./Ultimate.py --spec ../../sv-benchmarks/c/properties/valid-memsafety.prp --file ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version e04fb08f Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/config/AutomizerMemDerefMemtrack.xml -i ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-e04fb08 [2022-11-16 12:43:37,675 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-16 12:43:37,678 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-16 12:43:37,716 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-16 12:43:37,720 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-16 12:43:37,722 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-16 12:43:37,726 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-16 12:43:37,728 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-16 12:43:37,732 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-16 12:43:37,733 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-16 12:43:37,735 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-16 12:43:37,737 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-16 12:43:37,739 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-16 12:43:37,742 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-16 12:43:37,744 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-16 12:43:37,746 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-16 12:43:37,748 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-16 12:43:37,753 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-16 12:43:37,755 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-16 12:43:37,757 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-16 12:43:37,760 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-16 12:43:37,761 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-16 12:43:37,764 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-16 12:43:37,765 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-16 12:43:37,773 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-16 12:43:37,777 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-16 12:43:37,778 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-16 12:43:37,779 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-16 12:43:37,780 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-16 12:43:37,782 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-16 12:43:37,782 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-16 12:43:37,783 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-16 12:43:37,785 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-16 12:43:37,786 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-16 12:43:37,789 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-16 12:43:37,789 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-16 12:43:37,790 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-16 12:43:37,791 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-16 12:43:37,791 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-16 12:43:37,792 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-16 12:43:37,792 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-16 12:43:37,793 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2022-11-16 12:43:37,829 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-16 12:43:37,830 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-16 12:43:37,830 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-16 12:43:37,831 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-16 12:43:37,832 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-16 12:43:37,832 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-16 12:43:37,833 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-16 12:43:37,833 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-16 12:43:37,833 INFO L138 SettingsManager]: * Use SBE=true [2022-11-16 12:43:37,833 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-16 12:43:37,834 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-16 12:43:37,835 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-11-16 12:43:37,835 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-16 12:43:37,835 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-16 12:43:37,835 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-16 12:43:37,835 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-11-16 12:43:37,836 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-11-16 12:43:37,836 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-11-16 12:43:37,836 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-16 12:43:37,836 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-11-16 12:43:37,836 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-16 12:43:37,837 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-16 12:43:37,837 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-16 12:43:37,837 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-16 12:43:37,837 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-16 12:43:37,838 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 12:43:37,838 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-16 12:43:37,839 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-16 12:43:37,840 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-16 12:43:37,840 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-16 12:43:37,840 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2022-11-16 12:43:38,096 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-16 12:43:38,124 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-16 12:43:38,127 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-16 12:43:38,129 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-16 12:43:38,130 INFO L275 PluginConnector]: CDTParser initialized [2022-11-16 12:43:38,132 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-16 12:43:38,213 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/75a1a3f7e/62786b41f4a746ad9109ee2dea80c965/FLAGd8e2b1071 [2022-11-16 12:43:38,738 INFO L306 CDTParser]: Found 1 translation units. [2022-11-16 12:43:38,739 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-16 12:43:38,752 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/75a1a3f7e/62786b41f4a746ad9109ee2dea80c965/FLAGd8e2b1071 [2022-11-16 12:43:39,047 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/75a1a3f7e/62786b41f4a746ad9109ee2dea80c965 [2022-11-16 12:43:39,050 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-16 12:43:39,051 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-16 12:43:39,056 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-16 12:43:39,056 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-16 12:43:39,059 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-16 12:43:39,060 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 12:43:39" (1/1) ... [2022-11-16 12:43:39,061 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5be08908 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:39, skipping insertion in model container [2022-11-16 12:43:39,061 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 12:43:39" (1/1) ... [2022-11-16 12:43:39,069 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-16 12:43:39,137 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-16 12:43:39,620 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 12:43:39,644 ERROR L326 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2022-11-16 12:43:39,645 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@37fa5bbc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:39, skipping insertion in model container [2022-11-16 12:43:39,646 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-16 12:43:39,646 INFO L184 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.procedureinliner [2022-11-16 12:43:39,649 INFO L158 Benchmark]: Toolchain (without parser) took 596.40ms. Allocated memory is still 130.0MB. Free memory was 93.9MB in the beginning and 99.9MB in the end (delta: -6.0MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-11-16 12:43:39,651 INFO L158 Benchmark]: CDTParser took 0.36ms. Allocated memory is still 79.7MB. Free memory was 33.5MB in the beginning and 33.4MB in the end (delta: 83.9kB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 12:43:39,652 INFO L158 Benchmark]: CACSL2BoogieTranslator took 590.78ms. Allocated memory is still 130.0MB. Free memory was 93.9MB in the beginning and 99.9MB in the end (delta: -6.0MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-11-16 12:43:39,654 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.36ms. Allocated memory is still 79.7MB. Free memory was 33.5MB in the beginning and 33.4MB in the end (delta: 83.9kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 590.78ms. Allocated memory is still 130.0MB. Free memory was 93.9MB in the beginning and 99.9MB in the end (delta: -6.0MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 576]: Unsupported Syntax Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/config/AutomizerMemDerefMemtrack.xml -i ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8 --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-e04fb08 [2022-11-16 12:43:41,790 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-16 12:43:41,793 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-16 12:43:41,831 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-16 12:43:41,831 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-16 12:43:41,836 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-16 12:43:41,839 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-16 12:43:41,846 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-16 12:43:41,849 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-16 12:43:41,855 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-16 12:43:41,856 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-16 12:43:41,857 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-16 12:43:41,857 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-16 12:43:41,858 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-16 12:43:41,860 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-16 12:43:41,861 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-16 12:43:41,862 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-16 12:43:41,862 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-16 12:43:41,870 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-16 12:43:41,879 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-16 12:43:41,881 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-16 12:43:41,883 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-16 12:43:41,886 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-16 12:43:41,888 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-16 12:43:41,897 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-16 12:43:41,897 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-16 12:43:41,897 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-16 12:43:41,899 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-16 12:43:41,900 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-16 12:43:41,901 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-16 12:43:41,901 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-16 12:43:41,902 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-16 12:43:41,904 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-16 12:43:41,905 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-16 12:43:41,906 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-16 12:43:41,906 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-16 12:43:41,907 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-16 12:43:41,907 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-16 12:43:41,907 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-16 12:43:41,909 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-16 12:43:41,910 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-16 12:43:41,911 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2022-11-16 12:43:41,950 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-16 12:43:41,951 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-16 12:43:41,952 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-16 12:43:41,952 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-16 12:43:41,953 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-16 12:43:41,954 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-16 12:43:41,955 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-16 12:43:41,955 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-16 12:43:41,955 INFO L138 SettingsManager]: * Use SBE=true [2022-11-16 12:43:41,956 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-16 12:43:41,957 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-16 12:43:41,957 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-11-16 12:43:41,957 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-16 12:43:41,957 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-16 12:43:41,958 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-16 12:43:41,958 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-11-16 12:43:41,958 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-11-16 12:43:41,958 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-11-16 12:43:41,959 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-16 12:43:41,959 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-11-16 12:43:41,959 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-11-16 12:43:41,959 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-11-16 12:43:41,959 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-16 12:43:41,960 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-16 12:43:41,960 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-16 12:43:41,960 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-16 12:43:41,961 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-16 12:43:41,961 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 12:43:41,961 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-16 12:43:41,961 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-16 12:43:41,962 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-11-16 12:43:41,962 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-11-16 12:43:41,962 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-11-16 12:43:41,962 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8 Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2022-11-16 12:43:42,373 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-16 12:43:42,400 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-16 12:43:42,403 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-16 12:43:42,404 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-16 12:43:42,407 INFO L275 PluginConnector]: CDTParser initialized [2022-11-16 12:43:42,409 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-16 12:43:42,492 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/e934efda7/bc87bac24ed447c9a49448ef1ad0d147/FLAG36f39f2dc [2022-11-16 12:43:43,134 INFO L306 CDTParser]: Found 1 translation units. [2022-11-16 12:43:43,138 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-16 12:43:43,161 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/e934efda7/bc87bac24ed447c9a49448ef1ad0d147/FLAG36f39f2dc [2022-11-16 12:43:43,371 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/data/e934efda7/bc87bac24ed447c9a49448ef1ad0d147 [2022-11-16 12:43:43,374 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-16 12:43:43,376 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-16 12:43:43,379 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-16 12:43:43,379 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-16 12:43:43,383 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-16 12:43:43,384 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 12:43:43" (1/1) ... [2022-11-16 12:43:43,385 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@56484c1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:43, skipping insertion in model container [2022-11-16 12:43:43,386 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 16.11 12:43:43" (1/1) ... [2022-11-16 12:43:43,393 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-16 12:43:43,458 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-16 12:43:43,969 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 12:43:43,986 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-11-16 12:43:43,995 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-16 12:43:44,034 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 12:43:44,041 INFO L203 MainTranslator]: Completed pre-run [2022-11-16 12:43:44,091 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-16 12:43:44,131 INFO L208 MainTranslator]: Completed translation [2022-11-16 12:43:44,132 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44 WrapperNode [2022-11-16 12:43:44,132 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-16 12:43:44,133 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-16 12:43:44,133 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-16 12:43:44,133 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-16 12:43:44,140 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,161 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,179 INFO L138 Inliner]: procedures = 165, calls = 70, calls flagged for inlining = 21, calls inlined = 3, statements flattened = 31 [2022-11-16 12:43:44,189 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-16 12:43:44,190 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-16 12:43:44,190 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-16 12:43:44,190 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-16 12:43:44,199 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,200 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,203 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,203 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,210 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,213 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,215 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,228 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,230 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-16 12:43:44,231 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-16 12:43:44,231 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-16 12:43:44,232 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-16 12:43:44,232 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (1/1) ... [2022-11-16 12:43:44,244 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-16 12:43:44,254 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/z3 [2022-11-16 12:43:44,264 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-16 12:43:44,266 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-16 12:43:44,303 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2022-11-16 12:43:44,304 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2022-11-16 12:43:44,304 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2022-11-16 12:43:44,304 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-16 12:43:44,304 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2022-11-16 12:43:44,304 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2022-11-16 12:43:44,305 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-16 12:43:44,305 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-16 12:43:44,503 INFO L235 CfgBuilder]: Building ICFG [2022-11-16 12:43:44,505 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-16 12:43:44,668 INFO L276 CfgBuilder]: Performing block encoding [2022-11-16 12:43:44,674 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-16 12:43:44,674 INFO L300 CfgBuilder]: Removed 1 assume(true) statements. [2022-11-16 12:43:44,676 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 12:43:44 BoogieIcfgContainer [2022-11-16 12:43:44,677 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-16 12:43:44,679 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-16 12:43:44,679 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-16 12:43:44,682 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-16 12:43:44,682 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 16.11 12:43:43" (1/3) ... [2022-11-16 12:43:44,683 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3fdfb861 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 12:43:44, skipping insertion in model container [2022-11-16 12:43:44,683 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 16.11 12:43:44" (2/3) ... [2022-11-16 12:43:44,683 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3fdfb861 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 16.11 12:43:44, skipping insertion in model container [2022-11-16 12:43:44,684 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 12:43:44" (3/3) ... [2022-11-16 12:43:44,685 INFO L112 eAbstractionObserver]: Analyzing ICFG memleaks_test18_3.i [2022-11-16 12:43:44,703 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-16 12:43:44,703 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 3 error locations. [2022-11-16 12:43:44,750 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-16 12:43:44,757 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=false, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=All, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@4b715e4, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-16 12:43:44,758 INFO L358 AbstractCegarLoop]: Starting to check reachability of 3 error locations. [2022-11-16 12:43:44,762 INFO L276 IsEmpty]: Start isEmpty. Operand has 21 states, 14 states have (on average 1.5) internal successors, (21), 17 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 12:43:44,770 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-11-16 12:43:44,770 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:44,771 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:44,772 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:44,779 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:44,779 INFO L85 PathProgramCache]: Analyzing trace with hash -74700687, now seen corresponding path program 1 times [2022-11-16 12:43:44,792 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:44,793 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1136686969] [2022-11-16 12:43:44,793 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:44,794 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:44,794 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:44,803 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:44,819 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-11-16 12:43:44,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:44,946 INFO L263 TraceCheckSpWp]: Trace formula consists of 42 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-16 12:43:44,951 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:45,056 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 12:43:45,056 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-16 12:43:45,057 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:45,057 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1136686969] [2022-11-16 12:43:45,058 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1136686969] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:43:45,058 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:43:45,058 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-16 12:43:45,060 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [900901133] [2022-11-16 12:43:45,060 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:43:45,064 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-16 12:43:45,065 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:45,109 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-16 12:43:45,110 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 12:43:45,112 INFO L87 Difference]: Start difference. First operand has 21 states, 14 states have (on average 1.5) internal successors, (21), 17 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Second operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-16 12:43:45,228 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:45,228 INFO L93 Difference]: Finished difference Result 37 states and 43 transitions. [2022-11-16 12:43:45,230 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-16 12:43:45,232 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-11-16 12:43:45,232 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:45,239 INFO L225 Difference]: With dead ends: 37 [2022-11-16 12:43:45,240 INFO L226 Difference]: Without dead ends: 33 [2022-11-16 12:43:45,241 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 12:43:45,245 INFO L413 NwaCegarLoop]: 24 mSDtfsCounter, 12 mSDsluCounter, 59 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 14 SdHoareTripleChecker+Valid, 83 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:45,246 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [14 Valid, 83 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 12:43:45,262 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 33 states. [2022-11-16 12:43:45,279 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 33 to 23. [2022-11-16 12:43:45,280 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 23 states, 16 states have (on average 1.3125) internal successors, (21), 18 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-16 12:43:45,281 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 23 states to 23 states and 27 transitions. [2022-11-16 12:43:45,282 INFO L78 Accepts]: Start accepts. Automaton has 23 states and 27 transitions. Word has length 11 [2022-11-16 12:43:45,283 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:45,283 INFO L495 AbstractCegarLoop]: Abstraction has 23 states and 27 transitions. [2022-11-16 12:43:45,284 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-16 12:43:45,284 INFO L276 IsEmpty]: Start isEmpty. Operand 23 states and 27 transitions. [2022-11-16 12:43:45,286 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-11-16 12:43:45,286 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:45,287 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:45,298 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-11-16 12:43:45,498 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:45,498 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:45,498 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:45,499 INFO L85 PathProgramCache]: Analyzing trace with hash 812802994, now seen corresponding path program 1 times [2022-11-16 12:43:45,499 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:45,499 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [921126213] [2022-11-16 12:43:45,499 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:45,500 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:45,500 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:45,501 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:45,541 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-11-16 12:43:45,573 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:45,576 INFO L263 TraceCheckSpWp]: Trace formula consists of 36 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-16 12:43:45,577 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:45,630 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 12:43:45,631 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-16 12:43:45,631 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:45,631 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [921126213] [2022-11-16 12:43:45,631 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [921126213] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:43:45,632 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:43:45,632 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-16 12:43:45,632 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1332390280] [2022-11-16 12:43:45,632 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:43:45,633 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-16 12:43:45,634 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:45,634 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-16 12:43:45,634 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-16 12:43:45,635 INFO L87 Difference]: Start difference. First operand 23 states and 27 transitions. Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-16 12:43:45,711 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:45,711 INFO L93 Difference]: Finished difference Result 32 states and 38 transitions. [2022-11-16 12:43:45,712 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-16 12:43:45,714 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-11-16 12:43:45,718 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:45,719 INFO L225 Difference]: With dead ends: 32 [2022-11-16 12:43:45,721 INFO L226 Difference]: Without dead ends: 30 [2022-11-16 12:43:45,721 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-16 12:43:45,723 INFO L413 NwaCegarLoop]: 32 mSDtfsCounter, 8 mSDsluCounter, 34 mSDsCounter, 0 mSdLazyCounter, 26 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 66 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 26 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:45,730 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 66 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 26 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 12:43:45,731 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 30 states. [2022-11-16 12:43:45,738 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 30 to 28. [2022-11-16 12:43:45,741 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 28 states, 20 states have (on average 1.3) internal successors, (26), 22 states have internal predecessors, (26), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2022-11-16 12:43:45,766 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 28 states to 28 states and 35 transitions. [2022-11-16 12:43:45,766 INFO L78 Accepts]: Start accepts. Automaton has 28 states and 35 transitions. Word has length 11 [2022-11-16 12:43:45,766 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:45,766 INFO L495 AbstractCegarLoop]: Abstraction has 28 states and 35 transitions. [2022-11-16 12:43:45,767 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-16 12:43:45,767 INFO L276 IsEmpty]: Start isEmpty. Operand 28 states and 35 transitions. [2022-11-16 12:43:45,767 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 13 [2022-11-16 12:43:45,768 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:45,768 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:45,788 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (3)] Ended with exit code 0 [2022-11-16 12:43:45,977 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:45,978 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:45,979 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:45,979 INFO L85 PathProgramCache]: Analyzing trace with hash 1979292102, now seen corresponding path program 1 times [2022-11-16 12:43:45,980 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:45,980 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [876318432] [2022-11-16 12:43:45,980 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:45,980 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:45,981 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:45,984 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:45,985 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-11-16 12:43:46,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:46,040 INFO L263 TraceCheckSpWp]: Trace formula consists of 42 conjuncts, 3 conjunts are in the unsatisfiable core [2022-11-16 12:43:46,041 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:46,085 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 12:43:46,085 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-16 12:43:46,085 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:46,085 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [876318432] [2022-11-16 12:43:46,086 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [876318432] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:43:46,086 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:43:46,086 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-16 12:43:46,086 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [273321185] [2022-11-16 12:43:46,086 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:43:46,087 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-16 12:43:46,087 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:46,088 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-16 12:43:46,088 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2022-11-16 12:43:46,088 INFO L87 Difference]: Start difference. First operand 28 states and 35 transitions. Second operand has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-16 12:43:46,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:46,139 INFO L93 Difference]: Finished difference Result 40 states and 53 transitions. [2022-11-16 12:43:46,140 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-16 12:43:46,140 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 12 [2022-11-16 12:43:46,140 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:46,141 INFO L225 Difference]: With dead ends: 40 [2022-11-16 12:43:46,141 INFO L226 Difference]: Without dead ends: 40 [2022-11-16 12:43:46,141 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2022-11-16 12:43:46,143 INFO L413 NwaCegarLoop]: 17 mSDtfsCounter, 17 mSDsluCounter, 16 mSDsCounter, 0 mSdLazyCounter, 15 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 33 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 15 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:46,144 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 33 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 15 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 12:43:46,145 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2022-11-16 12:43:46,149 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 29. [2022-11-16 12:43:46,149 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 29 states, 21 states have (on average 1.2857142857142858) internal successors, (27), 23 states have internal predecessors, (27), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2022-11-16 12:43:46,150 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 29 states to 29 states and 36 transitions. [2022-11-16 12:43:46,151 INFO L78 Accepts]: Start accepts. Automaton has 29 states and 36 transitions. Word has length 12 [2022-11-16 12:43:46,151 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:46,151 INFO L495 AbstractCegarLoop]: Abstraction has 29 states and 36 transitions. [2022-11-16 12:43:46,151 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-16 12:43:46,152 INFO L276 IsEmpty]: Start isEmpty. Operand 29 states and 36 transitions. [2022-11-16 12:43:46,152 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-16 12:43:46,152 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:46,153 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:46,173 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-11-16 12:43:46,364 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:46,364 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:46,365 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:46,365 INFO L85 PathProgramCache]: Analyzing trace with hash -938120081, now seen corresponding path program 1 times [2022-11-16 12:43:46,366 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:46,366 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1129008338] [2022-11-16 12:43:46,366 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:46,366 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:46,367 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:46,368 INFO L229 MonitoredProcess]: Starting monitored process 5 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:46,376 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-11-16 12:43:46,443 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:46,445 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 9 conjunts are in the unsatisfiable core [2022-11-16 12:43:46,448 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:46,486 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:43:46,591 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_10 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_10))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:43:46,640 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:43:46,641 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:43:46,653 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-16 12:43:46,653 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:43:46,890 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 12:43:46,891 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:46,891 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1129008338] [2022-11-16 12:43:46,891 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1129008338] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 12:43:46,891 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:43:46,891 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 5] total 7 [2022-11-16 12:43:46,892 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [918334867] [2022-11-16 12:43:46,892 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:43:46,892 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-16 12:43:46,892 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:46,893 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-16 12:43:46,893 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=31, Unknown=1, NotChecked=10, Total=56 [2022-11-16 12:43:46,893 INFO L87 Difference]: Start difference. First operand 29 states and 36 transitions. Second operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 12:43:47,055 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:47,055 INFO L93 Difference]: Finished difference Result 36 states and 46 transitions. [2022-11-16 12:43:47,056 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-16 12:43:47,056 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-11-16 12:43:47,056 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:47,057 INFO L225 Difference]: With dead ends: 36 [2022-11-16 12:43:47,057 INFO L226 Difference]: Without dead ends: 36 [2022-11-16 12:43:47,057 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 24 SyntacticMatches, 2 SemanticMatches, 7 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=18, Invalid=41, Unknown=1, NotChecked=12, Total=72 [2022-11-16 12:43:47,058 INFO L413 NwaCegarLoop]: 18 mSDtfsCounter, 8 mSDsluCounter, 36 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 54 SdHoareTripleChecker+Invalid, 100 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 42 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:47,059 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 54 Invalid, 100 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 55 Invalid, 0 Unknown, 42 Unchecked, 0.1s Time] [2022-11-16 12:43:47,060 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 36 states. [2022-11-16 12:43:47,063 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 36 to 35. [2022-11-16 12:43:47,064 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 35 states, 26 states have (on average 1.3076923076923077) internal successors, (34), 27 states have internal predecessors, (34), 4 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (8), 6 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-16 12:43:47,065 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 35 states to 35 states and 46 transitions. [2022-11-16 12:43:47,065 INFO L78 Accepts]: Start accepts. Automaton has 35 states and 46 transitions. Word has length 17 [2022-11-16 12:43:47,065 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:47,065 INFO L495 AbstractCegarLoop]: Abstraction has 35 states and 46 transitions. [2022-11-16 12:43:47,066 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 12:43:47,066 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 46 transitions. [2022-11-16 12:43:47,071 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-16 12:43:47,072 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:47,072 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:47,086 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-11-16 12:43:47,279 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:47,280 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:47,280 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:47,280 INFO L85 PathProgramCache]: Analyzing trace with hash -938120080, now seen corresponding path program 1 times [2022-11-16 12:43:47,281 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:47,281 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [184723085] [2022-11-16 12:43:47,281 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:47,281 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:47,281 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:47,282 INFO L229 MonitoredProcess]: Starting monitored process 6 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:47,295 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-11-16 12:43:47,378 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:47,385 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 20 conjunts are in the unsatisfiable core [2022-11-16 12:43:47,388 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:47,413 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:43:47,419 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:43:47,645 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_21 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_21) |c_#length|)))) is different from true [2022-11-16 12:43:47,684 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:47,686 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:47,702 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:47,702 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:47,752 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-16 12:43:47,753 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:43:50,315 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:50,315 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [184723085] [2022-11-16 12:43:50,315 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [184723085] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:43:50,315 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1301526487] [2022-11-16 12:43:50,315 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:50,316 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:43:50,316 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:43:50,323 INFO L229 MonitoredProcess]: Starting monitored process 7 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:43:50,326 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (7)] Waiting until timeout for monitored process [2022-11-16 12:43:50,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:50,441 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 20 conjunts are in the unsatisfiable core [2022-11-16 12:43:50,447 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:50,467 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:43:50,476 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:43:50,589 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_31 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_31) |c_#length|)))) is different from true [2022-11-16 12:43:50,629 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:50,631 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:50,643 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:50,643 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:50,660 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-16 12:43:50,660 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:43:50,951 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1301526487] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:43:50,951 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:43:50,951 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 10 [2022-11-16 12:43:50,952 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [758565095] [2022-11-16 12:43:50,952 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:43:50,952 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-11-16 12:43:50,952 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:50,953 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-11-16 12:43:50,953 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=89, Unknown=2, NotChecked=38, Total=156 [2022-11-16 12:43:50,953 INFO L87 Difference]: Start difference. First operand 35 states and 46 transitions. Second operand has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 12:43:51,314 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:51,314 INFO L93 Difference]: Finished difference Result 43 states and 54 transitions. [2022-11-16 12:43:51,314 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-11-16 12:43:51,315 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-11-16 12:43:51,315 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:51,316 INFO L225 Difference]: With dead ends: 43 [2022-11-16 12:43:51,316 INFO L226 Difference]: Without dead ends: 43 [2022-11-16 12:43:51,316 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 26 SyntacticMatches, 1 SemanticMatches, 13 ConstructedPredicates, 2 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 2.8s TimeCoverageRelationStatistics Valid=35, Invalid=127, Unknown=2, NotChecked=46, Total=210 [2022-11-16 12:43:51,317 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 17 mSDsluCounter, 76 mSDsCounter, 0 mSdLazyCounter, 145 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 99 SdHoareTripleChecker+Invalid, 217 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 145 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 66 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:51,317 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 99 Invalid, 217 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 145 Invalid, 0 Unknown, 66 Unchecked, 0.2s Time] [2022-11-16 12:43:51,318 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 43 states. [2022-11-16 12:43:51,322 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 43 to 38. [2022-11-16 12:43:51,323 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 38 states, 28 states have (on average 1.2857142857142858) internal successors, (36), 29 states have internal predecessors, (36), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (10), 7 states have call predecessors, (10), 5 states have call successors, (10) [2022-11-16 12:43:51,329 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 38 states to 38 states and 51 transitions. [2022-11-16 12:43:51,329 INFO L78 Accepts]: Start accepts. Automaton has 38 states and 51 transitions. Word has length 17 [2022-11-16 12:43:51,330 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:51,330 INFO L495 AbstractCegarLoop]: Abstraction has 38 states and 51 transitions. [2022-11-16 12:43:51,330 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-16 12:43:51,330 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 51 transitions. [2022-11-16 12:43:51,331 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-16 12:43:51,332 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:51,333 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:51,340 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (7)] Ended with exit code 0 [2022-11-16 12:43:51,551 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-11-16 12:43:51,743 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,6 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:51,743 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:51,744 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:51,744 INFO L85 PathProgramCache]: Analyzing trace with hash -1231523088, now seen corresponding path program 1 times [2022-11-16 12:43:51,744 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:51,744 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [192297789] [2022-11-16 12:43:51,745 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:51,745 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:51,745 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:51,746 INFO L229 MonitoredProcess]: Starting monitored process 8 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:51,763 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-11-16 12:43:51,807 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:51,808 INFO L263 TraceCheckSpWp]: Trace formula consists of 55 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-16 12:43:51,815 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:51,870 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-16 12:43:51,870 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-16 12:43:51,871 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:51,871 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [192297789] [2022-11-16 12:43:51,871 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [192297789] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-16 12:43:51,871 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-16 12:43:51,871 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-16 12:43:51,872 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [583859626] [2022-11-16 12:43:51,872 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-16 12:43:51,873 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-16 12:43:51,873 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:51,874 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-16 12:43:51,874 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 12:43:51,874 INFO L87 Difference]: Start difference. First operand 38 states and 51 transitions. Second operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 12:43:51,911 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:51,911 INFO L93 Difference]: Finished difference Result 26 states and 30 transitions. [2022-11-16 12:43:51,912 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-16 12:43:51,912 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-11-16 12:43:51,914 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:51,915 INFO L225 Difference]: With dead ends: 26 [2022-11-16 12:43:51,915 INFO L226 Difference]: Without dead ends: 24 [2022-11-16 12:43:51,916 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-16 12:43:51,919 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 0 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 79 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:51,919 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 79 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-16 12:43:51,920 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 24 states. [2022-11-16 12:43:51,930 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 24 to 24. [2022-11-16 12:43:51,930 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 24 states, 17 states have (on average 1.1764705882352942) internal successors, (20), 19 states have internal predecessors, (20), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-16 12:43:51,936 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 28 transitions. [2022-11-16 12:43:51,936 INFO L78 Accepts]: Start accepts. Automaton has 24 states and 28 transitions. Word has length 17 [2022-11-16 12:43:51,937 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:51,937 INFO L495 AbstractCegarLoop]: Abstraction has 24 states and 28 transitions. [2022-11-16 12:43:51,937 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-16 12:43:51,937 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 28 transitions. [2022-11-16 12:43:51,938 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-16 12:43:51,938 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:51,938 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:51,953 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-11-16 12:43:52,153 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:52,153 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:52,154 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:52,154 INFO L85 PathProgramCache]: Analyzing trace with hash -1382319161, now seen corresponding path program 1 times [2022-11-16 12:43:52,154 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:52,154 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [84448138] [2022-11-16 12:43:52,154 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:52,155 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:52,155 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:52,156 INFO L229 MonitoredProcess]: Starting monitored process 9 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:52,164 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-11-16 12:43:52,222 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:52,224 INFO L263 TraceCheckSpWp]: Trace formula consists of 77 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-16 12:43:52,226 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:52,294 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-16 12:43:52,294 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:43:52,368 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-16 12:43:52,369 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:52,369 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [84448138] [2022-11-16 12:43:52,369 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [84448138] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 12:43:52,369 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:43:52,369 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 5] total 8 [2022-11-16 12:43:52,369 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [629508205] [2022-11-16 12:43:52,369 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:43:52,370 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-16 12:43:52,370 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:52,370 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-16 12:43:52,370 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-11-16 12:43:52,371 INFO L87 Difference]: Start difference. First operand 24 states and 28 transitions. Second operand has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-16 12:43:52,510 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:52,510 INFO L93 Difference]: Finished difference Result 38 states and 46 transitions. [2022-11-16 12:43:52,510 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-16 12:43:52,511 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 21 [2022-11-16 12:43:52,511 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:52,511 INFO L225 Difference]: With dead ends: 38 [2022-11-16 12:43:52,512 INFO L226 Difference]: Without dead ends: 38 [2022-11-16 12:43:52,512 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=38, Invalid=52, Unknown=0, NotChecked=0, Total=90 [2022-11-16 12:43:52,513 INFO L413 NwaCegarLoop]: 20 mSDtfsCounter, 60 mSDsluCounter, 29 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 61 SdHoareTripleChecker+Valid, 49 SdHoareTripleChecker+Invalid, 50 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:52,513 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [61 Valid, 49 Invalid, 50 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-16 12:43:52,514 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 38 states. [2022-11-16 12:43:52,517 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 38 to 36. [2022-11-16 12:43:52,518 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1851851851851851) internal successors, (32), 29 states have internal predecessors, (32), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-16 12:43:52,518 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 46 transitions. [2022-11-16 12:43:52,519 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 46 transitions. Word has length 21 [2022-11-16 12:43:52,519 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:52,519 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 46 transitions. [2022-11-16 12:43:52,519 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-16 12:43:52,519 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 46 transitions. [2022-11-16 12:43:52,520 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-11-16 12:43:52,520 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:52,520 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:52,536 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (9)] Ended with exit code 0 [2022-11-16 12:43:52,736 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:52,736 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:52,736 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:52,737 INFO L85 PathProgramCache]: Analyzing trace with hash -704273649, now seen corresponding path program 1 times [2022-11-16 12:43:52,737 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:52,737 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [660099606] [2022-11-16 12:43:52,737 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:52,737 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:52,737 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:52,738 INFO L229 MonitoredProcess]: Starting monitored process 10 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:52,748 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-11-16 12:43:52,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:52,852 INFO L263 TraceCheckSpWp]: Trace formula consists of 96 conjuncts, 28 conjunts are in the unsatisfiable core [2022-11-16 12:43:52,856 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:52,883 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:43:52,889 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:43:53,070 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_61 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_61))))) is different from true [2022-11-16 12:43:53,099 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:53,101 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:53,114 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:53,115 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:53,244 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_62 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_62) |c_#length|)))) is different from true [2022-11-16 12:43:53,268 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:53,269 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:53,279 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:53,280 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:53,322 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 2 trivial. 6 not checked. [2022-11-16 12:43:53,322 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:43:53,808 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:43:53,808 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [660099606] [2022-11-16 12:43:53,808 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [660099606] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:43:53,808 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [868360608] [2022-11-16 12:43:53,808 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:43:53,809 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:43:53,809 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:43:53,810 INFO L229 MonitoredProcess]: Starting monitored process 11 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:43:53,821 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (11)] Waiting until timeout for monitored process [2022-11-16 12:43:53,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:43:53,998 INFO L263 TraceCheckSpWp]: Trace formula consists of 96 conjuncts, 28 conjunts are in the unsatisfiable core [2022-11-16 12:43:54,002 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:54,016 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:43:54,023 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:43:54,115 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_80 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_80) |c_#length|)))) is different from true [2022-11-16 12:43:54,150 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:54,155 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:54,170 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:54,171 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:54,239 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_81 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_81))))) is different from true [2022-11-16 12:43:54,263 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:54,265 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:54,283 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:54,283 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:54,298 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 2 trivial. 