset)))) && ~bvule32(0bv32, ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset))); {7938#false} is VALID [2022-02-20 23:50:15,279 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:15,279 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:15,279 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:15,280 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [996491924] [2022-02-20 23:50:15,280 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [996491924] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:15,280 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:15,280 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 23:50:15,280 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [44443777] [2022-02-20 23:50:15,280 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:15,282 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:15,282 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:15,284 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:15,298 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 13 edges. 13 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:15,298 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 23:50:15,298 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:15,299 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 23:50:15,299 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 23:50:15,299 INFO L87 Difference]: Start difference. First operand 404 states and 506 transitions. Second operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:19,132 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:19,132 INFO L93 Difference]: Finished difference Result 424 states and 522 transitions. [2022-02-20 23:50:19,132 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 23:50:19,132 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 13 [2022-02-20 23:50:19,133 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:19,133 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:19,135 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 380 transitions. [2022-02-20 23:50:19,135 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:19,136 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 380 transitions. [2022-02-20 23:50:19,137 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 380 transitions. [2022-02-20 23:50:19,468 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 380 edges. 380 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:19,474 INFO L225 Difference]: With dead ends: 424 [2022-02-20 23:50:19,474 INFO L226 Difference]: Without dead ends: 424 [2022-02-20 23:50:19,475 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 23:50:19,475 INFO L933 BasicCegarLoop]: 349 mSDtfsCounter, 33 mSDsluCounter, 943 mSDsCounter, 0 mSdLazyCounter, 489 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 33 SdHoareTripleChecker+Valid, 1292 SdHoareTripleChecker+Invalid, 493 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 489 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:19,475 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [33 Valid, 1292 Invalid, 493 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 489 Invalid, 0 Unknown, 0 Unchecked, 1.2s Time] [2022-02-20 23:50:19,476 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 424 states. [2022-02-20 23:50:19,480 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 424 to 413. [2022-02-20 23:50:19,481 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:19,481 INFO L82 GeneralOperation]: Start isEquivalent. First operand 424 states. Second operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:19,482 INFO L74 IsIncluded]: Start isIncluded. First operand 424 states. Second operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:19,483 INFO L87 Difference]: Start difference. First operand 424 states. Second operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:19,490 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:19,490 INFO L93 Difference]: Finished difference Result 424 states and 522 transitions. [2022-02-20 23:50:19,491 INFO L276 IsEmpty]: Start isEmpty. Operand 424 states and 522 transitions. [2022-02-20 23:50:19,491 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:19,491 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:19,492 INFO L74 IsIncluded]: Start isIncluded. First operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 424 states. [2022-02-20 23:50:19,493 INFO L87 Difference]: Start difference. First operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) Second operand 424 states. [2022-02-20 23:50:19,500 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:19,500 INFO L93 Difference]: Finished difference Result 424 states and 522 transitions. [2022-02-20 23:50:19,501 INFO L276 IsEmpty]: Start isEmpty. Operand 424 states and 522 transitions. [2022-02-20 23:50:19,501 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:19,501 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:19,501 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:19,502 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:19,502 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 413 states, 259 states have (on average 1.7915057915057915) internal successors, (464), 381 states have internal predecessors, (464), 21 states have call successors, (21), 11 states have call predecessors, (21), 13 states have return successors, (34), 22 states have call predecessors, (34), 21 states have call successors, (34) [2022-02-20 23:50:19,509 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 413 states to 413 states and 519 transitions. [2022-02-20 23:50:19,509 INFO L78 Accepts]: Start accepts. Automaton has 413 states and 519 transitions. Word has length 13 [2022-02-20 23:50:19,509 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:19,510 INFO L470 AbstractCegarLoop]: Abstraction has 413 states and 519 transitions. [2022-02-20 23:50:19,510 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 2.2) internal successors, (11), 5 states have internal predecessors, (11), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:50:19,510 INFO L276 IsEmpty]: Start isEmpty. Operand 413 states and 519 transitions. [2022-02-20 23:50:19,510 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:19,510 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:19,510 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:19,518 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Ended with exit code 0 [2022-02-20 23:50:19,716 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:19,716 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting ULTIMATE.startErr86ASSERT_VIOLATIONMEMORY_FREE === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:19,717 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:19,717 INFO L85 PathProgramCache]: Analyzing trace with hash 1895308392, now seen corresponding path program 1 times [2022-02-20 23:50:19,717 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:19,717 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [159063976] [2022-02-20 23:50:19,717 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:19,717 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:19,717 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:19,719 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:19,719 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Waiting until timeout for monitored process [2022-02-20 23:50:19,766 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:19,767 INFO L263 TraceCheckSpWp]: Trace formula consists of 48 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 23:50:19,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:19,773 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:19,833 INFO L290 TraceCheckUtils]: 0: Hoare triple {9672#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {9672#true} is VALID [2022-02-20 23:50:19,833 INFO L290 TraceCheckUtils]: 1: Hoare triple {9672#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {9672#true} is VALID [2022-02-20 23:50:19,833 INFO L272 TraceCheckUtils]: 2: Hoare triple {9672#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {9672#true} is VALID [2022-02-20 23:50:19,833 INFO L290 TraceCheckUtils]: 3: Hoare triple {9672#true} ~size := #in~size; {9672#true} is VALID [2022-02-20 23:50:19,834 INFO L290 TraceCheckUtils]: 4: Hoare triple {9672#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:19,834 INFO L290 TraceCheckUtils]: 5: Hoare triple {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:19,835 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {9689#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} {9672#true} #456#return; {9696#(and (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)) (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|))} is VALID [2022-02-20 23:50:19,835 INFO L290 TraceCheckUtils]: 7: Hoare triple {9696#(and (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32)) (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {9700#(and (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:19,836 INFO L290 TraceCheckUtils]: 8: Hoare triple {9700#(and (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {9673#false} is VALID [2022-02-20 23:50:19,836 INFO L272 TraceCheckUtils]: 9: Hoare triple {9673#false} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {9673#false} is VALID [2022-02-20 23:50:19,836 INFO L290 TraceCheckUtils]: 10: Hoare triple {9673#false} ~size := #in~size; {9673#false} is VALID [2022-02-20 23:50:19,836 INFO L290 TraceCheckUtils]: 11: Hoare triple {9673#false} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {9673#false} is VALID [2022-02-20 23:50:19,836 INFO L290 TraceCheckUtils]: 12: Hoare triple {9673#false} assume true; {9673#false} is VALID [2022-02-20 23:50:19,836 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {9673#false} {9673#false} #458#return; {9673#false} is VALID [2022-02-20 23:50:19,836 INFO L290 TraceCheckUtils]: 14: Hoare triple {9673#false} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {9673#false} is VALID [2022-02-20 23:50:19,837 INFO L290 TraceCheckUtils]: 15: Hoare triple {9673#false} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {9673#false} is VALID [2022-02-20 23:50:19,837 INFO L290 TraceCheckUtils]: 16: Hoare triple {9673#false} assume !(0bv32 == entry_point_~client~0#1.offset); {9673#false} is VALID [2022-02-20 23:50:19,837 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:19,837 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:19,837 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:19,837 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [159063976] [2022-02-20 23:50:19,837 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [159063976] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:19,838 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:19,838 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 23:50:19,838 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1782182615] [2022-02-20 23:50:19,838 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:19,838 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:19,838 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:19,839 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:19,850 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 17 edges. 17 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:19,850 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:19,850 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:19,850 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:19,850 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:19,851 INFO L87 Difference]: Start difference. First operand 413 states and 519 transitions. Second operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:21,736 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:21,736 INFO L93 Difference]: Finished difference Result 351 states and 397 transitions. [2022-02-20 23:50:21,736 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:21,736 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:21,736 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:21,736 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:21,738 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 365 transitions. [2022-02-20 23:50:21,739 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:21,740 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 365 transitions. [2022-02-20 23:50:21,740 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 365 transitions. [2022-02-20 23:50:22,037 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 365 edges. 