6 not checked. [2022-11-16 12:43:54,298 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:43:54,630 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [868360608] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:43:54,630 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:43:54,630 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 12] total 14 [2022-11-16 12:43:54,630 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [691187730] [2022-11-16 12:43:54,631 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:43:54,631 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-16 12:43:54,631 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:43:54,631 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-16 12:43:54,632 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=129, Unknown=4, NotChecked=100, Total=272 [2022-11-16 12:43:54,632 INFO L87 Difference]: Start difference. First operand 36 states and 46 transitions. Second operand has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-16 12:43:55,090 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:43:55,091 INFO L93 Difference]: Finished difference Result 40 states and 49 transitions. [2022-11-16 12:43:55,091 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-16 12:43:55,091 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) Word has length 26 [2022-11-16 12:43:55,092 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:43:55,092 INFO L225 Difference]: With dead ends: 40 [2022-11-16 12:43:55,092 INFO L226 Difference]: Without dead ends: 40 [2022-11-16 12:43:55,093 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 58 GetRequests, 40 SyntacticMatches, 1 SemanticMatches, 17 ConstructedPredicates, 4 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.8s TimeCoverageRelationStatistics Valid=47, Invalid=175, Unknown=4, NotChecked=116, Total=342 [2022-11-16 12:43:55,093 INFO L413 NwaCegarLoop]: 17 mSDtfsCounter, 13 mSDsluCounter, 73 mSDsCounter, 0 mSdLazyCounter, 154 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 13 SdHoareTripleChecker+Valid, 90 SdHoareTripleChecker+Invalid, 276 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 114 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-16 12:43:55,094 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [13 Valid, 90 Invalid, 276 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 154 Invalid, 0 Unknown, 114 Unchecked, 0.3s Time] [2022-11-16 12:43:55,094 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2022-11-16 12:43:55,097 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 36. [2022-11-16 12:43:55,098 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1481481481481481) internal successors, (31), 29 states have internal predecessors, (31), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-16 12:43:55,098 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 45 transitions. [2022-11-16 12:43:55,099 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 45 transitions. Word has length 26 [2022-11-16 12:43:55,099 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:43:55,099 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 45 transitions. [2022-11-16 12:43:55,099 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-16 12:43:55,100 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 45 transitions. [2022-11-16 12:43:55,100 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-11-16 12:43:55,101 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:43:55,101 INFO L195 NwaCegarLoop]: trace histogram [4, 4, 4, 3, 3, 3, 3, 2, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:43:55,113 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (10)] Ended with exit code 0 [2022-11-16 12:43:55,315 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (11)] Forceful destruction successful, exit code 0 [2022-11-16 12:43:55,513 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,11 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:43:55,513 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:43:55,514 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:43:55,514 INFO L85 PathProgramCache]: Analyzing trace with hash -1383108784, now seen corresponding path program 2 times [2022-11-16 12:43:55,514 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:43:55,514 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2009812939] [2022-11-16 12:43:55,514 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:43:55,514 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:43:55,514 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:43:55,516 INFO L229 MonitoredProcess]: Starting monitored process 12 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:43:55,526 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (12)] Waiting until timeout for monitored process [2022-11-16 12:43:55,655 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:43:55,656 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:43:55,661 INFO L263 TraceCheckSpWp]: Trace formula consists of 131 conjuncts, 36 conjunts are in the unsatisfiable core [2022-11-16 12:43:55,666 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:43:55,694 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:43:55,700 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:43:55,858 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_107 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_107) |c_#length|)))) is different from true [2022-11-16 12:43:55,883 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:55,884 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:55,895 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:55,896 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:56,018 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_108 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_108) |c_#length|)))) is different from true [2022-11-16 12:43:56,044 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:56,045 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:56,057 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:56,057 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:56,188 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_109 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_109))))) is different from true [2022-11-16 12:43:56,211 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:43:56,212 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:43:56,225 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:43:56,226 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:43:56,268 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 6 trivial. 12 not checked. [2022-11-16 12:43:56,268 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:00,749 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:00,750 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2009812939] [2022-11-16 12:44:00,750 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2009812939] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:00,750 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [64035480] [2022-11-16 12:44:00,750 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:44:00,750 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:00,750 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:44:00,751 INFO L229 MonitoredProcess]: Starting monitored process 13 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:44:00,753 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (13)] Waiting until timeout for monitored process [2022-11-16 12:44:00,979 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:44:00,979 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:00,984 INFO L263 TraceCheckSpWp]: Trace formula consists of 131 conjuncts, 36 conjunts are in the unsatisfiable core [2022-11-16 12:44:00,988 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:01,004 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:01,020 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:01,123 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_135 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_135) |c_#length|)))) is different from true [2022-11-16 12:44:01,159 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:01,160 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:01,173 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:01,173 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:01,258 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_136 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_136))))) is different from true [2022-11-16 12:44:01,279 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:01,280 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:01,296 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:01,297 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:01,379 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_137 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_137) |c_#length|)))) is different from true [2022-11-16 12:44:01,405 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:01,406 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:01,418 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:01,418 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:01,432 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 6 trivial. 12 not checked. [2022-11-16 12:44:01,433 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:01,744 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [64035480] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:01,744 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:44:01,745 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 15] total 18 [2022-11-16 12:44:01,745 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1815672115] [2022-11-16 12:44:01,745 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:44:01,745 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 19 states [2022-11-16 12:44:01,746 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:44:01,746 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2022-11-16 12:44:01,746 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=51, Invalid=176, Unknown=7, NotChecked=186, Total=420 [2022-11-16 12:44:01,747 INFO L87 Difference]: Start difference. First operand 36 states and 45 transitions. Second operand has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-16 12:44:02,427 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:44:02,428 INFO L93 Difference]: Finished difference Result 42 states and 50 transitions. [2022-11-16 12:44:02,428 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-16 12:44:02,428 INFO L78 Accepts]: Start accepts. Automaton has has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) Word has length 35 [2022-11-16 12:44:02,429 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:44:02,429 INFO L225 Difference]: With dead ends: 42 [2022-11-16 12:44:02,429 INFO L226 Difference]: Without dead ends: 42 [2022-11-16 12:44:02,430 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 76 GetRequests, 54 SyntacticMatches, 1 SemanticMatches, 21 ConstructedPredicates, 6 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 4.9s TimeCoverageRelationStatistics Valid=59, Invalid=230, Unknown=7, NotChecked=210, Total=506 [2022-11-16 12:44:02,431 INFO L413 NwaCegarLoop]: 20 mSDtfsCounter, 15 mSDsluCounter, 110 mSDsCounter, 0 mSdLazyCounter, 251 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 130 SdHoareTripleChecker+Invalid, 468 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 251 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 207 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-16 12:44:02,431 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [15 Valid, 130 Invalid, 468 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 251 Invalid, 0 Unknown, 207 Unchecked, 0.5s Time] [2022-11-16 12:44:02,431 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2022-11-16 12:44:02,434 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 36. [2022-11-16 12:44:02,434 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1111111111111112) internal successors, (30), 29 states have internal predecessors, (30), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-16 12:44:02,435 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 44 transitions. [2022-11-16 12:44:02,435 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 44 transitions. Word has length 35 [2022-11-16 12:44:02,436 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:44:02,436 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 44 transitions. [2022-11-16 12:44:02,436 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-16 12:44:02,436 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 44 transitions. [2022-11-16 12:44:02,437 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2022-11-16 12:44:02,437 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:44:02,438 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 3, 3, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:44:02,452 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (12)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:02,652 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (13)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:02,849 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,13 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:02,850 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:44:02,850 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:44:02,850 INFO L85 PathProgramCache]: Analyzing trace with hash -856630225, now seen corresponding path program 3 times [2022-11-16 12:44:02,851 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:44:02,851 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1332738329] [2022-11-16 12:44:02,851 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:44:02,851 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:02,851 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:44:02,852 INFO L229 MonitoredProcess]: Starting monitored process 14 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:44:02,854 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (14)] Waiting until timeout for monitored process [2022-11-16 12:44:03,042 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2022-11-16 12:44:03,042 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:03,048 INFO L263 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 44 conjunts are in the unsatisfiable core [2022-11-16 12:44:03,051 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:03,074 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:03,082 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:03,251 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_171 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_171) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:03,275 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:03,276 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:03,287 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:03,288 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:03,427 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_172 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_172))))) is different from true [2022-11-16 12:44:03,450 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:03,451 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:03,468 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:03,468 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:03,625 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_173 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_173))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:03,650 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:03,652 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:03,668 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:03,668 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:03,826 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_174 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_174) |c_#length|)))) is different from true [2022-11-16 12:44:03,854 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:03,856 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:03,870 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:03,870 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:03,924 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 31 refuted. 0 times theorem prover too weak. 12 trivial. 20 not checked. [2022-11-16 12:44:03,924 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:06,380 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:06,380 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1332738329] [2022-11-16 12:44:06,380 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1332738329] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:06,381 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1496463002] [2022-11-16 12:44:06,381 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:44:06,381 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:06,381 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:44:06,383 INFO L229 MonitoredProcess]: Starting monitored process 15 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:44:06,384 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (15)] Waiting until timeout for monitored process [2022-11-16 12:44:06,674 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2022-11-16 12:44:06,674 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:06,678 INFO L263 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 53 conjunts are in the unsatisfiable core [2022-11-16 12:44:06,682 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:06,701 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:06,708 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:06,893 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:06,893 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:06,903 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:07,201 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:07,201 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:07,224 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:07,224 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:07,536 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:07,537 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:07,564 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:07,564 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:07,779 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_214 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_214))))) is different from true [2022-11-16 12:44:07,798 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:07,800 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:07,817 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:07,817 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:07,837 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 37 refuted. 0 times theorem prover too weak. 18 trivial. 8 not checked. [2022-11-16 12:44:07,837 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:10,161 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1496463002] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:10,161 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:44:10,161 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [18, 19] total 26 [2022-11-16 12:44:10,161 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [981290650] [2022-11-16 12:44:10,162 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:44:10,162 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 27 states [2022-11-16 12:44:10,162 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:44:10,163 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2022-11-16 12:44:10,163 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=83, Invalid=483, Unknown=6, NotChecked=240, Total=812 [2022-11-16 12:44:10,164 INFO L87 Difference]: Start difference. First operand 36 states and 44 transitions. Second operand has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-16 12:44:11,511 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:44:11,511 INFO L93 Difference]: Finished difference Result 57 states and 71 transitions. [2022-11-16 12:44:11,511 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-16 12:44:11,511 INFO L78 Accepts]: Start accepts. Automaton has has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) Word has length 44 [2022-11-16 12:44:11,512 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:44:11,512 INFO L225 Difference]: With dead ends: 57 [2022-11-16 12:44:11,513 INFO L226 Difference]: Without dead ends: 57 [2022-11-16 12:44:11,513 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 97 GetRequests, 62 SyntacticMatches, 3 SemanticMatches, 32 ConstructedPredicates, 5 IntricatePredicates, 0 DeprecatedPredicates, 132 ImplicationChecksByTransitivity, 5.7s TimeCoverageRelationStatistics Valid=113, Invalid=713, Unknown=6, NotChecked=290, Total=1122 [2022-11-16 12:44:11,514 INFO L413 NwaCegarLoop]: 21 mSDtfsCounter, 24 mSDsluCounter, 173 mSDsCounter, 0 mSdLazyCounter, 650 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 194 SdHoareTripleChecker+Invalid, 998 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 650 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 329 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:44:11,514 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 194 Invalid, 998 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 650 Invalid, 0 Unknown, 329 Unchecked, 1.0s Time] [2022-11-16 12:44:11,515 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2022-11-16 12:44:11,518 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 39. [2022-11-16 12:44:11,519 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 39 states, 29 states have (on average 1.103448275862069) internal successors, (32), 31 states have internal predecessors, (32), 6 states have call successors, (6), 1 states have call predecessors, (6), 2 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-16 12:44:11,519 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 49 transitions. [2022-11-16 12:44:11,520 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 49 transitions. Word has length 44 [2022-11-16 12:44:11,520 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:44:11,520 INFO L495 AbstractCegarLoop]: Abstraction has 39 states and 49 transitions. [2022-11-16 12:44:11,520 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-16 12:44:11,520 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 49 transitions. [2022-11-16 12:44:11,522 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-11-16 12:44:11,522 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:44:11,522 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 4, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:44:11,528 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (15)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:11,733 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (14)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:11,925 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 15 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,14 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:11,926 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:44:11,926 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:44:11,926 INFO L85 PathProgramCache]: Analyzing trace with hash -206900218, now seen corresponding path program 2 times [2022-11-16 12:44:11,927 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:44:11,927 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [739224216] [2022-11-16 12:44:11,927 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:44:11,927 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:11,927 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:44:11,928 INFO L229 MonitoredProcess]: Starting monitored process 16 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:44:11,931 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (16)] Waiting until timeout for monitored process [2022-11-16 12:44:12,043 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:44:12,043 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:12,048 INFO L263 TraceCheckSpWp]: Trace formula consists of 182 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-16 12:44:12,049 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:12,235 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-11-16 12:44:12,236 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:12,584 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-11-16 12:44:12,584 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:12,584 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [739224216] [2022-11-16 12:44:12,584 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [739224216] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-16 12:44:12,585 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:44:12,585 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 14 [2022-11-16 12:44:12,585 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [180130443] [2022-11-16 12:44:12,585 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:44:12,585 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-11-16 12:44:12,586 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:44:12,586 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-11-16 12:44:12,586 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=61, Invalid=121, Unknown=0, NotChecked=0, Total=182 [2022-11-16 12:44:12,586 INFO L87 Difference]: Start difference. First operand 39 states and 49 transitions. Second operand has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2022-11-16 12:44:13,180 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:44:13,180 INFO L93 Difference]: Finished difference Result 71 states and 91 transitions. [2022-11-16 12:44:13,180 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-16 12:44:13,181 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) Word has length 48 [2022-11-16 12:44:13,181 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:44:13,182 INFO L225 Difference]: With dead ends: 71 [2022-11-16 12:44:13,182 INFO L226 Difference]: Without dead ends: 71 [2022-11-16 12:44:13,182 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 99 GetRequests, 82 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.5s TimeCoverageRelationStatistics Valid=131, Invalid=211, Unknown=0, NotChecked=0, Total=342 [2022-11-16 12:44:13,183 INFO L413 NwaCegarLoop]: 32 mSDtfsCounter, 104 mSDsluCounter, 120 mSDsCounter, 0 mSdLazyCounter, 169 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 105 SdHoareTripleChecker+Valid, 152 SdHoareTripleChecker+Invalid, 198 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 169 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-16 12:44:13,183 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [105 Valid, 152 Invalid, 198 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 169 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-11-16 12:44:13,184 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 71 states. [2022-11-16 12:44:13,189 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 71 to 66. [2022-11-16 12:44:13,189 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1568627450980393) internal successors, (59), 53 states have internal predecessors, (59), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-16 12:44:13,190 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 91 transitions. [2022-11-16 12:44:13,191 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 91 transitions. Word has length 48 [2022-11-16 12:44:13,191 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:44:13,191 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 91 transitions. [2022-11-16 12:44:13,191 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2022-11-16 12:44:13,192 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 91 transitions. [2022-11-16 12:44:13,192 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2022-11-16 12:44:13,192 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:44:13,193 INFO L195 NwaCegarLoop]: trace histogram [6, 6, 6, 5, 5, 5, 5, 4, 4, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:44:13,206 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (16)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:13,405 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 16 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:13,405 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:44:13,406 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:44:13,406 INFO L85 PathProgramCache]: Analyzing trace with hash 845314608, now seen corresponding path program 4 times [2022-11-16 12:44:13,406 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:44:13,406 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [383061173] [2022-11-16 12:44:13,406 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:44:13,407 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:13,407 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:44:13,408 INFO L229 MonitoredProcess]: Starting monitored process 17 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:44:13,416 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (17)] Waiting until timeout for monitored process [2022-11-16 12:44:13,586 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:44:13,586 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:13,593 INFO L263 TraceCheckSpWp]: Trace formula consists of 201 conjuncts, 52 conjunts are in the unsatisfiable core [2022-11-16 12:44:13,597 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:13,616 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:13,624 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:13,802 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_290 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_290) |c_#length|)))) is different from true [2022-11-16 12:44:13,826 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:13,827 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:13,844 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:13,844 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:13,978 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_291 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_291) |c_#length|)))) is different from true [2022-11-16 12:44:13,996 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:13,997 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:14,009 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:14,009 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:14,164 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_292 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_292) |c_#length|)))) is different from true [2022-11-16 12:44:14,197 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:14,198 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:14,217 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:14,218 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:14,373 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_293 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_293) |c_#length|)))) is different from true [2022-11-16 12:44:14,393 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:14,397 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:14,436 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:14,437 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:14,605 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_294 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_294) |c_#length|)))) is different from true [2022-11-16 12:44:14,628 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:14,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:14,646 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:14,647 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:14,699 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 20 trivial. 30 not checked. [2022-11-16 12:44:14,700 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:17,148 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:17,148 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [383061173] [2022-11-16 12:44:17,148 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [383061173] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:17,148 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1719752368] [2022-11-16 12:44:17,149 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:44:17,149 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:17,149 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:44:17,160 INFO L229 MonitoredProcess]: Starting monitored process 18 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:44:17,162 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (18)] Waiting until timeout for monitored process [2022-11-16 12:44:17,472 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:44:17,472 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:17,479 INFO L263 TraceCheckSpWp]: Trace formula consists of 201 conjuncts, 52 conjunts are in the unsatisfiable core [2022-11-16 12:44:17,483 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:17,494 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:17,504 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:17,601 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_336 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_336))))) is different from true [2022-11-16 12:44:17,624 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:17,625 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:17,644 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:17,644 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:17,728 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_337 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_337))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:17,752 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:17,753 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:17,769 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:17,770 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:17,840 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_338 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_338) |c_#length|)))) is different from true [2022-11-16 12:44:17,869 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:17,871 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:17,887 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:17,887 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:17,955 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_339 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_339) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:17,973 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:17,973 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:17,988 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:17,989 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:18,074 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_340 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_340) |c_#length|)))) is different from true [2022-11-16 12:44:18,104 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:18,105 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:18,123 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:18,123 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:18,140 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 20 trivial. 30 not checked. [2022-11-16 12:44:18,140 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:18,482 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1719752368] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:18,482 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:44:18,482 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [21, 21] total 26 [2022-11-16 12:44:18,483 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1896646739] [2022-11-16 12:44:18,483 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:44:18,483 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 27 states [2022-11-16 12:44:18,483 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:44:18,484 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2022-11-16 12:44:18,484 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=75, Invalid=297, Unknown=10, NotChecked=430, Total=812 [2022-11-16 12:44:18,484 INFO L87 Difference]: Start difference. First operand 66 states and 91 transitions. Second operand has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-16 12:44:19,711 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:44:19,711 INFO L93 Difference]: Finished difference Result 76 states and 100 transitions. [2022-11-16 12:44:19,711 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2022-11-16 12:44:19,711 INFO L78 Accepts]: Start accepts. Automaton has has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) Word has length 53 [2022-11-16 12:44:19,712 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:44:19,713 INFO L225 Difference]: With dead ends: 76 [2022-11-16 12:44:19,713 INFO L226 Difference]: Without dead ends: 76 [2022-11-16 12:44:19,714 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 112 GetRequests, 82 SyntacticMatches, 1 SemanticMatches, 29 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 3.3s TimeCoverageRelationStatistics Valid=83, Invalid=367, Unknown=10, NotChecked=470, Total=930 [2022-11-16 12:44:19,714 INFO L413 NwaCegarLoop]: 26 mSDtfsCounter, 21 mSDsluCounter, 221 mSDsCounter, 0 mSdLazyCounter, 549 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 247 SdHoareTripleChecker+Invalid, 1057 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 549 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 495 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-16 12:44:19,715 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 247 Invalid, 1057 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 549 Invalid, 0 Unknown, 495 Unchecked, 0.9s Time] [2022-11-16 12:44:19,715 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2022-11-16 12:44:19,721 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 66. [2022-11-16 12:44:19,722 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1372549019607843) internal successors, (58), 53 states have internal predecessors, (58), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-16 12:44:19,723 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 90 transitions. [2022-11-16 12:44:19,723 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 90 transitions. Word has length 53 [2022-11-16 12:44:19,723 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:44:19,723 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 90 transitions. [2022-11-16 12:44:19,724 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-16 12:44:19,724 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 90 transitions. [2022-11-16 12:44:19,725 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-16 12:44:19,725 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:44:19,725 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 7, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:44:19,736 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (18)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:19,937 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (17)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:20,129 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 18 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,17 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:20,129 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:44:20,129 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:44:20,130 INFO L85 PathProgramCache]: Analyzing trace with hash -1540616881, now seen corresponding path program 5 times [2022-11-16 12:44:20,130 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:44:20,130 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [756769375] [2022-11-16 12:44:20,130 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:44:20,130 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:20,130 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:44:20,131 INFO L229 MonitoredProcess]: Starting monitored process 19 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:44:20,134 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (19)] Waiting until timeout for monitored process [2022-11-16 12:44:20,402 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2022-11-16 12:44:20,403 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:20,412 INFO L263 TraceCheckSpWp]: Trace formula consists of 236 conjuncts, 64 conjunts are in the unsatisfiable core [2022-11-16 12:44:20,415 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:20,433 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:20,628 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:20,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:20,996 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_391 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_391) |c_#length|)))) is different from true [2022-11-16 12:44:21,022 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:21,050 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:44:21,051 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-16 12:44:21,078 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:21,079 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:21,356 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_392 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_392) |c_#length|)))) is different from true [2022-11-16 12:44:21,388 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:21,389 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:21,401 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:21,402 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:21,578 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_393 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_393))))) is different from true [2022-11-16 12:44:21,598 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:21,598 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:21,614 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:21,615 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:21,793 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_394 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_394) |c_#length|)))) is different from true [2022-11-16 12:44:21,815 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:21,816 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:21,831 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:21,831 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:22,011 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_395 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_395))))) is different from true [2022-11-16 12:44:22,029 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:22,030 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:22,049 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:22,049 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:22,126 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 20 trivial. 40 not checked. [2022-11-16 12:44:22,127 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:26,751 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:26,752 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [756769375] [2022-11-16 12:44:26,752 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [756769375] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:26,752 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1089095891] [2022-11-16 12:44:26,752 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:44:26,752 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:26,752 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:44:26,753 INFO L229 MonitoredProcess]: Starting monitored process 20 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:44:26,755 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (20)] Waiting until timeout for monitored process [2022-11-16 12:44:27,207 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2022-11-16 12:44:27,207 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:27,229 INFO L263 TraceCheckSpWp]: Trace formula consists of 236 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-16 12:44:27,234 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:27,245 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:27,331 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:27,331 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:27,481 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_446 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_446) |c_#length|)))) is different from true [2022-11-16 12:44:27,535 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:27,561 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:44:27,562 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-16 12:44:27,581 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:27,582 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:27,708 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_447 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_447) |c_#length|)) (exists ((v_ArrVal_448 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_448))))) is different from true [2022-11-16 12:44:27,731 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:27,732 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:27,754 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:44:27,754 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:44:27,846 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_450 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_450))) (exists ((v_ArrVal_449 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_449) |c_#length|)))) is different from true [2022-11-16 12:44:27,900 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:44:27,900 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:44:27,911 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:27,997 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_451 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_451))))) is different from true [2022-11-16 12:44:28,018 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:28,019 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:28,031 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:28,031 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:28,120 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_452 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_452))))) is different from true [2022-11-16 12:44:28,141 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:28,142 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:28,155 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:28,156 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:28,172 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 20 trivial. 40 not checked. [2022-11-16 12:44:28,172 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:28,655 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1089095891] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:28,656 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:44:28,656 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [29, 27] total 34 [2022-11-16 12:44:28,656 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [359363049] [2022-11-16 12:44:28,656 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:44:28,657 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 35 states [2022-11-16 12:44:28,657 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:44:28,657 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 35 interpolants. [2022-11-16 12:44:28,658 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=99, Invalid=633, Unknown=10, NotChecked=590, Total=1332 [2022-11-16 12:44:28,658 INFO L87 Difference]: Start difference. First operand 66 states and 90 transitions. Second operand has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-16 12:44:30,217 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:44:30,217 INFO L93 Difference]: Finished difference Result 98 states and 132 transitions. [2022-11-16 12:44:30,218 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-11-16 12:44:30,218 INFO L78 Accepts]: Start accepts. Automaton has has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-16 12:44:30,218 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:44:30,219 INFO L225 Difference]: With dead ends: 98 [2022-11-16 12:44:30,219 INFO L226 Difference]: Without dead ends: 98 [2022-11-16 12:44:30,220 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 92 SyntacticMatches, 1 SemanticMatches, 38 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 79 ImplicationChecksByTransitivity, 6.2s TimeCoverageRelationStatistics Valid=116, Invalid=784, Unknown=10, NotChecked=650, Total=1560 [2022-11-16 12:44:30,221 INFO L413 NwaCegarLoop]: 25 mSDtfsCounter, 23 mSDsluCounter, 232 mSDsCounter, 0 mSdLazyCounter, 654 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 23 SdHoareTripleChecker+Valid, 257 SdHoareTripleChecker+Invalid, 1376 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 654 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 702 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:44:30,221 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [23 Valid, 257 Invalid, 1376 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 654 Invalid, 0 Unknown, 702 Unchecked, 1.1s Time] [2022-11-16 12:44:30,222 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 98 states. [2022-11-16 12:44:30,227 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 98 to 93. [2022-11-16 12:44:30,227 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 93 states, 73 states have (on average 1.095890410958904) internal successors, (80), 74 states have internal predecessors, (80), 16 states have call successors, (16), 1 states have call predecessors, (16), 2 states have return successors, (31), 17 states have call predecessors, (31), 16 states have call successors, (31) [2022-11-16 12:44:30,228 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 93 states to 93 states and 127 transitions. [2022-11-16 12:44:30,228 INFO L78 Accepts]: Start accepts. Automaton has 93 states and 127 transitions. Word has length 62 [2022-11-16 12:44:30,229 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:44:30,229 INFO L495 AbstractCegarLoop]: Abstraction has 93 states and 127 transitions. [2022-11-16 12:44:30,229 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-16 12:44:30,229 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 127 transitions. [2022-11-16 12:44:30,231 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-16 12:44:30,231 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:44:30,231 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 6, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:44:30,248 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (19)] Ended with exit code 0 [2022-11-16 12:44:30,447 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (20)] Ended with exit code 0 [2022-11-16 12:44:30,644 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 19 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,20 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:30,644 INFO L420 AbstractCegarLoop]: === Iteration 14 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:44:30,645 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:44:30,645 INFO L85 PathProgramCache]: Analyzing trace with hash 818690128, now seen corresponding path program 1 times [2022-11-16 12:44:30,645 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:44:30,645 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1883017716] [2022-11-16 12:44:30,645 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:44:30,646 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:30,646 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:44:30,647 INFO L229 MonitoredProcess]: Starting monitored process 21 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:44:30,667 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (21)] Waiting until timeout for monitored process [2022-11-16 12:44:30,843 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:44:30,852 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-16 12:44:30,856 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:30,876 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:30,883 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:31,047 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_500 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_500) |c_#length|)))) is different from true [2022-11-16 12:44:31,066 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:31,067 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:31,083 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:31,083 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:31,325 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_501 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_501) |c_#length|)))) is different from true [2022-11-16 12:44:31,355 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:31,357 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:31,373 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:31,373 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:31,516 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_502 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_502) |c_#length|)))) is different from true [2022-11-16 12:44:31,535 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:31,536 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:31,552 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:31,552 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:31,701 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_503 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_503) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:31,722 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:31,723 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:31,739 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:31,740 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:31,892 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_504 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_504))))) is different from true [2022-11-16 12:44:31,915 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:31,917 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:31,932 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:31,932 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:31,987 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-16 12:44:31,987 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:34,512 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:34,512 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1883017716] [2022-11-16 12:44:34,512 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1883017716] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:34,512 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1664831618] [2022-11-16 12:44:34,512 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-16 12:44:34,512 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:34,512 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:44:34,514 INFO L229 MonitoredProcess]: Starting monitored process 22 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:44:34,516 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (22)] Waiting until timeout for monitored process [2022-11-16 12:44:34,854 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:44:34,874 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-16 12:44:34,877 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:34,898 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:34,907 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:34,998 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_552 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_552))))) is different from true [2022-11-16 12:44:35,017 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:35,018 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:35,032 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:35,033 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:35,185 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_553 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_553) |c_#length|)))) is different from true [2022-11-16 12:44:35,216 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:35,217 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:35,251 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:35,251 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:35,341 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_554) |c_#length|)))) is different from true [2022-11-16 12:44:35,364 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:35,365 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:35,379 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:35,379 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:35,478 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_555 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_555) |c_#length|)))) is different from true [2022-11-16 12:44:35,513 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:35,514 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:35,534 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:35,534 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:35,616 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_556) |c_#length|)))) is different from true [2022-11-16 12:44:35,638 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:35,639 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:35,651 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:35,651 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:35,668 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-16 12:44:35,668 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:37,987 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1664831618] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:37,987 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:44:37,987 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [22, 22] total 27 [2022-11-16 12:44:37,987 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [330915341] [2022-11-16 12:44:37,987 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:44:37,988 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 28 states [2022-11-16 12:44:37,988 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:44:37,988 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2022-11-16 12:44:37,988 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=79, Invalid=330, Unknown=11, NotChecked=450, Total=870 [2022-11-16 12:44:37,988 INFO L87 Difference]: Start difference. First operand 93 states and 127 transitions. Second operand has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-16 12:44:39,175 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:44:39,175 INFO L93 Difference]: Finished difference Result 124 states and 166 transitions. [2022-11-16 12:44:39,176 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-11-16 12:44:39,176 INFO L78 Accepts]: Start accepts. Automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-16 12:44:39,176 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:44:39,177 INFO L225 Difference]: With dead ends: 124 [2022-11-16 12:44:39,177 INFO L226 Difference]: Without dead ends: 124 [2022-11-16 12:44:39,178 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 99 SyntacticMatches, 1 SemanticMatches, 30 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 5.4s TimeCoverageRelationStatistics Valid=87, Invalid=404, Unknown=11, NotChecked=490, Total=992 [2022-11-16 12:44:39,178 INFO L413 NwaCegarLoop]: 28 mSDtfsCounter, 20 mSDsluCounter, 197 mSDsCounter, 0 mSdLazyCounter, 510 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 225 SdHoareTripleChecker+Invalid, 1105 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 510 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 578 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-11-16 12:44:39,179 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 225 Invalid, 1105 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 510 Invalid, 0 Unknown, 578 Unchecked, 0.8s Time] [2022-11-16 12:44:39,179 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 124 states. [2022-11-16 12:44:39,185 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 124 to 93. [2022-11-16 12:44:39,186 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 93 states, 73 states have (on average 1.095890410958904) internal successors, (80), 74 states have internal predecessors, (80), 16 states have call successors, (16), 1 states have call predecessors, (16), 2 states have return successors, (31), 17 states have call predecessors, (31), 16 states have call successors, (31) [2022-11-16 12:44:39,187 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 93 states to 93 states and 127 transitions. [2022-11-16 12:44:39,187 INFO L78 Accepts]: Start accepts. Automaton has 93 states and 127 transitions. Word has length 62 [2022-11-16 12:44:39,188 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:44:39,188 INFO L495 AbstractCegarLoop]: Abstraction has 93 states and 127 transitions. [2022-11-16 12:44:39,188 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-16 12:44:39,188 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 127 transitions. [2022-11-16 12:44:39,189 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-16 12:44:39,190 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:44:39,190 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 6, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:44:39,199 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (22)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:39,402 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (21)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:39,593 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 22 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,21 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:39,594 INFO L420 AbstractCegarLoop]: === Iteration 15 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:44:39,594 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:44:39,594 INFO L85 PathProgramCache]: Analyzing trace with hash -1781157010, now seen corresponding path program 2 times [2022-11-16 12:44:39,594 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:44:39,594 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1151128398] [2022-11-16 12:44:39,595 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:44:39,595 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:39,595 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:44:39,596 INFO L229 MonitoredProcess]: Starting monitored process 23 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:44:39,597 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (23)] Waiting until timeout for monitored process [2022-11-16 12:44:39,792 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:44:39,793 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:39,800 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-16 12:44:39,803 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:39,827 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:39,837 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:40,100 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_604 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_604) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:40,119 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:40,120 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:40,133 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:40,133 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:40,250 