365 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:22,041 INFO L225 Difference]: With dead ends: 351 [2022-02-20 23:50:22,041 INFO L226 Difference]: Without dead ends: 351 [2022-02-20 23:50:22,042 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:22,042 INFO L933 BasicCegarLoop]: 343 mSDtfsCounter, 10 mSDsluCounter, 1007 mSDsCounter, 0 mSdLazyCounter, 28 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 10 SdHoareTripleChecker+Valid, 1350 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 28 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:22,042 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [10 Valid, 1350 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 28 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 23:50:22,043 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 351 states. [2022-02-20 23:50:22,049 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 351 to 345. [2022-02-20 23:50:22,050 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:22,050 INFO L82 GeneralOperation]: Start isEquivalent. First operand 351 states. Second operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:22,051 INFO L74 IsIncluded]: Start isIncluded. First operand 351 states. Second operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:22,051 INFO L87 Difference]: Start difference. First operand 351 states. Second operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:22,056 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:22,056 INFO L93 Difference]: Finished difference Result 351 states and 397 transitions. [2022-02-20 23:50:22,057 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 397 transitions. [2022-02-20 23:50:22,058 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:22,058 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:22,059 INFO L74 IsIncluded]: Start isIncluded. First operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 351 states. [2022-02-20 23:50:22,060 INFO L87 Difference]: Start difference. First operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 351 states. [2022-02-20 23:50:22,066 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:22,066 INFO L93 Difference]: Finished difference Result 351 states and 397 transitions. [2022-02-20 23:50:22,066 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 397 transitions. [2022-02-20 23:50:22,067 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:22,067 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:22,067 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:22,067 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:22,068 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 345 states, 199 states have (on average 1.7688442211055277) internal successors, (352), 320 states have internal predecessors, (352), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:22,073 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 345 states to 345 states and 387 transitions. [2022-02-20 23:50:22,074 INFO L78 Accepts]: Start accepts. Automaton has 345 states and 387 transitions. Word has length 17 [2022-02-20 23:50:22,074 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:22,074 INFO L470 AbstractCegarLoop]: Abstraction has 345 states and 387 transitions. [2022-02-20 23:50:22,074 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:22,074 INFO L276 IsEmpty]: Start isEmpty. Operand 345 states and 387 transitions. [2022-02-20 23:50:22,074 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:22,074 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:22,075 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:22,081 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:22,281 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:22,282 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting ULTIMATE.startErr86ASSERT_VIOLATIONMEMORY_FREE === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:22,282 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:22,282 INFO L85 PathProgramCache]: Analyzing trace with hash -2106255897, now seen corresponding path program 1 times [2022-02-20 23:50:22,282 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:22,282 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [681835278] [2022-02-20 23:50:22,282 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:22,282 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:22,283 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:22,284 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:22,285 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-02-20 23:50:22,342 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:22,343 INFO L263 TraceCheckSpWp]: Trace formula consists of 54 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 23:50:22,349 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:22,350 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:22,396 INFO L290 TraceCheckUtils]: 0: Hoare triple {11125#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {11125#true} is VALID [2022-02-20 23:50:22,397 INFO L290 TraceCheckUtils]: 1: Hoare triple {11125#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {11125#true} is VALID [2022-02-20 23:50:22,397 INFO L272 TraceCheckUtils]: 2: Hoare triple {11125#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {11125#true} is VALID [2022-02-20 23:50:22,397 INFO L290 TraceCheckUtils]: 3: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:22,398 INFO L290 TraceCheckUtils]: 4: Hoare triple {11125#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,398 INFO L290 TraceCheckUtils]: 5: Hoare triple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} assume true; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,399 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} {11125#true} #456#return; {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} is VALID [2022-02-20 23:50:22,399 INFO L290 TraceCheckUtils]: 7: Hoare triple {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,400 INFO L290 TraceCheckUtils]: 8: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,400 INFO L272 TraceCheckUtils]: 9: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {11125#true} is VALID [2022-02-20 23:50:22,400 INFO L290 TraceCheckUtils]: 10: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:22,400 INFO L290 TraceCheckUtils]: 11: Hoare triple {11125#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {11125#true} is VALID [2022-02-20 23:50:22,400 INFO L290 TraceCheckUtils]: 12: Hoare triple {11125#true} assume true; {11125#true} is VALID [2022-02-20 23:50:22,401 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {11125#true} {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} #458#return; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,401 INFO L290 TraceCheckUtils]: 14: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,402 INFO L290 TraceCheckUtils]: 15: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,402 INFO L290 TraceCheckUtils]: 16: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(0bv32 == entry_point_~client~0#1.offset); {11126#false} is VALID [2022-02-20 23:50:22,402 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:50:22,402 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:22,473 INFO L290 TraceCheckUtils]: 16: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(0bv32 == entry_point_~client~0#1.offset); {11126#false} is VALID [2022-02-20 23:50:22,474 INFO L290 TraceCheckUtils]: 15: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,474 INFO L290 TraceCheckUtils]: 14: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,475 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {11125#true} {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} #458#return; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,475 INFO L290 TraceCheckUtils]: 12: Hoare triple {11125#true} assume true; {11125#true} is VALID [2022-02-20 23:50:22,475 INFO L290 TraceCheckUtils]: 11: Hoare triple {11125#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {11125#true} is VALID [2022-02-20 23:50:22,475 INFO L290 TraceCheckUtils]: 10: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:22,476 INFO L272 TraceCheckUtils]: 9: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {11125#true} is VALID [2022-02-20 23:50:22,476 INFO L290 TraceCheckUtils]: 8: Hoare triple {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,478 INFO L290 TraceCheckUtils]: 7: Hoare triple {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {11153#(= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,479 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} {11125#true} #456#return; {11149#(= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|)} is VALID [2022-02-20 23:50:22,479 INFO L290 TraceCheckUtils]: 5: Hoare triple {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} assume true; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,479 INFO L290 TraceCheckUtils]: 4: Hoare triple {11125#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {11142#(= |ldv_malloc_#res.offset| (_ bv0 32))} is VALID [2022-02-20 23:50:22,480 INFO L290 TraceCheckUtils]: 3: Hoare triple {11125#true} ~size := #in~size; {11125#true} is VALID [2022-02-20 23:50:22,480 INFO L272 TraceCheckUtils]: 2: Hoare triple {11125#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {11125#true} is VALID [2022-02-20 23:50:22,481 INFO L290 TraceCheckUtils]: 1: Hoare triple {11125#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {11125#true} is VALID [2022-02-20 23:50:22,481 INFO L290 TraceCheckUtils]: 0: Hoare triple {11125#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {11125#true} is VALID [2022-02-20 23:50:22,481 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:50:22,482 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:22,482 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [681835278] [2022-02-20 23:50:22,482 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [681835278] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 23:50:22,482 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 23:50:22,482 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [4, 4] total 4 [2022-02-20 23:50:22,482 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [502359612] [2022-02-20 23:50:22,482 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 23:50:22,483 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:22,483 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:22,483 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:22,493 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 16 edges. 16 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:22,493 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:22,495 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:22,496 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:22,496 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:22,496 INFO L87 Difference]: Start difference. First operand 345 states and 387 transitions. Second operand has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:24,291 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:24,292 INFO L93 Difference]: Finished difference Result 344 states and 386 transitions. [2022-02-20 23:50:24,292 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:24,293 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:24,293 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:24,293 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:24,296 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 345 transitions. [2022-02-20 23:50:24,297 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:24,298 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 345 transitions. [2022-02-20 23:50:24,299 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 345 transitions. [2022-02-20 23:50:24,590 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 345 edges. 345 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:24,594 INFO L225 Difference]: With dead ends: 344 [2022-02-20 23:50:24,594 INFO L226 Difference]: Without dead ends: 344 [2022-02-20 23:50:24,595 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 32 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:24,595 INFO L933 BasicCegarLoop]: 332 mSDtfsCounter, 256 mSDsluCounter, 728 mSDsCounter, 0 mSdLazyCounter, 38 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 269 SdHoareTripleChecker+Valid, 1060 SdHoareTripleChecker+Invalid, 39 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 38 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:24,595 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [269 Valid, 1060 Invalid, 39 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 38 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 23:50:24,596 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 344 states. [2022-02-20 23:50:24,603 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 344 to 344. [2022-02-20 23:50:24,603 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:24,604 INFO L82 GeneralOperation]: Start isEquivalent. First operand 344 states. Second operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:24,605 INFO L74 IsIncluded]: Start isIncluded. First operand 344 states. Second operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:24,606 INFO L87 Difference]: Start difference. First operand 344 states. Second operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:24,612 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:24,612 INFO L93 Difference]: Finished difference Result 344 states and 386 transitions. [2022-02-20 23:50:24,612 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 386 transitions. [2022-02-20 23:50:24,612 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:24,612 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:24,613 INFO L74 IsIncluded]: Start isIncluded. First operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 344 states. [2022-02-20 23:50:24,614 INFO L87 Difference]: Start difference. First operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) Second operand 344 states. [2022-02-20 23:50:24,619 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:24,619 INFO L93 Difference]: Finished difference Result 344 states and 386 transitions. [2022-02-20 23:50:24,619 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 386 transitions. [2022-02-20 23:50:24,620 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:24,620 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:24,621 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:24,621 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:24,621 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 344 states, 199 states have (on average 1.763819095477387) internal successors, (351), 319 states have internal predecessors, (351), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 