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_605 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_605))))) is different from true [2022-11-16 12:44:40,271 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:40,272 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:40,287 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:40,287 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:40,414 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_606 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_606) |c_#length|)))) is different from true [2022-11-16 12:44:40,430 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:40,431 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:40,442 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:40,443 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:40,576 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_607 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_607))))) is different from true [2022-11-16 12:44:40,600 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:40,600 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:40,612 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:40,612 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:40,758 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_608 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_608))))) is different from true [2022-11-16 12:44:40,777 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:40,778 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:40,790 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:40,791 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:40,845 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-16 12:44:40,845 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:41,315 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:41,316 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1151128398] [2022-11-16 12:44:41,316 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1151128398] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:41,316 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1605570209] [2022-11-16 12:44:41,316 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:44:41,316 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:41,317 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:44:41,318 INFO L229 MonitoredProcess]: Starting monitored process 24 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:44:41,324 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (24)] Waiting until timeout for monitored process [2022-11-16 12:44:41,660 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:44:41,660 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:41,665 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-16 12:44:41,669 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:41,677 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:41,682 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:41,850 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_656 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_656) |c_#length|)))) is different from true [2022-11-16 12:44:41,881 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:41,882 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:41,894 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:41,894 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:41,975 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_657 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_657))))) is different from true [2022-11-16 12:44:42,004 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:42,005 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:42,018 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:42,018 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:42,096 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_658 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_658))))) is different from true [2022-11-16 12:44:42,115 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:42,116 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:42,131 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:42,132 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:42,210 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_659 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_659) |c_#length|)))) is different from true [2022-11-16 12:44:42,230 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:42,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:42,253 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:42,253 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:42,319 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_660 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_660) |c_#length|)))) is different from true [2022-11-16 12:44:42,340 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:42,341 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:42,352 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:42,352 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:42,369 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-16 12:44:42,369 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:44,660 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1605570209] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:44,660 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:44:44,661 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [22, 22] total 27 [2022-11-16 12:44:44,661 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1631499849] [2022-11-16 12:44:44,661 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:44:44,661 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 28 states [2022-11-16 12:44:44,661 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:44:44,662 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2022-11-16 12:44:44,662 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=79, Invalid=331, Unknown=10, NotChecked=450, Total=870 [2022-11-16 12:44:44,662 INFO L87 Difference]: Start difference. First operand 93 states and 127 transitions. Second operand has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-16 12:44:45,865 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:44:45,865 INFO L93 Difference]: Finished difference Result 132 states and 173 transitions. [2022-11-16 12:44:45,865 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-11-16 12:44:45,866 INFO L78 Accepts]: Start accepts. Automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-16 12:44:45,866 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:44:45,867 INFO L225 Difference]: With dead ends: 132 [2022-11-16 12:44:45,867 INFO L226 Difference]: Without dead ends: 132 [2022-11-16 12:44:45,868 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 99 SyntacticMatches, 1 SemanticMatches, 30 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 3.3s TimeCoverageRelationStatistics Valid=87, Invalid=405, Unknown=10, NotChecked=490, Total=992 [2022-11-16 12:44:45,868 INFO L413 NwaCegarLoop]: 31 mSDtfsCounter, 18 mSDsluCounter, 230 mSDsCounter, 0 mSdLazyCounter, 568 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 261 SdHoareTripleChecker+Invalid, 976 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 568 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 392 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-16 12:44:45,869 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [18 Valid, 261 Invalid, 976 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 568 Invalid, 0 Unknown, 392 Unchecked, 0.9s Time] [2022-11-16 12:44:45,869 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 132 states. [2022-11-16 12:44:45,874 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 132 to 66. [2022-11-16 12:44:45,874 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1176470588235294) internal successors, (57), 53 states have internal predecessors, (57), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-16 12:44:45,875 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 89 transitions. [2022-11-16 12:44:45,875 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 89 transitions. Word has length 62 [2022-11-16 12:44:45,876 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:44:45,876 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 89 transitions. [2022-11-16 12:44:45,876 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-16 12:44:45,876 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 89 transitions. [2022-11-16 12:44:45,877 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-16 12:44:45,877 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:44:45,877 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 8, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:44:45,888 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (23)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:46,086 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (24)] Forceful destruction successful, exit code 0 [2022-11-16 12:44:46,283 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 23 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,24 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:46,284 INFO L420 AbstractCegarLoop]: === Iteration 16 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:44:46,284 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:44:46,284 INFO L85 PathProgramCache]: Analyzing trace with hash -446919408, now seen corresponding path program 6 times [2022-11-16 12:44:46,284 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:44:46,284 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [113078330] [2022-11-16 12:44:46,284 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-16 12:44:46,285 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:44:46,285 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:44:46,286 INFO L229 MonitoredProcess]: Starting monitored process 25 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:44:46,291 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (25)] Waiting until timeout for monitored process [2022-11-16 12:44:46,626 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-16 12:44:46,630 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:46,640 INFO L263 TraceCheckSpWp]: Trace formula consists of 271 conjuncts, 68 conjunts are in the unsatisfiable core [2022-11-16 12:44:46,645 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:46,661 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:46,666 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:46,813 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_718 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_718) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_719 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_719) |c_#valid|)))) is different from true [2022-11-16 12:44:46,857 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:44:46,857 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:44:46,867 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:46,983 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_720 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_720))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:47,002 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:47,002 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:47,016 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:47,016 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:47,134 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_721 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_721))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:47,156 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:47,157 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:47,173 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:47,174 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:47,340 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-16 12:44:47,363 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:47,363 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:47,678 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_723 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_723) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:44:47,700 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:47,723 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:44:47,724 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-16 12:44:47,741 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:47,742 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:47,943 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_724 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_724))))) is different from true [2022-11-16 12:44:47,959 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:47,960 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:47,970 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:47,970 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:48,137 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_725 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_725) |c_#length|)))) is different from true [2022-11-16 12:44:48,160 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:48,161 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:48,178 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:48,179 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:48,245 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 11 proven. 114 refuted. 0 times theorem prover too weak. 30 trivial. 56 not checked. [2022-11-16 12:44:48,245 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:44:54,788 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:44:54,788 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [113078330] [2022-11-16 12:44:54,788 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [113078330] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:44:54,789 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [30977308] [2022-11-16 12:44:54,789 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-16 12:44:54,789 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:44:54,789 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:44:54,790 INFO L229 MonitoredProcess]: Starting monitored process 26 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:44:54,791 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (26)] Waiting until timeout for monitored process [2022-11-16 12:44:55,901 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-16 12:44:55,901 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:44:55,910 INFO L263 TraceCheckSpWp]: Trace formula consists of 271 conjuncts, 81 conjunts are in the unsatisfiable core [2022-11-16 12:44:55,916 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:44:55,925 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:44:55,933 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:44:56,137 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:56,138 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:56,176 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:44:56,177 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:44:56,647 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_787 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_787))) (exists ((v_ArrVal_786 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_786) |c_#length|)))) is different from true [2022-11-16 12:44:56,673 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:56,674 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:56,723 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-16 12:44:56,723 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-16 12:44:57,111 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:57,111 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:57,179 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-16 12:44:57,179 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-16 12:44:57,825 INFO L321 Elim1Store]: treesize reduction 12, result has 42.9 percent of original size [2022-11-16 12:44:57,825 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 22 [2022-11-16 12:44:57,835 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:58,298 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:44:58,299 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:44:58,319 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:58,319 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:58,549 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_795 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_795))))) is different from true [2022-11-16 12:44:58,565 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:58,566 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:58,589 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:58,590 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:58,669 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_796 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_796) |c_#length|)))) is different from true [2022-11-16 12:44:58,688 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:44:58,689 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:44:58,699 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:44:58,699 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:44:58,716 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 120 refuted. 4 times theorem prover too weak. 44 trivial. 36 not checked. [2022-11-16 12:44:58,716 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:03,115 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [30977308] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:03,115 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:45:03,115 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 31] total 49 [2022-11-16 12:45:03,115 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2144585490] [2022-11-16 12:45:03,115 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:45:03,116 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 50 states [2022-11-16 12:45:03,116 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:45:03,116 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 50 interpolants. [2022-11-16 12:45:03,117 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=183, Invalid=1567, Unknown=12, NotChecked=890, Total=2652 [2022-11-16 12:45:03,117 INFO L87 Difference]: Start difference. First operand 66 states and 89 transitions. Second operand has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-16 12:45:04,544 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:45:04,544 INFO L93 Difference]: Finished difference Result 103 states and 138 transitions. [2022-11-16 12:45:04,544 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-16 12:45:04,545 INFO L78 Accepts]: Start accepts. Automaton has has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) Word has length 71 [2022-11-16 12:45:04,545 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:45:04,545 INFO L225 Difference]: With dead ends: 103 [2022-11-16 12:45:04,545 INFO L226 Difference]: Without dead ends: 103 [2022-11-16 12:45:04,547 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 93 SyntacticMatches, 3 SemanticMatches, 54 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 538 ImplicationChecksByTransitivity, 13.8s TimeCoverageRelationStatistics Valid=208, Invalid=1890, Unknown=12, NotChecked=970, Total=3080 [2022-11-16 12:45:04,547 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 19 mSDsluCounter, 250 mSDsCounter, 0 mSdLazyCounter, 437 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 273 SdHoareTripleChecker+Invalid, 1141 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 437 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 692 IncrementalHoareTripleChecker+Unchecked, 0.7s IncrementalHoareTripleChecker+Time [2022-11-16 12:45:04,548 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 273 Invalid, 1141 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 437 Invalid, 0 Unknown, 692 Unchecked, 0.7s Time] [2022-11-16 12:45:04,548 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 103 states. [2022-11-16 12:45:04,552 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 103 to 98. [2022-11-16 12:45:04,553 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-16 12:45:04,554 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-16 12:45:04,554 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-16 12:45:04,555 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:45:04,555 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-16 12:45:04,555 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-16 12:45:04,555 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-16 12:45:04,556 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-16 12:45:04,556 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:45:04,556 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:45:04,576 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (26)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:04,780 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (25)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:04,961 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 26 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,25 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:45:04,962 INFO L420 AbstractCegarLoop]: === Iteration 17 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:45:04,962 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:45:04,962 INFO L85 PathProgramCache]: Analyzing trace with hash 797845073, now seen corresponding path program 3 times [2022-11-16 12:45:04,962 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:45:04,962 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1933426937] [2022-11-16 12:45:04,962 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:45:04,962 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:45:04,963 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:45:04,963 INFO L229 MonitoredProcess]: Starting monitored process 27 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:45:04,964 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (27)] Waiting until timeout for monitored process [2022-11-16 12:45:05,265 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 8 check-sat command(s) [2022-11-16 12:45:05,266 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:05,274 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 63 conjunts are in the unsatisfiable core [2022-11-16 12:45:05,278 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:05,296 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:05,303 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:45:05,453 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_852 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_852))))) is different from true [2022-11-16 12:45:05,473 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:05,474 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:05,485 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:05,485 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:05,607 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_853 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_853) |c_#length|)))) is different from true [2022-11-16 12:45:05,626 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:05,627 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:05,637 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:05,638 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:05,779 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_854 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_854) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:45:05,797 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:05,799 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:05,814 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:05,815 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:05,948 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_855 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_855) |c_#length|)))) is different from true [2022-11-16 12:45:05,968 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:05,969 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:05,984 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:05,984 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:06,308 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_856 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_856))))) is different from true [2022-11-16 12:45:06,328 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:06,329 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:06,345 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:06,346 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:06,516 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_857 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_857) |c_#length|)))) is different from true [2022-11-16 12:45:06,532 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:06,532 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:06,546 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:06,547 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:06,613 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 11 proven. 116 refuted. 0 times theorem prover too weak. 30 trivial. 54 not checked. [2022-11-16 12:45:06,613 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:13,132 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:45:13,132 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1933426937] [2022-11-16 12:45:13,132 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1933426937] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:13,132 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1842009603] [2022-11-16 12:45:13,132 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:45:13,132 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:13,132 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:45:13,133 INFO L229 MonitoredProcess]: Starting monitored process 28 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:45:13,135 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (28)] Waiting until timeout for monitored process [2022-11-16 12:45:13,680 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 8 check-sat command(s) [2022-11-16 12:45:13,680 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:13,687 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 74 conjunts are in the unsatisfiable core [2022-11-16 12:45:13,693 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:13,713 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:45:13,720 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:13,902 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:13,903 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:13,910 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:14,115 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_915 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_915) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:45:14,134 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:14,135 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:14,149 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:14,149 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:14,351 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:45:14,351 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:45:14,902 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-16 12:45:14,902 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-16 12:45:15,756 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_920 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_920) |c_#length|)))) is different from true [2022-11-16 12:45:15,781 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:15,808 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:45:15,808 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-16 12:45:15,830 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:15,830 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:15,914 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_921 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_921))))) is different from true [2022-11-16 12:45:15,933 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:15,934 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:15,952 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:15,952 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:15,968 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 17 proven. 140 refuted. 0 times theorem prover too weak. 18 trivial. 