17 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:24,627 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 344 states to 344 states and 386 transitions. [2022-02-20 23:50:24,627 INFO L78 Accepts]: Start accepts. Automaton has 344 states and 386 transitions. Word has length 17 [2022-02-20 23:50:24,628 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:24,629 INFO L470 AbstractCegarLoop]: Abstraction has 344 states and 386 transitions. [2022-02-20 23:50:24,629 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 4 states have (on average 3.0) internal successors, (12), 4 states have internal predecessors, (12), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:24,629 INFO L276 IsEmpty]: Start isEmpty. Operand 344 states and 386 transitions. [2022-02-20 23:50:24,629 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:24,629 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:24,629 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:24,639 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:24,839 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:24,840 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:24,840 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:24,840 INFO L85 PathProgramCache]: Analyzing trace with hash -2106256148, now seen corresponding path program 1 times [2022-02-20 23:50:24,840 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:24,840 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1831495761] [2022-02-20 23:50:24,840 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:24,840 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:24,840 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:24,842 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:24,844 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-02-20 23:50:24,903 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:24,904 INFO L263 TraceCheckSpWp]: Trace formula consists of 53 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 23:50:24,914 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:24,914 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:24,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {12604#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {12604#true} is VALID [2022-02-20 23:50:24,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {12604#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {12604#true} is VALID [2022-02-20 23:50:24,982 INFO L272 TraceCheckUtils]: 2: Hoare triple {12604#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {12604#true} is VALID [2022-02-20 23:50:24,983 INFO L290 TraceCheckUtils]: 3: Hoare triple {12604#true} ~size := #in~size; {12604#true} is VALID [2022-02-20 23:50:24,983 INFO L290 TraceCheckUtils]: 4: Hoare triple {12604#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {12604#true} is VALID [2022-02-20 23:50:24,983 INFO L290 TraceCheckUtils]: 5: Hoare triple {12604#true} assume true; {12604#true} is VALID [2022-02-20 23:50:24,983 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {12604#true} {12604#true} #456#return; {12604#true} is VALID [2022-02-20 23:50:24,983 INFO L290 TraceCheckUtils]: 7: Hoare triple {12604#true} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {12604#true} is VALID [2022-02-20 23:50:24,983 INFO L290 TraceCheckUtils]: 8: Hoare triple {12604#true} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {12604#true} is VALID [2022-02-20 23:50:24,984 INFO L272 TraceCheckUtils]: 9: Hoare triple {12604#true} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {12604#true} is VALID [2022-02-20 23:50:24,984 INFO L290 TraceCheckUtils]: 10: Hoare triple {12604#true} ~size := #in~size; {12604#true} is VALID [2022-02-20 23:50:24,984 INFO L290 TraceCheckUtils]: 11: Hoare triple {12604#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,984 INFO L290 TraceCheckUtils]: 12: Hoare triple {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} assume true; {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,985 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {12642#(and (= |ldv_malloc_#res.offset| (_ bv0 32)) (= |ldv_malloc_#res.base| (_ bv0 32)))} {12604#true} #458#return; {12649#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret66#1.offset|) (= |ULTIMATE.start_entry_point_#t~ret66#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,985 INFO L290 TraceCheckUtils]: 14: Hoare triple {12649#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret66#1.offset|) (= |ULTIMATE.start_entry_point_#t~ret66#1.base| (_ bv0 32)))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {12653#(and (= |ULTIMATE.start_entry_point_~cfg~2#1.offset| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~cfg~2#1.base| (_ bv0 32)))} is VALID [2022-02-20 23:50:24,986 INFO L290 TraceCheckUtils]: 15: Hoare triple {12653#(and (= |ULTIMATE.start_entry_point_~cfg~2#1.offset| (_ bv0 32)) (= |ULTIMATE.start_entry_point_~cfg~2#1.base| (_ bv0 32)))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {12605#false} is VALID [2022-02-20 23:50:24,986 INFO L290 TraceCheckUtils]: 16: Hoare triple {12605#false} assume !(1bv1 == #valid[entry_point_~client~0#1.base]); {12605#false} is VALID [2022-02-20 23:50:24,986 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:50:24,986 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:50:24,986 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:24,986 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1831495761] [2022-02-20 23:50:24,987 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1831495761] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:50:24,987 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:50:24,987 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 23:50:24,987 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [520976854] [2022-02-20 23:50:24,987 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:50:24,987 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 17 [2022-02-20 23:50:24,988 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:24,988 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:24,998 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 16 edges. 16 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:24,998 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 23:50:24,998 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:24,998 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 23:50:24,999 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:24,999 INFO L87 Difference]: Start difference. First operand 344 states and 386 transitions. Second operand has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:26,753 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:26,753 INFO L93 Difference]: Finished difference Result 388 states and 436 transitions. [2022-02-20 23:50:26,753 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 23:50:26,753 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 17 [2022-02-20 23:50:26,753 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:26,754 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:26,755 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 397 transitions. [2022-02-20 23:50:26,756 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:26,757 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 397 transitions. [2022-02-20 23:50:26,757 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 397 transitions. [2022-02-20 23:50:27,066 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 397 edges. 397 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:27,071 INFO L225 Difference]: With dead ends: 388 [2022-02-20 23:50:27,071 INFO L226 Difference]: Without dead ends: 388 [2022-02-20 23:50:27,071 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 23:50:27,072 INFO L933 BasicCegarLoop]: 352 mSDtfsCounter, 40 mSDsluCounter, 1031 mSDsCounter, 0 mSdLazyCounter, 21 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 1383 SdHoareTripleChecker+Invalid, 22 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 21 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:27,072 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 1383 Invalid, 22 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 21 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 23:50:27,072 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 388 states. [2022-02-20 23:50:27,077 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 388 to 346. [2022-02-20 23:50:27,077 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:27,078 INFO L82 GeneralOperation]: Start isEquivalent. First operand 388 states. Second operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:27,078 INFO L74 IsIncluded]: Start isIncluded. First operand 388 states. Second operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:27,079 INFO L87 Difference]: Start difference. First operand 388 states. Second operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:27,084 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:27,085 INFO L93 Difference]: Finished difference Result 388 states and 436 transitions. [2022-02-20 23:50:27,085 INFO L276 IsEmpty]: Start isEmpty. Operand 388 states and 436 transitions. [2022-02-20 23:50:27,085 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:27,085 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:27,086 INFO L74 IsIncluded]: Start isIncluded. First operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) Second operand 388 states. [2022-02-20 23:50:27,086 INFO L87 Difference]: Start difference. First operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) Second operand 388 states. [2022-02-20 23:50:27,092 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:27,092 INFO L93 Difference]: Finished difference Result 388 states and 436 transitions. [2022-02-20 23:50:27,092 INFO L276 IsEmpty]: Start isEmpty. Operand 388 states and 436 transitions. [2022-02-20 23:50:27,093 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:27,093 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:27,093 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:27,093 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:27,094 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 346 states, 201 states have (on average 1.756218905472637) internal successors, (353), 320 states have internal predecessors, (353), 16 states have call successors, (16), 9 states have call predecessors, (16), 10 states have return successors, (19), 18 states have call predecessors, (19), 16 states have call successors, (19) [2022-02-20 23:50:27,099 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 346 states to 346 states and 388 transitions. [2022-02-20 23:50:27,099 INFO L78 Accepts]: Start accepts. Automaton has 346 states and 388 transitions. Word has length 17 [2022-02-20 23:50:27,099 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:27,099 INFO L470 AbstractCegarLoop]: Abstraction has 346 states and 388 transitions. [2022-02-20 23:50:27,099 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.4) internal successors, (12), 4 states have internal predecessors, (12), 1 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 23:50:27,100 INFO L276 IsEmpty]: Start isEmpty. Operand 346 states and 388 transitions. [2022-02-20 23:50:27,100 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:27,100 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:27,100 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:27,108 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Ended with exit code 0 [2022-02-20 23:50:27,308 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:27,308 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:27,309 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:27,309 INFO L85 PathProgramCache]: Analyzing trace with hash -2134885299, now seen corresponding path program 1 times [2022-02-20 23:50:27,309 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:27,309 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [123954265] [2022-02-20 23:50:27,309 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:27,309 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:27,309 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:27,310 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:27,312 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-02-20 23:50:27,372 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:27,373 INFO L263 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 23:50:27,379 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:27,380 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:27,394 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:27,504 INFO L356 Elim1Store]: treesize reduction 15, result has 46.4 percent of original size [2022-02-20 23:50:27,504 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 24 [2022-02-20 23:50:27,528 INFO L290 TraceCheckUtils]: 0: Hoare triple {14169#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {14169#true} is VALID [2022-02-20 23:50:27,528 INFO L290 TraceCheckUtils]: 1: Hoare triple {14169#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {14169#true} is VALID [2022-02-20 23:50:27,528 INFO L272 TraceCheckUtils]: 2: Hoare triple {14169#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {14169#true} is VALID [2022-02-20 23:50:27,528 INFO L290 TraceCheckUtils]: 3: Hoare triple {14169#true} ~size := #in~size; {14169#true} is VALID [2022-02-20 23:50:27,529 INFO L290 TraceCheckUtils]: 4: Hoare triple {14169#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:27,530 INFO L290 TraceCheckUtils]: 5: Hoare triple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} assume true; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:27,530 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} {14169#true} #456#return; {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,531 INFO L290 TraceCheckUtils]: 7: Hoare triple {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,531 INFO L290 TraceCheckUtils]: 8: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,532 INFO L272 TraceCheckUtils]: 9: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {14204#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:50:27,532 INFO L290 TraceCheckUtils]: 10: Hoare triple {14204#(= |old(#valid)| |#valid|)} ~size := #in~size; {14204#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:50:27,533 INFO L290 TraceCheckUtils]: 11: Hoare triple {14204#(= |old(#valid)| |#valid|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:27,534 INFO L290 TraceCheckUtils]: 12: Hoare triple {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} assume true; {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:27,535 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {14211#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_12 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_12) |#valid|)) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} #458#return; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,535 INFO L290 TraceCheckUtils]: 14: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,536 INFO L290 TraceCheckUtils]: 15: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,536 INFO L290 TraceCheckUtils]: 16: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(1bv1 == #valid[entry_point_~client~0#1.base]); {14170#false} is VALID [2022-02-20 23:50:27,536 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:27,536 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:27,757 INFO L290 TraceCheckUtils]: 16: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(1bv1 == #valid[entry_point_~client~0#1.base]); {14170#false} is VALID [2022-02-20 23:50:27,757 INFO L290 TraceCheckUtils]: 15: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,758 INFO L290 TraceCheckUtils]: 14: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,759 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} #458#return; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,759 INFO L290 TraceCheckUtils]: 12: Hoare triple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} assume true; {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:27,761 INFO L290 TraceCheckUtils]: 11: Hoare triple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:27,761 INFO L290 TraceCheckUtils]: 10: Hoare triple {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} ~size := #in~size; {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:27,762 INFO L272 TraceCheckUtils]: 9: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {14239#(forall ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2| (_ BitVec 32))) (or (not (= (_ bv1 1) (select |old(#valid)| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))) (= (_ bv1 1) (select |#valid| |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_2|))))} is VALID [2022-02-20 23:50:27,762 INFO L290 TraceCheckUtils]: 8: Hoare triple {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,763 INFO L290 TraceCheckUtils]: 7: Hoare triple {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {14197#(= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,763 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} {14169#true} #456#return; {14193#(= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1))} is VALID [2022-02-20 23:50:27,764 INFO L290 TraceCheckUtils]: 5: Hoare triple {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} assume true; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:27,764 INFO L290 TraceCheckUtils]: 4: Hoare triple {14169#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {14186#(= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|))} is VALID [2022-02-20 23:50:27,765 INFO L290 TraceCheckUtils]: 3: Hoare triple {14169#true} ~size := #in~size; {14169#true} is VALID [2022-02-20 23:50:27,765 INFO L272 TraceCheckUtils]: 2: Hoare triple {14169#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {14169#true} is VALID [2022-02-20 23:50:27,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {14169#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {14169#true} is VALID [2022-02-20 23:50:27,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {14169#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {14169#true} is VALID [2022-02-20 23:50:27,765 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:27,765 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:27,765 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [123954265] [2022-02-20 23:50:27,766 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [123954265] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 23:50:27,766 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 23:50:27,766 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 5] total 7 [2022-02-20 23:50:27,766 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [403531093] [2022-02-20 23:50:27,767 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 23:50:27,767 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-02-20 23:50:27,767 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:27,767 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:27,786 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 22 edges. 22 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:27,786 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 23:50:27,786 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:27,786 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 23:50:27,786 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2022-02-20 23:50:27,787 INFO L87 Difference]: Start difference. First operand 346 states and 388 transitions. Second operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:31,820 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:31,820 INFO L93 Difference]: Finished difference Result 488 states and 560 transitions. [2022-02-20 23:50:31,820 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 23:50:31,820 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-02-20 23:50:31,821 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:31,821 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:31,823 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 524 transitions. [2022-02-20 23:50:31,823 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:31,826 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 524 transitions. [2022-02-20 23:50:31,826 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 524 transitions. [2022-02-20 23:50:32,300 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 524 edges. 524 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:32,308 INFO L225 Difference]: With dead ends: 488 [2022-02-20 23:50:32,308 INFO L226 Difference]: Without dead ends: 488 [2022-02-20 23:50:32,308 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 23 SyntacticMatches, 3 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=20, Invalid=52, Unknown=0, NotChecked=0, Total=72 [2022-02-20 23:50:32,308 INFO L933 BasicCegarLoop]: 273 mSDtfsCounter, 190 mSDsluCounter, 1070 mSDsCounter, 0 mSdLazyCounter, 748 mSolverCounterSat, 38 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 195 SdHoareTripleChecker+Valid, 1343 SdHoareTripleChecker+Invalid, 1231 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 38 IncrementalHoareTripleChecker+Valid, 748 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 445 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:32,309 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [195 Valid, 1343 Invalid, 1231 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [38 Valid, 748 Invalid, 0 Unknown, 445 Unchecked, 1.3s Time] [2022-02-20 23:50:32,309 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 488 states. [2022-02-20 23:50:32,316 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 488 to 362. [2022-02-20 23:50:32,316 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:32,317 INFO L82 GeneralOperation]: Start isEquivalent. First operand 488 states. Second operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:32,317 INFO L74 IsIncluded]: Start isIncluded. First operand 488 states. Second operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:32,317 INFO L87 Difference]: Start difference. First operand 488 states. Second operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:32,332 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:32,332 INFO L93 Difference]: Finished difference Result 488 states and 560 transitions. [2022-02-20 23:50:32,333 INFO L276 IsEmpty]: Start isEmpty. Operand 488 states and 560 transitions. [2022-02-20 23:50:32,333 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:32,333 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:32,334 INFO L74 IsIncluded]: Start isIncluded. First operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) Second operand 488 states. [2022-02-20 23:50:32,334 INFO L87 Difference]: Start difference. First operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) Second operand 488 states. [2022-02-20 23:50:32,343 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:32,344 INFO L93 Difference]: Finished difference Result 488 states and 560 transitions. [2022-02-20 23:50:32,344 INFO L276 IsEmpty]: Start isEmpty. Operand 488 states and 560 transitions. [2022-02-20 23:50:32,345 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:32,345 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:32,345 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:32,345 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:32,345 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 362 states, 215 states have (on average 1.7395348837209301) internal successors, (374), 333 states have internal predecessors, (374), 17 states have call successors, (17), 9 states have call predecessors, (17), 12 states have return successors, (28), 21 states have call predecessors, (28), 17 states have call successors, (28) [2022-02-20 23:50:32,350 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 362 states to 362 states and 419 transitions. [2022-02-20 23:50:32,351 INFO L78 Accepts]: Start accepts. Automaton has 362 states and 419 transitions. Word has length 17 [2022-02-20 23:50:32,351 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:32,351 INFO L470 AbstractCegarLoop]: Abstraction has 362 states and 419 transitions. [2022-02-20 23:50:32,351 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 23:50:32,351 INFO L276 IsEmpty]: Start isEmpty. Operand 362 states and 419 transitions. [2022-02-20 23:50:32,352 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-02-20 23:50:32,352 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:32,352 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:32,377 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:32,559 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:50:32,559 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:32,560 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:32,560 INFO L85 PathProgramCache]: Analyzing trace with hash -2134885298, now seen corresponding path program 1 times [2022-02-20 23:50:32,560 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:32,560 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [455863116] [2022-02-20 23:50:32,560 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:32,560 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:32,560 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:32,561 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:32,562 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Waiting until timeout for monitored process [2022-02-20 23:50:32,621 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:32,622 INFO L263 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 18 conjunts are in the unsatisfiable core [2022-02-20 23:50:32,630 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:32,630 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:32,651 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:32,656 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:34,820 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-02-20 23:50:34,820 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-02-20 23:50:34,830 INFO L356 Elim1Store]: treesize reduction 4, result has 50.0 percent of original size [2022-02-20 23:50:34,830 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 11 [2022-02-20 23:50:34,873 INFO L290 TraceCheckUtils]: 0: Hoare triple {16103#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {16103#true} is VALID [2022-02-20 23:50:34,873 INFO L290 TraceCheckUtils]: 1: Hoare triple {16103#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {16103#true} is VALID [2022-02-20 23:50:34,873 INFO L272 TraceCheckUtils]: 2: Hoare triple {16103#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {16103#true} is VALID [2022-02-20 23:50:34,874 INFO L290 TraceCheckUtils]: 3: Hoare triple {16103#true} ~size := #in~size; {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} is VALID [2022-02-20 23:50:34,875 INFO L290 TraceCheckUtils]: 4: Hoare triple {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:34,875 INFO L290 TraceCheckUtils]: 5: Hoare triple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} assume true; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:34,876 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} {16103#true} #456#return; {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} is VALID [2022-02-20 23:50:34,876 INFO L290 TraceCheckUtils]: 7: Hoare triple {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:34,877 INFO L290 TraceCheckUtils]: 8: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:34,877 INFO L272 TraceCheckUtils]: 9: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:34,878 INFO L290 TraceCheckUtils]: 10: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} ~size := #in~size; {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:34,879 INFO L290 TraceCheckUtils]: 11: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:34,880 INFO L290 TraceCheckUtils]: 12: Hoare triple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} assume true; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:34,881 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} #458#return; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:34,882 INFO L290 TraceCheckUtils]: 14: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:34,882 INFO L290 TraceCheckUtils]: 15: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:34,882 INFO L290 TraceCheckUtils]: 16: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !((~bvule32(~bvadd32(4bv32, entry_point_~client~0#1.offset), #length[entry_point_~client~0#1.base]) && ~bvule32(entry_point_~client~0#1.offset, ~bvadd32(4bv32, entry_point_~client~0#1.offset))) && ~bvule32(0bv32, entry_point_~client~0#1.offset)); {16104#false} is VALID [2022-02-20 23:50:34,883 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:34,883 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:35,140 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:35,141 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [455863116] [2022-02-20 23:50:35,141 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [455863116] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 23:50:35,141 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [693560558] [2022-02-20 23:50:35,141 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:35,141 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-02-20 23:50:35,141 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 [2022-02-20 23:50:35,142 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-02-20 23:50:35,143 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (12)] Waiting until timeout for monitored process [2022-02-20 23:50:35,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:35,258 INFO L263 TraceCheckSpWp]: Trace formula consists of 59 conjuncts, 18 conjunts are in the unsatisfiable core [2022-02-20 23:50:35,264 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:35,265 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:35,283 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:35,289 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-02-20 23:50:37,431 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-02-20 23:50:37,432 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-02-20 23:50:37,440 INFO L356 Elim1Store]: treesize reduction 4, result has 50.0 percent of original size [2022-02-20 23:50:37,440 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 11 treesize of output 11 [2022-02-20 23:50:37,461 INFO L290 TraceCheckUtils]: 0: Hoare triple {16103#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {16103#true} is VALID [2022-02-20 23:50:37,461 INFO L290 TraceCheckUtils]: 1: Hoare triple {16103#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {16103#true} is VALID [2022-02-20 23:50:37,461 INFO L272 TraceCheckUtils]: 2: Hoare triple {16103#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {16103#true} is VALID [2022-02-20 23:50:37,462 INFO L290 TraceCheckUtils]: 3: Hoare triple {16103#true} ~size := #in~size; {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} is VALID [2022-02-20 23:50:37,463 INFO L290 TraceCheckUtils]: 4: Hoare triple {16117#(= ldv_malloc_~size |ldv_malloc_#in~size|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:37,464 INFO L290 TraceCheckUtils]: 5: Hoare triple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} assume true; {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:37,465 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {16121#(and (= (_ bv1 1) (select |#valid| |ldv_malloc_#res.base|)) (= (select |#length| |ldv_malloc_#res.base|) |ldv_malloc_#in~size|) (= |ldv_malloc_#res.offset| (_ bv0 32)))} {16103#true} #456#return; {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} is VALID [2022-02-20 23:50:37,465 INFO L290 TraceCheckUtils]: 7: Hoare triple {16128#(and (= (_ bv0 32) |ULTIMATE.start_entry_point_#t~ret65#1.offset|) (= (_ bv20 32) (select |#length| |ULTIMATE.start_entry_point_#t~ret65#1.base|)) (= (select |#valid| |ULTIMATE.start_entry_point_#t~ret65#1.base|) (_ bv1 1)))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:37,466 INFO L290 TraceCheckUtils]: 8: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:37,466 INFO L272 TraceCheckUtils]: 9: Hoare triple {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:37,466 INFO L290 TraceCheckUtils]: 10: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} ~size := #in~size; {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} is VALID [2022-02-20 23:50:37,468 INFO L290 TraceCheckUtils]: 11: Hoare triple {16139#(and (= |old(#valid)| |#valid|) (= |#length| |old(#length)|))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:37,468 INFO L290 TraceCheckUtils]: 12: Hoare triple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} assume true; {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} is VALID [2022-02-20 23:50:37,470 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {16146#(exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_23 (_ BitVec 32))) (= |#length| (store |old(#length)| |ldv_malloc_#res.base| v_ArrVal_23))) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|))))} {16132#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= (select |#valid| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv1 1)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} #458#return; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:37,470 INFO L290 TraceCheckUtils]: 14: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:37,471 INFO L290 TraceCheckUtils]: 15: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !(entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32); {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} is VALID [2022-02-20 23:50:37,471 INFO L290 TraceCheckUtils]: 16: Hoare triple {16153#(and (= (select |#length| |ULTIMATE.start_entry_point_~client~0#1.base|) (_ bv20 32)) (= |ULTIMATE.start_entry_point_~client~0#1.offset| (_ bv0 32)))} assume !((~bvule32(~bvadd32(4bv32, entry_point_~client~0#1.offset), #length[entry_point_~client~0#1.base]) && ~bvule32(entry_point_~client~0#1.offset, ~bvadd32(4bv32, entry_point_~client~0#1.offset))) && ~bvule32(0bv32, entry_point_~client~0#1.offset)); {16104#false} is VALID [2022-02-20 23:50:37,471 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:37,471 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:41,678 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [693560558] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 23:50:41,679 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 23:50:41,679 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 8 [2022-02-20 23:50:41,679 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [573516641] [2022-02-20 23:50:41,679 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 23:50:41,679 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:41,679 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:41,679 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:41,694 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 17 edges. 17 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:41,694 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2022-02-20 23:50:41,694 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:41,694 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2022-02-20 23:50:41,694 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=23, Invalid=86, Unknown=1, NotChecked=0, Total=110 [2022-02-20 23:50:41,695 INFO L87 Difference]: Start difference. First operand 362 states and 419 transitions. Second operand has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:54,139 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:54,139 INFO L93 Difference]: Finished difference Result 635 states and 724 transitions. [2022-02-20 23:50:54,139 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 23:50:54,140 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-02-20 23:50:54,140 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:50:54,140 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:54,143 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 680 transitions. [2022-02-20 23:50:54,143 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:54,146 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 680 transitions. [2022-02-20 23:50:54,146 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 680 transitions. [2022-02-20 23:50:54,767 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 680 edges. 680 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:54,778 INFO L225 Difference]: With dead ends: 635 [2022-02-20 23:50:54,778 INFO L226 Difference]: Without dead ends: 635 [2022-02-20 23:50:54,778 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 29 SyntacticMatches, 2 SemanticMatches, 11 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 10.4s TimeCoverageRelationStatistics Valid=32, Invalid=122, Unknown=2, NotChecked=0, Total=156 [2022-02-20 23:50:54,779 INFO L933 BasicCegarLoop]: 325 mSDtfsCounter, 328 mSDsluCounter, 1453 mSDsCounter, 0 mSdLazyCounter, 1601 mSolverCounterSat, 42 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 336 SdHoareTripleChecker+Valid, 1778 SdHoareTripleChecker+Invalid, 1923 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 42 IncrementalHoareTripleChecker+Valid, 1601 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 280 IncrementalHoareTripleChecker+Unchecked, 3.7s IncrementalHoareTripleChecker+Time [2022-02-20 23:50:54,779 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [336 Valid, 1778 Invalid, 1923 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [42 Valid, 1601 Invalid, 0 Unknown, 280 Unchecked, 3.7s Time] [2022-02-20 23:50:54,780 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 635 states. [2022-02-20 23:50:54,784 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 635 to 365. [2022-02-20 23:50:54,784 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:50:54,785 INFO L82 GeneralOperation]: Start isEquivalent. First operand 635 states. Second operand has 365 states, 218 states have (on average 1.724770642201835) internal successors, (376), 335 states have internal predecessors, (376), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:50:54,785 INFO L74 IsIncluded]: Start isIncluded. First operand 635 states. Second operand has 365 states, 218 states have (on average 1.724770642201835) internal successors, (376), 335 states have internal predecessors, (376), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:50:54,786 INFO L87 Difference]: Start difference. First operand 635 states. Second operand has 365 states, 218 states have (on average 1.724770642201835) internal successors, (376), 335 states have internal predecessors, (376), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:50:54,798 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:54,798 INFO L93 Difference]: Finished difference Result 635 states and 724 transitions. [2022-02-20 23:50:54,798 INFO L276 IsEmpty]: Start isEmpty. Operand 635 states and 724 transitions. [2022-02-20 23:50:54,799 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:54,799 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:54,800 INFO L74 IsIncluded]: Start isIncluded. First operand has 365 states, 218 states have (on average 1.724770642201835) internal successors, (376), 335 states have internal predecessors, (376), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) Second operand 635 states. [2022-02-20 23:50:54,800 INFO L87 Difference]: Start difference. First operand has 365 states, 218 states have (on average 1.724770642201835) internal successors, (376), 335 states have internal predecessors, (376), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) Second operand 635 states. [2022-02-20 23:50:54,815 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:50:54,816 INFO L93 Difference]: Finished difference Result 635 states and 724 transitions. [2022-02-20 23:50:54,816 INFO L276 IsEmpty]: Start isEmpty. Operand 635 states and 724 transitions. [2022-02-20 23:50:54,817 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:50:54,817 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:50:54,817 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:50:54,817 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:50:54,818 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 365 states, 218 states have (on average 1.724770642201835) internal successors, (376), 335 states have internal predecessors, (376), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:50:54,823 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 365 states to 365 states and 424 transitions. [2022-02-20 23:50:54,823 INFO L78 Accepts]: Start accepts. Automaton has 365 states and 424 transitions. Word has length 17 [2022-02-20 23:50:54,823 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:50:54,823 INFO L470 AbstractCegarLoop]: Abstraction has 365 states and 424 transitions. [2022-02-20 23:50:54,824 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 8 states have (on average 1.625) internal successors, (13), 8 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 23:50:54,824 INFO L276 IsEmpty]: Start isEmpty. Operand 365 states and 424 transitions. [2022-02-20 23:50:54,824 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 19 [2022-02-20 23:50:54,824 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:50:54,824 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:50:54,831 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:55,034 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt (12)] Forceful destruction successful, exit code 0 [2022-02-20 23:50:55,230 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3,12 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/cvc4 --incremental --print-success --lang smt [2022-02-20 23:50:55,231 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting ULTIMATE.startErr87ASSERT_VIOLATIONMEMORY_FREE === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:50:55,231 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:50:55,231 INFO L85 PathProgramCache]: Analyzing trace with hash -869422937, now seen corresponding path program 1 times [2022-02-20 23:50:55,231 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:50:55,231 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1768795328] [2022-02-20 23:50:55,231 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:50:55,232 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:50:55,232 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:50:55,232 INFO L229 MonitoredProcess]: Starting monitored process 13 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:50:55,233 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Waiting until timeout for monitored process [2022-02-20 23:50:55,308 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:55,309 INFO L263 TraceCheckSpWp]: Trace formula consists of 55 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 23:50:55,313 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:50:55,314 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:50:55,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {18510#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,555 INFO L272 TraceCheckUtils]: 2: Hoare triple {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,555 INFO L290 TraceCheckUtils]: 3: Hoare triple {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} ~size := #in~size; {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,556 INFO L290 TraceCheckUtils]: 4: Hoare triple {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {18528#(and (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|) (not (= |ldv_malloc_#res.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,556 INFO L290 TraceCheckUtils]: 5: Hoare triple {18528#(and (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|) (not (= |ldv_malloc_#res.base| (_ bv0 32))))} assume true; {18528#(and (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|) (not (= |ldv_malloc_#res.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,557 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {18528#(and (bvult |ldv_malloc_#res.base| |#StackHeapBarrier|) (not (= |ldv_malloc_#res.base| (_ bv0 32))))} {18515#(bvult (_ bv0 32) |#StackHeapBarrier|)} #456#return; {18535#(and (bvult |ULTIMATE.start_entry_point_#t~ret65#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,557 INFO L290 TraceCheckUtils]: 7: Hoare triple {18535#(and (bvult |ULTIMATE.start_entry_point_#t~ret65#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv0 32))))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,558 INFO L290 TraceCheckUtils]: 8: Hoare triple {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,561 INFO L272 TraceCheckUtils]: 9: Hoare triple {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} is VALID [2022-02-20 23:50:55,561 INFO L290 TraceCheckUtils]: 10: Hoare triple {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} ~size := #in~size; {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} is VALID [2022-02-20 23:50:55,561 INFO L290 TraceCheckUtils]: 11: Hoare triple {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} is VALID [2022-02-20 23:50:55,562 INFO L290 TraceCheckUtils]: 12: Hoare triple {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} assume true; {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} is VALID [2022-02-20 23:50:55,562 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {18546#(exists ((|v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ BitVec 32))) (and (bvult |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| |#StackHeapBarrier|) (not (= |v_ULTIMATE.start_entry_point_~client~0#1.base_BEFORE_CALL_5| (_ bv0 32)))))} {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} #458#return; {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,563 INFO L290 TraceCheckUtils]: 14: Hoare triple {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,563 INFO L290 TraceCheckUtils]: 15: Hoare triple {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,564 INFO L290 TraceCheckUtils]: 16: Hoare triple {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} assume 0bv32 == entry_point_~client~0#1.offset; {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} is VALID [2022-02-20 23:50:55,564 INFO L290 TraceCheckUtils]: 17: Hoare triple {18539#(and (bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv0 32))))} assume !~bvult32(entry_point_~client~0#1.base, #StackHeapBarrier); {18511#false} is VALID [2022-02-20 23:50:55,564 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:50:55,564 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 23:50:55,679 INFO L290 TraceCheckUtils]: 17: Hoare triple {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} assume !~bvult32(entry_point_~client~0#1.base, #StackHeapBarrier); {18511#false} is VALID [2022-02-20 23:50:55,679 INFO L290 TraceCheckUtils]: 16: Hoare triple {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} assume 0bv32 == entry_point_~client~0#1.offset; {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,680 INFO L290 TraceCheckUtils]: 15: Hoare triple {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,680 INFO L290 TraceCheckUtils]: 14: Hoare triple {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,681 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {18510#true} {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} #458#return; {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,681 INFO L290 TraceCheckUtils]: 12: Hoare triple {18510#true} assume true; {18510#true} is VALID [2022-02-20 23:50:55,681 INFO L290 TraceCheckUtils]: 11: Hoare triple {18510#true} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {18510#true} is VALID [2022-02-20 23:50:55,681 INFO L290 TraceCheckUtils]: 10: Hoare triple {18510#true} ~size := #in~size; {18510#true} is VALID [2022-02-20 23:50:55,681 INFO L272 TraceCheckUtils]: 9: Hoare triple {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {18510#true} is VALID [2022-02-20 23:50:55,681 INFO L290 TraceCheckUtils]: 8: Hoare triple {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,682 INFO L290 TraceCheckUtils]: 7: Hoare triple {18602#(bvult |ULTIMATE.start_entry_point_#t~ret65#1.base| |#StackHeapBarrier|)} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {18571#(bvult |ULTIMATE.start_entry_point_~client~0#1.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,682 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {18609#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} {18510#true} #456#return; {18602#(bvult |ULTIMATE.start_entry_point_#t~ret65#1.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,683 INFO L290 TraceCheckUtils]: 5: Hoare triple {18609#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} assume true; {18609#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,683 INFO L290 TraceCheckUtils]: 4: Hoare triple {18510#true} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {18609#(bvult |ldv_malloc_#res.base| |#StackHeapBarrier|)} is VALID [2022-02-20 23:50:55,683 INFO L290 TraceCheckUtils]: 3: Hoare triple {18510#true} ~size := #in~size; {18510#true} is VALID [2022-02-20 23:50:55,683 INFO L272 TraceCheckUtils]: 2: Hoare triple {18510#true} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {18510#true} is VALID [2022-02-20 23:50:55,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {18510#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {18510#true} is VALID [2022-02-20 23:50:55,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {18510#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {18510#true} is VALID [2022-02-20 23:50:55,683 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:50:55,684 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:50:55,684 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1768795328] [2022-02-20 23:50:55,684 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1768795328] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 23:50:55,684 INFO L191 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-02-20 23:50:55,684 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 4] total 9 [2022-02-20 23:50:55,684 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1401356599] [2022-02-20 23:50:55,684 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-02-20 23:50:55,684 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 9 states have (on average 3.0) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (4), 3 states have call predecessors, (4), 4 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 18 [2022-02-20 23:50:55,684 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:50:55,684 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 9 states have (on average 3.0) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (4), 3 states have call predecessors, (4), 4 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 23:50:55,718 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:50:55,718 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 23:50:55,718 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:50:55,719 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 23:50:55,719 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=30, Invalid=60, Unknown=0, NotChecked=0, Total=90 [2022-02-20 23:50:55,719 INFO L87 Difference]: Start difference. First operand 365 states and 424 transitions. Second operand has 10 states, 9 states have (on average 3.0) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (4), 3 states have call predecessors, (4), 4 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 23:51:01,016 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:51:01,017 INFO L93 Difference]: Finished difference Result 368 states and 425 transitions. [2022-02-20 23:51:01,017 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 23:51:01,017 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 9 states have (on average 3.0) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (4), 3 states have call predecessors, (4), 4 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 18 [2022-02-20 23:51:01,017 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:51:01,017 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 9 states have (on average 3.0) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (4), 3 states have call predecessors, (4), 4 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 23:51:01,019 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 365 transitions. [2022-02-20 23:51:01,019 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 9 states have (on average 3.0) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (4), 3 states have call predecessors, (4), 4 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 23:51:01,021 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 365 transitions. [2022-02-20 23:51:01,021 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 365 transitions. [2022-02-20 23:51:01,395 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 365 edges. 