36 not checked. [2022-11-16 12:45:15,968 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:16,316 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1842009603] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:16,316 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:45:16,316 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [27, 33] total 45 [2022-11-16 12:45:16,316 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1438308116] [2022-11-16 12:45:16,316 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:45:16,316 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 46 states [2022-11-16 12:45:16,316 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:45:16,317 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 46 interpolants. [2022-11-16 12:45:16,317 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=146, Invalid=1362, Unknown=10, NotChecked=738, Total=2256 [2022-11-16 12:45:16,317 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-16 12:45:20,444 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:45:20,444 INFO L93 Difference]: Finished difference Result 169 states and 224 transitions. [2022-11-16 12:45:20,444 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 37 states. [2022-11-16 12:45:20,445 INFO L78 Accepts]: Start accepts. Automaton has has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) Word has length 71 [2022-11-16 12:45:20,445 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:45:20,446 INFO L225 Difference]: With dead ends: 169 [2022-11-16 12:45:20,451 INFO L226 Difference]: Without dead ends: 169 [2022-11-16 12:45:20,452 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 173 GetRequests, 99 SyntacticMatches, 2 SemanticMatches, 72 ConstructedPredicates, 9 IntricatePredicates, 0 DeprecatedPredicates, 848 ImplicationChecksByTransitivity, 10.3s TimeCoverageRelationStatistics Valid=344, Invalid=3842, Unknown=10, NotChecked=1206, Total=5402 [2022-11-16 12:45:20,453 INFO L413 NwaCegarLoop]: 34 mSDtfsCounter, 86 mSDsluCounter, 442 mSDsCounter, 0 mSdLazyCounter, 1561 mSolverCounterSat, 51 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 89 SdHoareTripleChecker+Valid, 476 SdHoareTripleChecker+Invalid, 2918 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 51 IncrementalHoareTripleChecker+Valid, 1561 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1306 IncrementalHoareTripleChecker+Unchecked, 2.2s IncrementalHoareTripleChecker+Time [2022-11-16 12:45:20,453 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [89 Valid, 476 Invalid, 2918 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [51 Valid, 1561 Invalid, 0 Unknown, 1306 Unchecked, 2.2s Time] [2022-11-16 12:45:20,454 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 169 states. [2022-11-16 12:45:20,459 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 169 to 113. [2022-11-16 12:45:20,460 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 113 states, 89 states have (on average 1.0674157303370786) internal successors, (95), 90 states have internal predecessors, (95), 20 states have call successors, (20), 1 states have call predecessors, (20), 2 states have return successors, (39), 21 states have call predecessors, (39), 20 states have call successors, (39) [2022-11-16 12:45:20,461 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 113 states to 113 states and 154 transitions. [2022-11-16 12:45:20,461 INFO L78 Accepts]: Start accepts. Automaton has 113 states and 154 transitions. Word has length 71 [2022-11-16 12:45:20,461 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:45:20,462 INFO L495 AbstractCegarLoop]: Abstraction has 113 states and 154 transitions. [2022-11-16 12:45:20,462 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-16 12:45:20,462 INFO L276 IsEmpty]: Start isEmpty. Operand 113 states and 154 transitions. [2022-11-16 12:45:20,463 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-16 12:45:20,463 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:45:20,463 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 6, 6, 6, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:45:20,487 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (27)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:20,687 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (28)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:20,883 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 27 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,28 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:20,883 INFO L420 AbstractCegarLoop]: === Iteration 18 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:45:20,884 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:45:20,884 INFO L85 PathProgramCache]: Analyzing trace with hash 292286448, now seen corresponding path program 4 times [2022-11-16 12:45:20,884 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:45:20,884 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1840548400] [2022-11-16 12:45:20,884 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:45:20,885 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:45:20,885 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:45:20,886 INFO L229 MonitoredProcess]: Starting monitored process 29 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:45:20,903 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (29)] Waiting until timeout for monitored process [2022-11-16 12:45:21,119 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:45:21,119 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:21,127 INFO L263 TraceCheckSpWp]: Trace formula consists of 259 conjuncts, 62 conjunts are in the unsatisfiable core [2022-11-16 12:45:21,131 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:21,147 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:21,153 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:45:21,311 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_975 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_975))))) is different from true [2022-11-16 12:45:21,329 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:21,330 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:21,343 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:21,343 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:21,453 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_976 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_976) |c_#length|)))) is different from true [2022-11-16 12:45:21,474 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:21,475 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:21,485 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:21,485 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:21,603 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_977 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_977))))) is different from true [2022-11-16 12:45:21,628 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:21,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:21,642 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:21,643 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:21,781 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_978 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_978) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:45:21,798 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:21,799 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:21,819 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:21,819 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:22,176 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_979 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_979) |c_#length|)))) is different from true [2022-11-16 12:45:22,196 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:22,197 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:22,210 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:22,211 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:22,263 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 110 refuted. 0 times theorem prover too weak. 44 trivial. 50 not checked. [2022-11-16 12:45:22,263 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:26,763 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:45:26,763 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1840548400] [2022-11-16 12:45:26,763 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1840548400] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:26,764 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [865011996] [2022-11-16 12:45:26,764 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:45:26,764 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:26,764 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:45:26,765 INFO L229 MonitoredProcess]: Starting monitored process 30 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:45:26,766 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (30)] Waiting until timeout for monitored process [2022-11-16 12:45:27,152 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:45:27,152 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:27,158 INFO L263 TraceCheckSpWp]: Trace formula consists of 259 conjuncts, 62 conjunts are in the unsatisfiable core [2022-11-16 12:45:27,163 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:27,176 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:27,184 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:45:27,257 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1033 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1033) |c_#length|)))) is different from true [2022-11-16 12:45:27,281 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:27,282 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:27,295 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:27,296 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:27,373 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1034 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1034))))) is different from true [2022-11-16 12:45:27,391 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:27,392 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:27,403 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:27,404 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:27,485 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1035 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1035) |c_#length|)))) is different from true [2022-11-16 12:45:27,507 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:27,508 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:27,523 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:27,523 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:27,599 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1036 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1036) |c_#length|)))) is different from true [2022-11-16 12:45:27,615 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:27,616 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:27,625 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:27,626 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:27,889 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1037 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1037))))) is different from true [2022-11-16 12:45:27,906 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:27,907 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:27,919 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:27,920 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:27,939 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 110 refuted. 0 times theorem prover too weak. 44 trivial. 50 not checked. [2022-11-16 12:45:27,939 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:30,258 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [865011996] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:30,258 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:45:30,258 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [23, 23] total 28 [2022-11-16 12:45:30,258 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [753711355] [2022-11-16 12:45:30,258 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:45:30,259 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 29 states [2022-11-16 12:45:30,259 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:45:30,259 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 29 interpolants. [2022-11-16 12:45:30,260 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=83, Invalid=366, Unknown=11, NotChecked=470, Total=930 [2022-11-16 12:45:30,260 INFO L87 Difference]: Start difference. First operand 113 states and 154 transitions. Second operand has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-16 12:45:31,564 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:45:31,564 INFO L93 Difference]: Finished difference Result 143 states and 190 transitions. [2022-11-16 12:45:31,567 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 19 states. [2022-11-16 12:45:31,568 INFO L78 Accepts]: Start accepts. Automaton has has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) Word has length 71 [2022-11-16 12:45:31,568 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:45:31,569 INFO L225 Difference]: With dead ends: 143 [2022-11-16 12:45:31,569 INFO L226 Difference]: Without dead ends: 143 [2022-11-16 12:45:31,570 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 148 GetRequests, 116 SyntacticMatches, 1 SemanticMatches, 31 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 7.4s TimeCoverageRelationStatistics Valid=91, Invalid=444, Unknown=11, NotChecked=510, Total=1056 [2022-11-16 12:45:31,570 INFO L413 NwaCegarLoop]: 30 mSDtfsCounter, 20 mSDsluCounter, 225 mSDsCounter, 0 mSdLazyCounter, 616 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 255 SdHoareTripleChecker+Invalid, 1250 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 616 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 617 IncrementalHoareTripleChecker+Unchecked, 0.9s IncrementalHoareTripleChecker+Time [2022-11-16 12:45:31,570 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 255 Invalid, 1250 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 616 Invalid, 0 Unknown, 617 Unchecked, 0.9s Time] [2022-11-16 12:45:31,571 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 143 states. [2022-11-16 12:45:31,575 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 143 to 103. [2022-11-16 12:45:31,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 103 states, 81 states have (on average 1.0740740740740742) internal successors, (87), 82 states have internal predecessors, (87), 18 states have call successors, (18), 1 states have call predecessors, (18), 2 states have return successors, (35), 19 states have call predecessors, (35), 18 states have call successors, (35) [2022-11-16 12:45:31,577 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 103 states to 103 states and 140 transitions. [2022-11-16 12:45:31,577 INFO L78 Accepts]: Start accepts. Automaton has 103 states and 140 transitions. Word has length 71 [2022-11-16 12:45:31,578 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:45:31,578 INFO L495 AbstractCegarLoop]: Abstraction has 103 states and 140 transitions. [2022-11-16 12:45:31,578 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-16 12:45:31,578 INFO L276 IsEmpty]: Start isEmpty. Operand 103 states and 140 transitions. [2022-11-16 12:45:31,579 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-16 12:45:31,579 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:45:31,580 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:45:31,593 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (29)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:31,795 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (30)] Ended with exit code 0 [2022-11-16 12:45:31,992 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 29 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,30 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:31,993 INFO L420 AbstractCegarLoop]: === Iteration 19 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:45:31,993 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:45:31,993 INFO L85 PathProgramCache]: Analyzing trace with hash 1837944047, now seen corresponding path program 5 times [2022-11-16 12:45:31,993 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:45:31,993 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [920235712] [2022-11-16 12:45:31,993 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:45:31,993 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:45:31,994 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:45:31,994 INFO L229 MonitoredProcess]: Starting monitored process 31 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:45:31,995 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (31)] Waiting until timeout for monitored process [2022-11-16 12:45:32,294 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 8 check-sat command(s) [2022-11-16 12:45:32,294 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:32,303 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 69 conjunts are in the unsatisfiable core [2022-11-16 12:45:32,308 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:32,325 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:32,496 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:45:32,497 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:45:32,844 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1094 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1094) |c_#length|)))) is different from true [2022-11-16 12:45:32,863 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:32,887 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:45:32,887 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-16 12:45:32,919 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:32,919 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:33,207 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1095 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1095))))) is different from true [2022-11-16 12:45:33,229 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:33,229 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:33,246 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:33,246 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:33,565 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1096 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1096) |c_#length|)))) is different from true [2022-11-16 12:45:33,586 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:33,587 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:33,599 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:33,599 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:33,781 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1097 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1097) |c_#length|)))) is different from true [2022-11-16 12:45:33,798 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:33,798 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:33,808 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:33,808 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:33,979 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1098 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1098) |c_#length|)))) is different from true [2022-11-16 12:45:33,995 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:33,995 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:34,015 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:34,015 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:34,078 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 14 proven. 117 refuted. 0 times theorem prover too weak. 30 trivial. 50 not checked. [2022-11-16 12:45:34,079 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:38,830 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:45:38,830 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [920235712] [2022-11-16 12:45:38,830 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [920235712] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:38,830 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1843656952] [2022-11-16 12:45:38,830 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:45:38,831 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:38,831 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:45:38,831 INFO L229 MonitoredProcess]: Starting monitored process 32 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:45:38,835 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (32)] Waiting until timeout for monitored process [2022-11-16 12:45:39,407 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 8 check-sat command(s) [2022-11-16 12:45:39,407 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:39,414 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 74 conjunts are in the unsatisfiable core [2022-11-16 12:45:39,418 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:39,427 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:39,505 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:45:39,505 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:45:39,650 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1156 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1156) |c_#length|)) (exists ((v_ArrVal_1155 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1155) |c_#valid|)))) is different from true [2022-11-16 12:45:39,706 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:45:39,707 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:45:39,735 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:45:39,735 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-16 12:45:40,014 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:45:40,015 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:45:40,035 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:40,036 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:40,331 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1159 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1159))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1160 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1160) |c_#length|)))) is different from true [2022-11-16 12:45:40,354 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:40,354 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:40,379 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:45:40,380 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:45:40,450 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1161 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1161) |c_#length|)))) is different from true [2022-11-16 12:45:40,468 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:40,469 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:40,480 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:40,480 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:40,562 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1162 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1162))))) is different from true [2022-11-16 12:45:40,580 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:40,581 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:40,591 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:40,591 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:40,607 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 14 proven. 123 refuted. 0 times theorem prover too weak. 30 trivial. 44 not checked. [2022-11-16 12:45:40,608 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:41,019 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1843656952] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:41,020 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:45:41,020 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 38 [2022-11-16 12:45:41,020 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1538939887] [2022-11-16 12:45:41,020 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:45:41,021 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 39 states [2022-11-16 12:45:41,021 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:45:41,021 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 39 interpolants. [2022-11-16 12:45:41,022 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=116, Invalid=902, Unknown=10, NotChecked=612, Total=1640 [2022-11-16 12:45:41,022 INFO L87 Difference]: Start difference. First operand 103 states and 140 transitions. Second operand has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-16 12:45:42,901 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:45:42,901 INFO L93 Difference]: Finished difference Result 151 states and 202 transitions. [2022-11-16 12:45:42,902 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-16 12:45:42,902 INFO L78 Accepts]: Start accepts. Automaton has has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) Word has length 71 [2022-11-16 12:45:42,902 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:45:42,903 INFO L225 Difference]: With dead ends: 151 [2022-11-16 12:45:42,903 INFO L226 Difference]: Without dead ends: 151 [2022-11-16 12:45:42,904 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 106 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 9 IntricatePredicates, 0 DeprecatedPredicates, 150 ImplicationChecksByTransitivity, 6.8s TimeCoverageRelationStatistics Valid=141, Invalid=1145, Unknown=10, NotChecked=684, Total=1980 [2022-11-16 12:45:42,905 INFO L413 NwaCegarLoop]: 27 mSDtfsCounter, 27 mSDsluCounter, 252 mSDsCounter, 0 mSdLazyCounter, 772 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 27 SdHoareTripleChecker+Valid, 279 SdHoareTripleChecker+Invalid, 1341 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 772 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 549 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-16 12:45:42,905 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [27 Valid, 279 Invalid, 1341 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 772 Invalid, 0 Unknown, 549 Unchecked, 1.2s Time] [2022-11-16 12:45:42,905 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 151 states. [2022-11-16 12:45:42,910 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 151 to 98. [2022-11-16 12:45:42,911 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-16 12:45:42,912 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-16 12:45:42,912 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-16 12:45:42,912 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:45:42,912 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-16 12:45:42,913 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-16 12:45:42,913 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-16 12:45:42,914 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-16 12:45:42,914 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:45:42,914 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:45:42,932 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (31)] Ended with exit code 0 [2022-11-16 12:45:43,130 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (32)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:43,327 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 31 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,32 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:43,327 INFO L420 AbstractCegarLoop]: === Iteration 20 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:45:43,328 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:45:43,328 INFO L85 PathProgramCache]: Analyzing trace with hash -687459537, now seen corresponding path program 6 times [2022-11-16 12:45:43,328 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:45:43,328 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1608717649] [2022-11-16 12:45:43,328 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-16 12:45:43,328 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:45:43,328 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:45:43,329 INFO L229 MonitoredProcess]: Starting monitored process 33 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:45:43,330 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (33)] Waiting until timeout for monitored process [2022-11-16 12:45:43,683 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-16 12:45:43,683 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:43,692 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-16 12:45:43,696 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:43,713 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:45:43,718 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:43,876 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1218 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1218) |c_#length|)))) is different from true [2022-11-16 12:45:43,901 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:43,902 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:43,919 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:43,920 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:44,166 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1219 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1219))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:45:44,187 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:44,188 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:44,205 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:44,205 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:44,349 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1220 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1220) |c_#length|)))) is different from true [2022-11-16 12:45:44,365 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:44,366 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:44,381 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:44,381 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:44,531 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1221 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1221) |c_#length|)))) is different from true [2022-11-16 12:45:44,551 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:44,552 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:44,563 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:44,563 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:44,708 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1222 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1222) |c_#length|)))) is different from true [2022-11-16 12:45:44,742 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:44,743 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:44,760 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:44,761 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:44,923 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1223 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1223) |c_#length|)))) is different from true [2022-11-16 12:45:44,940 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:44,941 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:44,955 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:44,956 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:45,013 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-16 12:45:45,013 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:49,562 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:45:49,562 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1608717649] [2022-11-16 12:45:49,562 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1608717649] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:49,562 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1606646004] [2022-11-16 12:45:49,562 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-16 12:45:49,563 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:49,563 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:45:49,564 INFO L229 MonitoredProcess]: Starting monitored process 34 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:45:49,565 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (34)] Waiting until timeout for monitored process [2022-11-16 12:45:50,729 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-16 12:45:50,729 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:45:50,756 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 77 conjunts are in the unsatisfiable core [2022-11-16 12:45:50,761 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:50,776 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:45:50,784 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:50,987 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:45:50,987 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:45:50,998 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:51,400 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:45:51,400 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:45:51,411 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:51,723 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:45:51,723 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:45:51,743 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:51,743 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:52,060 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:45:52,060 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:45:52,080 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:52,080 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:52,300 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1289 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1289) |c_#length|)))) is different from true [2022-11-16 12:45:52,317 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:52,318 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:52,332 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:52,332 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:52,399 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1290 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1290))))) is different from true [2022-11-16 12:45:52,416 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:52,416 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:52,430 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:52,430 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:52,445 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 124 refuted. 