365 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:51:01,400 INFO L225 Difference]: With dead ends: 368 [2022-02-20 23:51:01,400 INFO L226 Difference]: Without dead ends: 368 [2022-02-20 23:51:01,400 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 25 SyntacticMatches, 1 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 8 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=36, Invalid=74, Unknown=0, NotChecked=0, Total=110 [2022-02-20 23:51:01,400 INFO L933 BasicCegarLoop]: 306 mSDtfsCounter, 330 mSDsluCounter, 1310 mSDsCounter, 0 mSdLazyCounter, 390 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 344 SdHoareTripleChecker+Valid, 1616 SdHoareTripleChecker+Invalid, 432 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 390 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 26 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2022-02-20 23:51:01,401 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [344 Valid, 1616 Invalid, 432 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 390 Invalid, 0 Unknown, 26 Unchecked, 0.6s Time] [2022-02-20 23:51:01,401 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 368 states. [2022-02-20 23:51:01,405 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 368 to 364. [2022-02-20 23:51:01,405 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:51:01,406 INFO L82 GeneralOperation]: Start isEquivalent. First operand 368 states. Second operand has 364 states, 218 states have (on average 1.7155963302752293) internal successors, (374), 334 states have internal predecessors, (374), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:51:01,406 INFO L74 IsIncluded]: Start isIncluded. First operand 368 states. Second operand has 364 states, 218 states have (on average 1.7155963302752293) internal successors, (374), 334 states have internal predecessors, (374), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:51:01,407 INFO L87 Difference]: Start difference. First operand 368 states. Second operand has 364 states, 218 states have (on average 1.7155963302752293) internal successors, (374), 334 states have internal predecessors, (374), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:51:01,412 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:51:01,412 INFO L93 Difference]: Finished difference Result 368 states and 425 transitions. [2022-02-20 23:51:01,412 INFO L276 IsEmpty]: Start isEmpty. Operand 368 states and 425 transitions. [2022-02-20 23:51:01,413 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:51:01,413 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:51:01,413 INFO L74 IsIncluded]: Start isIncluded. First operand has 364 states, 218 states have (on average 1.7155963302752293) internal successors, (374), 334 states have internal predecessors, (374), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) Second operand 368 states. [2022-02-20 23:51:01,414 INFO L87 Difference]: Start difference. First operand has 364 states, 218 states have (on average 1.7155963302752293) internal successors, (374), 334 states have internal predecessors, (374), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) Second operand 368 states. [2022-02-20 23:51:01,419 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:51:01,419 INFO L93 Difference]: Finished difference Result 368 states and 425 transitions. [2022-02-20 23:51:01,419 INFO L276 IsEmpty]: Start isEmpty. Operand 368 states and 425 transitions. [2022-02-20 23:51:01,420 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:51:01,420 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:51:01,420 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:51:01,420 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:51:01,421 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 364 states, 218 states have (on average 1.7155963302752293) internal successors, (374), 334 states have internal predecessors, (374), 18 states have call successors, (18), 9 states have call predecessors, (18), 12 states have return successors, (30), 22 states have call predecessors, (30), 18 states have call successors, (30) [2022-02-20 23:51:01,430 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 364 states to 364 states and 422 transitions. [2022-02-20 23:51:01,431 INFO L78 Accepts]: Start accepts. Automaton has 364 states and 422 transitions. Word has length 18 [2022-02-20 23:51:01,431 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:51:01,431 INFO L470 AbstractCegarLoop]: Abstraction has 364 states and 422 transitions. [2022-02-20 23:51:01,431 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 9 states have (on average 3.0) internal successors, (27), 8 states have internal predecessors, (27), 4 states have call successors, (4), 3 states have call predecessors, (4), 4 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-02-20 23:51:01,431 INFO L276 IsEmpty]: Start isEmpty. Operand 364 states and 422 transitions. [2022-02-20 23:51:01,431 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 19 [2022-02-20 23:51:01,431 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:51:01,432 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:51:01,456 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Forceful destruction successful, exit code 0 [2022-02-20 23:51:01,636 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 13 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:51:01,637 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting ULTIMATE.startErr103ASSERT_VIOLATIONMEMORY_LEAK === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:51:01,637 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:51:01,637 INFO L85 PathProgramCache]: Analyzing trace with hash 1883109288, now seen corresponding path program 1 times [2022-02-20 23:51:01,637 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:51:01,637 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1056970295] [2022-02-20 23:51:01,637 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:51:01,638 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:51:01,638 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:51:01,639 INFO L229 MonitoredProcess]: Starting monitored process 14 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:51:01,640 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (14)] Waiting until timeout for monitored process [2022-02-20 23:51:01,698 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:51:01,699 INFO L263 TraceCheckSpWp]: Trace formula consists of 58 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 23:51:01,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:51:01,706 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:51:01,765 INFO L290 TraceCheckUtils]: 0: Hoare triple {20094#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {20094#true} is VALID [2022-02-20 23:51:01,765 INFO L290 TraceCheckUtils]: 1: Hoare triple {20094#true} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,765 INFO L272 TraceCheckUtils]: 2: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {20106#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:51:01,766 INFO L290 TraceCheckUtils]: 3: Hoare triple {20106#(= |old(#valid)| |#valid|)} ~size := #in~size; {20106#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:51:01,766 INFO L290 TraceCheckUtils]: 4: Hoare triple {20106#(= |old(#valid)| |#valid|)} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {20106#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:51:01,766 INFO L290 TraceCheckUtils]: 5: Hoare triple {20106#(= |old(#valid)| |#valid|)} assume true; {20106#(= |old(#valid)| |#valid|)} is VALID [2022-02-20 23:51:01,767 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {20106#(= |old(#valid)| |#valid|)} {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} #456#return; {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,768 INFO L290 TraceCheckUtils]: 7: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,768 INFO L290 TraceCheckUtils]: 8: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} assume entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32; {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,769 INFO L290 TraceCheckUtils]: 9: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,769 INFO L290 TraceCheckUtils]: 10: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} SUMMARY for call ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset := read~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32); srcloc: L607 {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,769 INFO L290 TraceCheckUtils]: 11: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset := ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset;ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset := ldv_destroy_msgs_~__mptr~0#1.base, ~bvsub32(ldv_destroy_msgs_~__mptr~0#1.offset, 4bv32); {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,770 INFO L290 TraceCheckUtils]: 12: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} SUMMARY for call ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset := read~$Pointer$(ldv_destroy_msgs_~msg~1#1.base, ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset), 4bv32); srcloc: L607-2 {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,770 INFO L290 TraceCheckUtils]: 13: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset := ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset;havoc ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset;ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset := ldv_destroy_msgs_~__mptr~1#1.base, ~bvsub32(ldv_destroy_msgs_~__mptr~1#1.offset, 4bv32); {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,770 INFO L290 TraceCheckUtils]: 14: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} assume !(ldv_destroy_msgs_~msg~1#1.base != ~#ldv_global_msg_list~0.base || ~bvadd32(4bv32, ldv_destroy_msgs_~msg~1#1.offset) != ~#ldv_global_msg_list~0.offset); {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,771 INFO L290 TraceCheckUtils]: 15: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} assume { :end_inline_ldv_destroy_msgs } true; {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,771 INFO L290 TraceCheckUtils]: 16: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} assume { :end_inline_entry_point } true; {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} is VALID [2022-02-20 23:51:01,772 INFO L290 TraceCheckUtils]: 17: Hoare triple {20102#(= |#valid| |ULTIMATE.start_main_old_#valid#1|)} assume !(#valid == main_old_#valid#1); {20095#false} is VALID [2022-02-20 23:51:01,772 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 23:51:01,772 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 23:51:01,772 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 23:51:01,772 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1056970295] [2022-02-20 23:51:01,772 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1056970295] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 23:51:01,772 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 23:51:01,772 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 23:51:01,772 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1041580957] [2022-02-20 23:51:01,772 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 23:51:01,773 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 5.333333333333333) internal successors, (16), 4 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 18 [2022-02-20 23:51:01,773 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 23:51:01,773 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 3 states have (on average 5.333333333333333) internal successors, (16), 4 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:51:01,787 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 18 edges. 18 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:51:01,787 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 23:51:01,787 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 23:51:01,787 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 23:51:01,787 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 23:51:01,788 INFO L87 Difference]: Start difference. First operand 364 states and 422 transitions. Second operand has 4 states, 3 states have (on average 5.333333333333333) internal successors, (16), 4 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:51:03,665 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:51:03,665 INFO L93 Difference]: Finished difference Result 367 states and 424 transitions. [2022-02-20 23:51:03,665 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 23:51:03,665 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 5.333333333333333) internal successors, (16), 4 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 18 [2022-02-20 23:51:03,666 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 23:51:03,666 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 5.333333333333333) internal successors, (16), 4 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:51:03,667 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 363 transitions. [2022-02-20 23:51:03,668 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 3 states have (on average 5.333333333333333) internal successors, (16), 4 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:51:03,669 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 363 transitions. [2022-02-20 23:51:03,669 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 363 transitions. [2022-02-20 23:51:03,957 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 363 edges. 363 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 23:51:03,961 INFO L225 Difference]: With dead ends: 367 [2022-02-20 23:51:03,961 INFO L226 Difference]: Without dead ends: 354 [2022-02-20 23:51:03,961 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 15 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 23:51:03,963 INFO L933 BasicCegarLoop]: 320 mSDtfsCounter, 41 mSDsluCounter, 359 mSDsCounter, 0 mSdLazyCounter, 285 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 679 SdHoareTripleChecker+Invalid, 299 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 285 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-02-20 23:51:03,963 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 679 Invalid, 299 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 285 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-02-20 23:51:03,976 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 354 states. [2022-02-20 23:51:03,980 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 354 to 354. [2022-02-20 23:51:03,980 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 23:51:03,980 INFO L82 GeneralOperation]: Start isEquivalent. First operand 354 states. Second operand has 354 states, 209 states have (on average 1.7416267942583732) internal successors, (364), 325 states have internal predecessors, (364), 18 states have call successors, (18), 9 states have call predecessors, (18), 11 states have return successors, (29), 21 states have call predecessors, (29), 18 states have call successors, (29) [2022-02-20 23:51:03,981 INFO L74 IsIncluded]: Start isIncluded. First operand 354 states. Second operand has 354 states, 209 states have (on average 1.7416267942583732) internal successors, (364), 325 states have internal predecessors, (364), 18 states have call successors, (18), 9 states have call predecessors, (18), 11 states have return successors, (29), 21 states have call predecessors, (29), 18 states have call successors, (29) [2022-02-20 23:51:03,981 INFO L87 Difference]: Start difference. First operand 354 states. Second operand has 354 states, 209 states have (on average 1.7416267942583732) internal successors, (364), 325 states have internal predecessors, (364), 18 states have call successors, (18), 9 states have call predecessors, (18), 11 states have return successors, (29), 21 states have call predecessors, (29), 18 states have call successors, (29) [2022-02-20 23:51:03,986 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:51:03,986 INFO L93 Difference]: Finished difference Result 354 states and 411 transitions. [2022-02-20 23:51:03,986 INFO L276 IsEmpty]: Start isEmpty. Operand 354 states and 411 transitions. [2022-02-20 23:51:03,987 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:51:03,987 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:51:03,987 INFO L74 IsIncluded]: Start isIncluded. First operand has 354 states, 209 states have (on average 1.7416267942583732) internal successors, (364), 325 states have internal predecessors, (364), 18 states have call successors, (18), 9 states have call predecessors, (18), 11 states have return successors, (29), 21 states have call predecessors, (29), 18 states have call successors, (29) Second operand 354 states. [2022-02-20 23:51:03,988 INFO L87 Difference]: Start difference. First operand has 354 states, 209 states have (on average 1.7416267942583732) internal successors, (364), 325 states have internal predecessors, (364), 18 states have call successors, (18), 9 states have call predecessors, (18), 11 states have return successors, (29), 21 states have call predecessors, (29), 18 states have call successors, (29) Second operand 354 states. [2022-02-20 23:51:03,994 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 23:51:03,994 INFO L93 Difference]: Finished difference Result 354 states and 411 transitions. [2022-02-20 23:51:03,994 INFO L276 IsEmpty]: Start isEmpty. Operand 354 states and 411 transitions. [2022-02-20 23:51:03,994 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 23:51:03,995 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 23:51:03,995 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 23:51:03,995 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 23:51:03,998 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 354 states, 209 states have (on average 1.7416267942583732) internal successors, (364), 325 states have internal predecessors, (364), 18 states have call successors, (18), 9 states have call predecessors, (18), 11 states have return successors, (29), 21 states have call predecessors, (29), 18 states have call successors, (29) [2022-02-20 23:51:04,003 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 354 states to 354 states and 411 transitions. [2022-02-20 23:51:04,003 INFO L78 Accepts]: Start accepts. Automaton has 354 states and 411 transitions. Word has length 18 [2022-02-20 23:51:04,003 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 23:51:04,003 INFO L470 AbstractCegarLoop]: Abstraction has 354 states and 411 transitions. [2022-02-20 23:51:04,003 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 5.333333333333333) internal successors, (16), 4 states have internal predecessors, (16), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 23:51:04,003 INFO L276 IsEmpty]: Start isEmpty. Operand 354 states and 411 transitions. [2022-02-20 23:51:04,004 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-02-20 23:51:04,004 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 23:51:04,004 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 23:51:04,011 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (14)] Forceful destruction successful, exit code 0 [2022-02-20 23:51:04,210 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 23:51:04,211 INFO L402 AbstractCegarLoop]: === Iteration 13 === Targeting ULTIMATE.startErr89REQUIRES_VIOLATION === [ldv_msg_freeErr0REQUIRES_VIOLATION, ldv_msg_freeErr1REQUIRES_VIOLATION, ldv_msg_freeErr2ASSERT_VIOLATIONMEMORY_FREE, ldv_msg_freeErr3ASSERT_VIOLATIONMEMORY_FREE (and 120 more)] === [2022-02-20 23:51:04,211 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 23:51:04,211 INFO L85 PathProgramCache]: Analyzing trace with hash 1969475052, now seen corresponding path program 1 times [2022-02-20 23:51:04,211 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 23:51:04,211 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1061363467] [2022-02-20 23:51:04,211 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 23:51:04,211 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 23:51:04,212 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 23:51:04,212 INFO L229 MonitoredProcess]: Starting monitored process 15 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 23:51:04,213 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (15)] Waiting until timeout for monitored process [2022-02-20 23:51:04,269 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:51:04,270 INFO L263 TraceCheckSpWp]: Trace formula consists of 60 conjuncts, 12 conjunts are in the unsatisfiable core [2022-02-20 23:51:04,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 23:51:04,284 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 23:51:04,391 INFO L356 Elim1Store]: treesize reduction 15, result has 46.4 percent of original size [2022-02-20 23:51:04,391 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 24 [2022-02-20 23:51:04,545 INFO L390 Elim1Store]: Elim1 did not use preprocessing eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 14 treesize of output 16 [2022-02-20 23:51:04,561 INFO L290 TraceCheckUtils]: 0: Hoare triple {21580#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);currentRoundingMode := ~roundNearestTiesToEven;~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset := 1bv32, 0bv32;call #Ultimate.allocInit(8bv32, 1bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, 4bv32);call write~init~$Pointer$(~#ldv_global_msg_list~0.base, ~#ldv_global_msg_list~0.offset, ~#ldv_global_msg_list~0.base, ~bvadd32(4bv32, ~#ldv_global_msg_list~0.offset), 4bv32); {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,561 INFO L290 TraceCheckUtils]: 1: Hoare triple {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :end_inline_ULTIMATE.init } true;main_old_#valid#1 := #valid;assume { :begin_inline_main } true;assume { :begin_inline_entry_point } true;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset, entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset, entry_point_#t~ret67#1.base, entry_point_#t~ret67#1.offset, entry_point_#t~ret68#1.base, entry_point_#t~ret68#1.offset, entry_point_#t~ret69#1.base, entry_point_#t~ret69#1.offset, entry_point_#t~ret70#1, entry_point_~client~0#1.base, entry_point_~client~0#1.offset, entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset, entry_point_~fe~2#1.base, entry_point_~fe~2#1.offset, entry_point_~addr~0#1.base, entry_point_~addr~0#1.offset, entry_point_~adapter~0#1.base, entry_point_~adapter~0#1.offset; {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,562 INFO L272 TraceCheckUtils]: 2: Hoare triple {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} call entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset := ldv_malloc(20bv32); {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:51:04,562 INFO L290 TraceCheckUtils]: 3: Hoare triple {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} ~size := #in~size; {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:51:04,564 INFO L290 TraceCheckUtils]: 4: Hoare triple {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume 0bv32 != #t~nondet11;havoc #t~nondet11;call #t~malloc12.base, #t~malloc12.offset := #Ultimate.allocOnHeap(~size);#res.base, #res.offset := #t~malloc12.base, #t~malloc12.offset;havoc #t~malloc12.base, #t~malloc12.offset; {21599#(and (exists ((v_ArrVal_42 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_42) |#valid|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|)))} is VALID [2022-02-20 23:51:04,564 INFO L290 TraceCheckUtils]: 5: Hoare triple {21599#(and (exists ((v_ArrVal_42 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_42) |#valid|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|)))} assume true; {21599#(and (exists ((v_ArrVal_42 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_42) |#valid|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|)))} is VALID [2022-02-20 23:51:04,566 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {21599#(and (exists ((v_ArrVal_42 (_ BitVec 1))) (= (store |old(#valid)| |ldv_malloc_#res.base| v_ArrVal_42) |#valid|)) (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (select |old(#valid)| |ldv_malloc_#res.base|)))} {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} #456#return; {21606#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,566 INFO L290 TraceCheckUtils]: 7: Hoare triple {21606#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_#t~ret65#1.base| (_ bv1 32))))} entry_point_~client~0#1.base, entry_point_~client~0#1.offset := entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset;havoc entry_point_#t~ret65#1.base, entry_point_#t~ret65#1.offset; {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,567 INFO L290 TraceCheckUtils]: 8: Hoare triple {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} assume !(entry_point_~client~0#1.base == 0bv32 && entry_point_~client~0#1.offset == 0bv32); {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,567 INFO L272 TraceCheckUtils]: 9: Hoare triple {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} call entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset := ldv_malloc(4bv32); {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:51:04,568 INFO L290 TraceCheckUtils]: 10: Hoare triple {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} ~size := #in~size; {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:51:04,568 INFO L290 TraceCheckUtils]: 11: Hoare triple {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume !(0bv32 != #t~nondet11);havoc #t~nondet11;#res.base, #res.offset := 0bv32, 0bv32; {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:51:04,568 INFO L290 TraceCheckUtils]: 12: Hoare triple {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} assume true; {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} is VALID [2022-02-20 23:51:04,569 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {21592#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= |old(#valid)| |#valid|))} {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} #458#return; {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,570 INFO L290 TraceCheckUtils]: 14: Hoare triple {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} entry_point_~cfg~2#1.base, entry_point_~cfg~2#1.offset := entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset;havoc entry_point_#t~ret66#1.base, entry_point_#t~ret66#1.offset; {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,570 INFO L290 TraceCheckUtils]: 15: Hoare triple {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} assume entry_point_~cfg~2#1.base == 0bv32 && entry_point_~cfg~2#1.offset == 0bv32; {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,571 INFO L290 TraceCheckUtils]: 16: Hoare triple {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} assume 0bv32 == entry_point_~client~0#1.offset; {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,571 INFO L290 TraceCheckUtils]: 17: Hoare triple {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} assume ~bvult32(entry_point_~client~0#1.base, #StackHeapBarrier); {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,572 INFO L290 TraceCheckUtils]: 18: Hoare triple {21610#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv0 1) (bvadd (_ bv1 1) (select |#valid| (_ bv1 32)))) (not (= |ULTIMATE.start_entry_point_~client~0#1.base| (_ bv1 32))))} assume 0bv32 == entry_point_~client~0#1.base || 1bv1 == #valid[entry_point_~client~0#1.base];call ULTIMATE.dealloc(entry_point_~client~0#1.base, entry_point_~client~0#1.offset); {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,572 INFO L290 TraceCheckUtils]: 19: Hoare triple {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume { :begin_inline_ldv_destroy_msgs } true;havoc ldv_destroy_msgs_#t~mem23#1.base, ldv_destroy_msgs_#t~mem23#1.offset, ldv_destroy_msgs_~__mptr~0#1.base, ldv_destroy_msgs_~__mptr~0#1.offset, ldv_destroy_msgs_#t~mem24#1.base, ldv_destroy_msgs_#t~mem24#1.offset, ldv_destroy_msgs_~__mptr~1#1.base, ldv_destroy_msgs_~__mptr~1#1.offset, ldv_destroy_msgs_#t~mem25#1.base, ldv_destroy_msgs_#t~mem25#1.offset, ldv_destroy_msgs_~__mptr~2#1.base, ldv_destroy_msgs_~__mptr~2#1.offset, ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset, ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset;havoc ldv_destroy_msgs_~msg~1#1.base, ldv_destroy_msgs_~msg~1#1.offset;havoc ldv_destroy_msgs_~n~0#1.base, ldv_destroy_msgs_~n~0#1.offset; {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} is VALID [2022-02-20 23:51:04,572 INFO L290 TraceCheckUtils]: 20: Hoare triple {21585#(and (= (_ bv1 32) |~#ldv_global_msg_list~0.base|) (= (_ bv1 1) (select |#valid| (_ bv1 32))))} assume !(1bv1 == #valid[~#ldv_global_msg_list~0.base]); {21581#false} is VALID [2022-02-20 23:51:04,573 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 0 proven. 2 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 23:51:04,573 INFO L328 TraceCheckSpWp]: Computing backward predicates...