8 times theorem prover too weak. 46 trivial. 26 not checked. [2022-11-16 12:45:52,445 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:45:54,849 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1606646004] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:45:54,849 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:45:54,849 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [25, 27] total 37 [2022-11-16 12:45:54,849 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1005020333] [2022-11-16 12:45:54,849 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:45:54,850 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 38 states [2022-11-16 12:45:54,850 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:45:54,850 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 38 interpolants. [2022-11-16 12:45:54,850 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=128, Invalid=885, Unknown=11, NotChecked=536, Total=1560 [2022-11-16 12:45:54,850 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-16 12:45:56,859 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:45:56,859 INFO L93 Difference]: Finished difference Result 170 states and 227 transitions. [2022-11-16 12:45:56,860 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-16 12:45:56,860 INFO L78 Accepts]: Start accepts. Automaton has has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) Word has length 71 [2022-11-16 12:45:56,860 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:45:56,861 INFO L225 Difference]: With dead ends: 170 [2022-11-16 12:45:56,861 INFO L226 Difference]: Without dead ends: 170 [2022-11-16 12:45:56,862 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 105 SyntacticMatches, 3 SemanticMatches, 42 ConstructedPredicates, 8 IntricatePredicates, 0 DeprecatedPredicates, 231 ImplicationChecksByTransitivity, 8.6s TimeCoverageRelationStatistics Valid=152, Invalid=1129, Unknown=11, NotChecked=600, Total=1892 [2022-11-16 12:45:56,863 INFO L413 NwaCegarLoop]: 25 mSDtfsCounter, 37 mSDsluCounter, 205 mSDsCounter, 0 mSdLazyCounter, 946 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 230 SdHoareTripleChecker+Invalid, 1483 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 946 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 508 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-11-16 12:45:56,863 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [37 Valid, 230 Invalid, 1483 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 946 Invalid, 0 Unknown, 508 Unchecked, 1.4s Time] [2022-11-16 12:45:56,864 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 170 states. [2022-11-16 12:45:56,868 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 170 to 98. [2022-11-16 12:45:56,869 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-16 12:45:56,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-16 12:45:56,870 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-16 12:45:56,870 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:45:56,870 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-16 12:45:56,871 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-16 12:45:56,871 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-16 12:45:56,872 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-16 12:45:56,872 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:45:56,872 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:45:56,887 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (33)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:57,077 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (34)] Forceful destruction successful, exit code 0 [2022-11-16 12:45:57,272 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 33 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,34 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:45:57,273 INFO L420 AbstractCegarLoop]: === Iteration 21 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:45:57,273 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:45:57,273 INFO L85 PathProgramCache]: Analyzing trace with hash -166569519, now seen corresponding path program 7 times [2022-11-16 12:45:57,273 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:45:57,273 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [584575905] [2022-11-16 12:45:57,273 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-16 12:45:57,273 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:45:57,274 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:45:57,274 INFO L229 MonitoredProcess]: Starting monitored process 35 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:45:57,275 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (35)] Waiting until timeout for monitored process [2022-11-16 12:45:57,512 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:45:57,520 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-16 12:45:57,524 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:45:57,541 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:45:57,547 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:45:57,806 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1346 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1346) |c_#length|)))) is different from true [2022-11-16 12:45:57,825 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:57,826 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:57,836 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:57,837 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:57,958 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1347 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1347) |c_#length|)))) is different from true [2022-11-16 12:45:57,981 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:57,982 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:57,999 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:58,000 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:58,147 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1348 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1348))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:45:58,164 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:58,164 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:58,175 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:58,175 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:58,321 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1349 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1349) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:45:58,346 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:58,347 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:58,361 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:58,361 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:58,503 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1350 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1350))))) is different from true [2022-11-16 12:45:58,520 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:58,520 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:58,541 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:58,542 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:58,695 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1351 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1351) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:45:58,711 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:45:58,712 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:45:58,726 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:45:58,726 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:45:58,783 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-16 12:45:58,783 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:01,301 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:46:01,301 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [584575905] [2022-11-16 12:46:01,301 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [584575905] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:01,302 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1856295110] [2022-11-16 12:46:01,302 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-16 12:46:01,302 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:46:01,302 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:46:01,303 INFO L229 MonitoredProcess]: Starting monitored process 36 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:46:01,313 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (36)] Waiting until timeout for monitored process [2022-11-16 12:46:01,753 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:46:01,760 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-16 12:46:01,764 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:46:01,774 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:46:01,779 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:46:01,936 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1407 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1407) |c_#length|)))) is different from true [2022-11-16 12:46:01,953 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:01,954 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:01,968 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:01,968 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:02,040 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1408 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1408))))) is different from true [2022-11-16 12:46:02,058 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:02,059 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:02,069 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:02,070 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:02,139 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1409 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1409))))) is different from true [2022-11-16 12:46:02,161 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:02,161 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:02,176 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:02,176 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:02,246 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1410 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1410) |c_#length|)))) is different from true [2022-11-16 12:46:02,265 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:02,265 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:02,276 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:02,276 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:02,345 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1411 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1411) |c_#length|)))) is different from true [2022-11-16 12:46:02,361 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:02,362 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:02,374 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:02,374 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:02,446 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1412 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1412) |c_#length|)))) is different from true [2022-11-16 12:46:02,462 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:02,463 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:02,478 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:02,479 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:02,493 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-16 12:46:02,493 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:04,803 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1856295110] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:04,803 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:46:04,803 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [25, 25] total 31 [2022-11-16 12:46:04,803 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [806215044] [2022-11-16 12:46:04,803 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:46:04,812 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 32 states [2022-11-16 12:46:04,812 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:46:04,813 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 32 interpolants. [2022-11-16 12:46:04,813 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=91, Invalid=407, Unknown=12, NotChecked=612, Total=1122 [2022-11-16 12:46:04,813 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-16 12:46:06,589 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:46:06,589 INFO L93 Difference]: Finished difference Result 142 states and 186 transitions. [2022-11-16 12:46:06,589 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-11-16 12:46:06,590 INFO L78 Accepts]: Start accepts. Automaton has has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) Word has length 71 [2022-11-16 12:46:06,590 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:46:06,591 INFO L225 Difference]: With dead ends: 142 [2022-11-16 12:46:06,591 INFO L226 Difference]: Without dead ends: 142 [2022-11-16 12:46:06,592 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 148 GetRequests, 113 SyntacticMatches, 1 SemanticMatches, 34 ConstructedPredicates, 12 IntricatePredicates, 0 DeprecatedPredicates, 33 ImplicationChecksByTransitivity, 5.6s TimeCoverageRelationStatistics Valid=99, Invalid=489, Unknown=12, NotChecked=660, Total=1260 [2022-11-16 12:46:06,592 INFO L413 NwaCegarLoop]: 34 mSDtfsCounter, 22 mSDsluCounter, 276 mSDsCounter, 0 mSdLazyCounter, 696 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 22 SdHoareTripleChecker+Valid, 310 SdHoareTripleChecker+Invalid, 1404 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 696 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 689 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-16 12:46:06,593 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [22 Valid, 310 Invalid, 1404 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 696 Invalid, 0 Unknown, 689 Unchecked, 1.2s Time] [2022-11-16 12:46:06,593 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 142 states. [2022-11-16 12:46:06,597 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 142 to 66. [2022-11-16 12:46:06,598 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0980392156862746) internal successors, (56), 53 states have internal predecessors, (56), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-16 12:46:06,599 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 88 transitions. [2022-11-16 12:46:06,599 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 88 transitions. Word has length 71 [2022-11-16 12:46:06,599 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:46:06,599 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 88 transitions. [2022-11-16 12:46:06,600 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-16 12:46:06,600 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 88 transitions. [2022-11-16 12:46:06,601 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 81 [2022-11-16 12:46:06,601 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:46:06,601 INFO L195 NwaCegarLoop]: trace histogram [9, 9, 9, 8, 8, 8, 8, 7, 7, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:46:06,608 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (36)] Forceful destruction successful, exit code 0 [2022-11-16 12:46:06,816 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (35)] Forceful destruction successful, exit code 0 [2022-11-16 12:46:07,007 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 36 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,35 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:46:07,008 INFO L420 AbstractCegarLoop]: === Iteration 22 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:46:07,008 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:46:07,008 INFO L85 PathProgramCache]: Analyzing trace with hash -1800849809, now seen corresponding path program 7 times [2022-11-16 12:46:07,008 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:46:07,009 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [208264010] [2022-11-16 12:46:07,009 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-16 12:46:07,009 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:46:07,009 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:46:07,010 INFO L229 MonitoredProcess]: Starting monitored process 37 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:46:07,011 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (37)] Waiting until timeout for monitored process [2022-11-16 12:46:07,307 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:46:07,321 INFO L263 TraceCheckSpWp]: Trace formula consists of 306 conjuncts, 76 conjunts are in the unsatisfiable core [2022-11-16 12:46:07,326 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:46:07,343 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:46:07,349 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:46:07,512 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1478 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1478) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:07,534 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:07,534 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:07,549 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:07,549 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:07,676 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1479 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1479) |c_#length|)))) is different from true [2022-11-16 12:46:07,692 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:07,692 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:07,703 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:07,703 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:07,841 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1480 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1480))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:07,861 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:07,862 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:07,879 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:07,879 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:08,028 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1481 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1481) |c_#length|)))) is different from true [2022-11-16 12:46:08,052 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:08,053 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:08,064 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:08,064 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:08,218 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1482 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1482) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:08,237 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:08,237 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:08,253 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:08,253 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:08,416 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1483 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1483))))) is different from true [2022-11-16 12:46:08,432 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:08,433 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:08,448 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:08,448 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:08,605 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1484 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1484))))) is different from true [2022-11-16 12:46:08,624 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:08,625 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:08,637 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:08,637 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:08,801 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1485 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1485) |c_#length|)))) is different from true [2022-11-16 12:46:08,821 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:08,821 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:08,833 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:08,833 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:08,896 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 8 proven. 141 refuted. 0 times theorem prover too weak. 56 trivial. 72 not checked. [2022-11-16 12:46:08,896 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:13,527 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:46:13,527 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [208264010] [2022-11-16 12:46:13,527 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [208264010] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:13,528 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [159381640] [2022-11-16 12:46:13,528 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-16 12:46:13,528 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:46:13,528 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:46:13,529 INFO L229 MonitoredProcess]: Starting monitored process 38 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:46:13,530 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (38)] Waiting until timeout for monitored process [2022-11-16 12:46:14,167 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:46:14,179 INFO L263 TraceCheckSpWp]: Trace formula consists of 306 conjuncts, 76 conjunts are in the unsatisfiable core [2022-11-16 12:46:14,184 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:46:14,194 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:46:14,201 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:46:14,278 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1551 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1551))))) is different from true [2022-11-16 12:46:14,300 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:14,301 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:14,311 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:14,311 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:14,380 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1552 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1552) |c_#length|)))) is different from true [2022-11-16 12:46:14,395 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:14,396 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:14,412 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:14,412 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:14,485 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1553 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1553))))) is different from true [2022-11-16 12:46:14,501 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:14,502 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:14,517 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:14,517 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:14,586 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1554) |c_#length|)))) is different from true [2022-11-16 12:46:14,602 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:14,603 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:14,616 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:14,616 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:14,685 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1555 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1555) |c_#length|)))) is different from true [2022-11-16 12:46:14,704 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:14,705 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:14,753 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:14,753 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:14,831 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1556) |c_#length|)))) is different from true [2022-11-16 12:46:14,846 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:14,846 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:14,857 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:14,857 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:14,927 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1557 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1557) |c_#length|)))) is different from true [2022-11-16 12:46:14,950 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:14,951 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:14,961 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:14,961 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:15,032 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1558 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1558) |c_#length|)))) is different from true [2022-11-16 12:46:15,051 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:15,052 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:15,066 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:15,066 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:15,078 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 8 proven. 141 refuted. 0 times theorem prover too weak. 56 trivial. 72 not checked. [2022-11-16 12:46:15,078 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:16,853 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [159381640] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:16,853 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:46:16,853 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 38 [2022-11-16 12:46:16,854 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1408133719] [2022-11-16 12:46:16,854 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:46:16,854 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 39 states [2022-11-16 12:46:16,854 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:46:16,855 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 39 interpolants. [2022-11-16 12:46:16,855 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=111, Invalid=536, Unknown=17, NotChecked=976, Total=1640 [2022-11-16 12:46:16,855 INFO L87 Difference]: Start difference. First operand 66 states and 88 transitions. Second operand has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) [2022-11-16 12:46:19,375 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:46:19,375 INFO L93 Difference]: Finished difference Result 82 states and 103 transitions. [2022-11-16 12:46:19,378 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 23 states. [2022-11-16 12:46:19,378 INFO L78 Accepts]: Start accepts. Automaton has has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) Word has length 80 [2022-11-16 12:46:19,378 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:46:19,379 INFO L225 Difference]: With dead ends: 82 [2022-11-16 12:46:19,379 INFO L226 Difference]: Without dead ends: 82 [2022-11-16 12:46:19,380 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 166 GetRequests, 124 SyntacticMatches, 1 SemanticMatches, 41 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 59 ImplicationChecksByTransitivity, 7.7s TimeCoverageRelationStatistics Valid=119, Invalid=630, Unknown=17, NotChecked=1040, Total=1806 [2022-11-16 12:46:19,380 INFO L413 NwaCegarLoop]: 35 mSDtfsCounter, 30 mSDsluCounter, 358 mSDsCounter, 0 mSdLazyCounter, 931 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 30 SdHoareTripleChecker+Valid, 393 SdHoareTripleChecker+Invalid, 2188 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 931 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1234 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-11-16 12:46:19,381 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [30 Valid, 393 Invalid, 2188 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 931 Invalid, 0 Unknown, 1234 Unchecked, 1.7s Time] [2022-11-16 12:46:19,381 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2022-11-16 12:46:19,383 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 66. [2022-11-16 12:46:19,384 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0784313725490196) internal successors, (55), 53 states have internal predecessors, (55), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-16 12:46:19,385 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 87 transitions. [2022-11-16 12:46:19,385 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 87 transitions. Word has length 80 [2022-11-16 12:46:19,385 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:46:19,385 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 87 transitions. [2022-11-16 12:46:19,385 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) [2022-11-16 12:46:19,386 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 87 transitions. [2022-11-16 12:46:19,386 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 90 [2022-11-16 12:46:19,386 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:46:19,387 INFO L195 NwaCegarLoop]: trace histogram [10, 10, 10, 9, 9, 9, 9, 8, 8, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:46:19,400 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (37)] Forceful destruction successful, exit code 0 [2022-11-16 12:46:19,596 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (38)] Forceful destruction successful, exit code 0 [2022-11-16 12:46:19,791 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 37 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,38 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:46:19,792 INFO L420 AbstractCegarLoop]: === Iteration 23 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:46:19,792 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:46:19,792 INFO L85 PathProgramCache]: Analyzing trace with hash 2110498800, now seen corresponding path program 8 times [2022-11-16 12:46:19,792 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:46:19,793 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [568412731] [2022-11-16 12:46:19,793 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:46:19,793 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:46:19,793 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:46:19,794 INFO L229 MonitoredProcess]: Starting monitored process 39 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:46:19,804 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (39)] Waiting until timeout for monitored process [2022-11-16 12:46:20,166 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:46:20,166 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:46:20,177 INFO L263 TraceCheckSpWp]: Trace formula consists of 341 conjuncts, 84 conjunts are in the unsatisfiable core [2022-11-16 12:46:20,181 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:46:20,201 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:46:20,209 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:46:20,372 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1632 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1632) |c_#length|)))) is different from true [2022-11-16 12:46:20,389 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:20,390 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:20,405 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:20,405 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:20,540 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1633 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1633))))) is different from true [2022-11-16 12:46:20,557 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:20,558 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:20,571 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:20,571 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:20,723 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1634 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1634) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:20,745 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:20,746 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:20,773 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:20,773 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:20,926 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1635 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1635) |c_#length|)))) is different from true [2022-11-16 12:46:20,943 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:20,943 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:20,959 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:20,959 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:21,118 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1636 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1636) |c_#length|)))) is different from true [2022-11-16 12:46:21,136 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:21,143 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:21,161 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:21,161 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:21,328 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1637 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1637))))) is different from true [2022-11-16 12:46:21,346 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:21,347 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:21,368 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:21,368 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:21,541 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1638 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1638))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:21,560 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:21,561 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:21,573 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:21,573 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:21,751 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1639 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1639) |c_#length|)))) is different from true [2022-11-16 12:46:21,767 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:21,767 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:21,783 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:21,783 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:21,977 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1640 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1640))))) is different from true [2022-11-16 12:46:21,999 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:22,001 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:22,018 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:22,018 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:22,089 INFO L134 CoverageAnalysis]: Checked inductivity of 352 backedges. 9 proven. 181 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-16 12:46:22,089 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:26,764 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:46:26,764 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [568412731] [2022-11-16 12:46:26,764 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [568412731] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:26,765 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1872139993] [2022-11-16 12:46:26,765 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:46:26,765 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:46:26,765 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:46:26,766 INFO L229 MonitoredProcess]: Starting monitored process 40 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:46:26,768 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (40)] Waiting until timeout for monitored process [2022-11-16 12:46:27,369 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:46:27,370 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:46:27,399 INFO L263 TraceCheckSpWp]: Trace formula consists of 341 conjuncts, 85 conjunts are in the unsatisfiable core [2022-11-16 12:46:27,405 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:46:27,416 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:46:27,426 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:46:27,513 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1714 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1714))))) is different from true [2022-11-16 12:46:27,534 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:27,535 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:27,547 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:27,547 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:27,625 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1715 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1715) |c_#length|)))) is different from true [2022-11-16 12:46:27,644 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:27,645 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:27,660 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:27,660 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:27,766 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1716 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1716))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:27,788 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:27,789 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:27,804 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:27,805 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:27,875 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1717 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1717) |c_#length|)))) is different from true [2022-11-16 12:46:27,896 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:27,896 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:27,908 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:27,908 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:27,988 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1718 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1718) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:28,010 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:28,011 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:28,027 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:28,027 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:28,103 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1719 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1719))))) is different from true [2022-11-16 12:46:28,130 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:28,131 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:28,143 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:28,143 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:28,235 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1720 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1720) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:46:28,251 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:28,252 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:28,264 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:28,264 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:28,342 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1721 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1721) |c_#length|)))) is different from true [2022-11-16 12:46:28,358 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:28,358 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:28,374 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:28,374 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:28,453 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1722 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1722) |c_#length|)))) is different from true [2022-11-16 12:46:28,472 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:28,473 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:28,496 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:28,496 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:28,510 INFO L134 CoverageAnalysis]: Checked inductivity of 352 backedges. 9 proven. 181 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-16 12:46:28,510 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:28,934 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1872139993] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:28,934 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:46:28,934 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [33, 33] total 42 [2022-11-16 12:46:28,934 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [34104231] [2022-11-16 12:46:28,934 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:46:28,935 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 43 states [2022-11-16 12:46:28,935 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:46:28,935 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 43 interpolants. [2022-11-16 12:46:28,936 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=123, Invalid=632, Unknown=19, NotChecked=1206, Total=1980 [2022-11-16 12:46:28,936 INFO L87 Difference]: Start difference. First operand 66 states and 87 transitions. Second operand has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) [2022-11-16 12:46:32,020 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:46:32,020 INFO L93 Difference]: Finished difference Result 84 states and 104 transitions. [2022-11-16 12:46:32,021 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-16 12:46:32,021 INFO L78 Accepts]: Start accepts. Automaton has has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) Word has length 89 [2022-11-16 12:46:32,022 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:46:32,022 INFO L225 Difference]: With dead ends: 84 [2022-11-16 12:46:32,023 INFO L226 Difference]: Without dead ends: 84 [2022-11-16 12:46:32,024 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 184 GetRequests, 138 SyntacticMatches, 1 SemanticMatches, 45 ConstructedPredicates, 18 IntricatePredicates, 0 DeprecatedPredicates, 75 ImplicationChecksByTransitivity, 6.7s TimeCoverageRelationStatistics Valid=131, Invalid=734, Unknown=19, NotChecked=1278, Total=2162 [2022-11-16 12:46:32,024 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 34 mSDsluCounter, 437 mSDsCounter, 0 mSdLazyCounter, 1154 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 34 SdHoareTripleChecker+Valid, 475 SdHoareTripleChecker+Invalid, 2624 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 1154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1445 IncrementalHoareTripleChecker+Unchecked, 2.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:46:32,024 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [34 Valid, 475 Invalid, 2624 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 1154 Invalid, 0 Unknown, 1445 Unchecked, 2.1s Time] [2022-11-16 12:46:32,025 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 84 states. [2022-11-16 12:46:32,027 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 84 to 66. [2022-11-16 12:46:32,027 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0588235294117647) internal successors, (54), 53 states have internal predecessors, (54), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-16 12:46:32,028 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 86 transitions. [2022-11-16 12:46:32,028 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 86 transitions. Word has length 89 [2022-11-16 12:46:32,029 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:46:32,029 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 86 transitions. [2022-11-16 12:46:32,029 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) [2022-11-16 12:46:32,029 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 86 transitions. [2022-11-16 12:46:32,030 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:46:32,030 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:46:32,030 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 11, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:46:32,040 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (40)] Forceful destruction successful, exit code 0 [2022-11-16 12:46:32,246 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (39)] Forceful destruction successful, exit code 0 [2022-11-16 12:46:32,437 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 40 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,39 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:46:32,437 INFO L420 AbstractCegarLoop]: === Iteration 24 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:46:32,438 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:46:32,438 INFO L85 PathProgramCache]: Analyzing trace with hash 1054496655, now seen corresponding path program 9 times [2022-11-16 12:46:32,438 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:46:32,438 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2109362676] [2022-11-16 12:46:32,438 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:46:32,438 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:46:32,439 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:46:32,440 INFO L229 MonitoredProcess]: Starting monitored process 41 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:46:32,446 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (41)] Waiting until timeout for monitored process [2022-11-16 12:46:33,100 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-16 12:46:33,101 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:46:33,115 INFO L263 TraceCheckSpWp]: Trace formula consists of 376 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-16 12:46:33,120 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:46:33,139 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:46:33,149 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:46:33,319 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1804 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1804))))) is different from true [2022-11-16 12:46:33,336 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:33,337 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:33,352 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:33,352 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:33,491 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1805 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1805) |c_#length|)))) is different from true [2022-11-16 12:46:33,507 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:33,508 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:33,524 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:33,524 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:33,669 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1806 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1806) |c_#length|)))) is different from true [2022-11-16 12:46:33,696 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:33,697 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:33,708 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:33,709 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:33,859 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1807 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1807))))) is different from true [2022-11-16 12:46:33,877 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:33,878 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:33,890 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:33,890 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:34,053 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1808 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1808) |c_#length|)))) is different from true [2022-11-16 12:46:34,071 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:34,071 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:34,083 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:34,083 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:34,258 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1809 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1809) |c_#length|)))) is different from true [2022-11-16 12:46:34,274 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:34,275 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:34,291 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:34,291 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:34,470 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1810 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1810))))) is different from true [2022-11-16 12:46:34,489 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:34,489 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:34,501 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:34,502 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:34,690 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1811 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1811) |c_#length|)))) is different from true [2022-11-16 12:46:34,711 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:34,711 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:34,726 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:34,726 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:34,947 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1812 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1812) |c_#length|)))) is different from true [2022-11-16 12:46:34,970 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:34,971 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:34,989 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:34,989 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:35,203 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1813 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1813) |c_#length|)))) is different from true [2022-11-16 12:46:35,224 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:35,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:35,248 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:35,248 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:35,349 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 226 refuted. 0 times theorem prover too weak. 90 trivial. 110 not checked. [2022-11-16 12:46:35,349 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:38,078 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:46:38,078 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2109362676] [2022-11-16 12:46:38,079 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2109362676] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:38,079 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [963924027] [2022-11-16 12:46:38,079 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:46:38,079 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:46:38,079 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:46:38,080 INFO L229 MonitoredProcess]: Starting monitored process 42 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:46:38,082 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (42)] Waiting until timeout for monitored process [2022-11-16 12:46:39,364 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-16 12:46:39,364 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:46:39,396 INFO L263 TraceCheckSpWp]: Trace formula consists of 376 conjuncts, 110 conjunts are in the unsatisfiable core [2022-11-16 12:46:39,403 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:46:39,414 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:46:39,424 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:46:39,529 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1895 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1895))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1896 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1896) |c_#length|)))) is different from true [2022-11-16 12:46:39,561 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:39,562 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:39,592 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:46:39,592 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:46:39,801 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:46:39,801 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:46:39,826 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:39,827 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:40,036 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2022-11-16 12:46:40,297 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2022-11-16 12:46:40,301 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2022-11-16 12:46:48,623 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:46:48,623 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:46:48,669 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:48,669 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:48,984 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2022-11-16 12:46:49,042 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1903 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1903) |c_#length|)))) is different from true [2022-11-16 12:46:49,059 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:49,060 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:49,075 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:49,075 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:49,152 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1904 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1904))))) is different from true [2022-11-16 12:46:49,171 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:49,172 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:49,187 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:49,187 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:49,425 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-16 12:46:49,454 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:46:49,454 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:46:50,008 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-16 12:46:50,009 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-16 12:46:50,850 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:50,851 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:50,882 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:46:50,882 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-16 12:46:51,189 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1910 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1910))))) is different from true [2022-11-16 12:46:51,211 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:51,212 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:51,230 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:51,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:51,320 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1911 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1911))))) is different from true [2022-11-16 12:46:51,341 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:46:51,342 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:46:51,357 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:46:51,357 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:46:51,381 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 24 proven. 264 refuted. 12 times theorem prover too weak. 46 trivial. 90 not checked. [2022-11-16 12:46:51,381 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:46:51,862 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [963924027] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:46:51,862 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:46:51,863 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [36, 45] total 62 [2022-11-16 12:46:51,863 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1269529239] [2022-11-16 12:46:51,863 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:46:51,863 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 63 states [2022-11-16 12:46:51,863 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:46:51,864 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 63 interpolants. [2022-11-16 12:46:51,866 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=204, Invalid=2193, Unknown=19, NotChecked=1744, Total=4160 [2022-11-16 12:46:51,866 INFO L87 Difference]: Start difference. First operand 66 states and 86 transitions. Second operand has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) [2022-11-16 12:47:13,500 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:47:13,500 INFO L93 Difference]: Finished difference Result 145 states and 184 transitions. [2022-11-16 12:47:13,501 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 44 states. [2022-11-16 12:47:13,501 INFO L78 Accepts]: Start accepts. Automaton has has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) Word has length 98 [2022-11-16 12:47:13,502 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:47:13,502 INFO L225 Difference]: With dead ends: 145 [2022-11-16 12:47:13,502 INFO L226 Difference]: Without dead ends: 145 [2022-11-16 12:47:13,505 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 214 GetRequests, 135 SyntacticMatches, 3 SemanticMatches, 76 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 801 ImplicationChecksByTransitivity, 32.9s TimeCoverageRelationStatistics Valid=299, Invalid=3524, Unknown=23, NotChecked=2160, Total=6006 [2022-11-16 12:47:13,505 INFO L413 NwaCegarLoop]: 40 mSDtfsCounter, 47 mSDsluCounter, 632 mSDsCounter, 0 mSdLazyCounter, 1735 mSolverCounterSat, 39 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 47 SdHoareTripleChecker+Valid, 672 SdHoareTripleChecker+Invalid, 3670 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 39 IncrementalHoareTripleChecker+Valid, 1735 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1896 IncrementalHoareTripleChecker+Unchecked, 3.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:47:13,506 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [47 Valid, 672 Invalid, 3670 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [39 Valid, 1735 Invalid, 0 Unknown, 1896 Unchecked, 3.0s Time] [2022-11-16 12:47:13,506 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 145 states. [2022-11-16 12:47:13,510 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 145 to 124. [2022-11-16 12:47:13,511 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 97 states have (on average 1.041237113402062) internal successors, (101), 99 states have internal predecessors, (101), 21 states have call successors, (21), 2 states have call predecessors, (21), 4 states have return successors, (41), 22 states have call predecessors, (41), 21 states have call successors, (41) [2022-11-16 12:47:13,512 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 163 transitions. [2022-11-16 12:47:13,512 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 163 transitions. Word has length 98 [2022-11-16 12:47:13,512 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:47:13,512 INFO L495 AbstractCegarLoop]: Abstraction has 124 states and 163 transitions. [2022-11-16 12:47:13,513 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) [2022-11-16 12:47:13,513 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 163 transitions. [2022-11-16 12:47:13,514 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:47:13,514 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:47:13,514 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:47:13,534 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (41)] Forceful destruction successful, exit code 0 [2022-11-16 12:47:13,736 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (42)] Forceful destruction successful, exit code 0 [2022-11-16 12:47:13,930 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 41 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,42 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:47:13,930 INFO L420 AbstractCegarLoop]: === Iteration 25 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:47:13,930 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:47:13,930 INFO L85 PathProgramCache]: Analyzing trace with hash -1995706160, now seen corresponding path program 8 times [2022-11-16 12:47:13,931 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:47:13,931 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [228566552] [2022-11-16 12:47:13,931 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:47:13,931 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:47:13,931 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:47:13,932 INFO L229 MonitoredProcess]: Starting monitored process 43 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:47:13,937 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (43)] Waiting until timeout for monitored process [2022-11-16 12:47:14,320 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:47:14,320 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:47:14,334 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 89 conjunts are in the unsatisfiable core [2022-11-16 12:47:14,345 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:47:14,366 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:47:14,378 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:47:14,587 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1991 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1991))))) is different from true [2022-11-16 12:47:14,627 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:14,628 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:14,647 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:14,648 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:14,801 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1992 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1992) |c_#length|)))) is different from true [2022-11-16 12:47:14,825 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:14,825 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:14,845 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:14,845 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:14,995 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1993 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1993) |c_#length|)))) is different from true [2022-11-16 12:47:15,019 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:15,020 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:15,032 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:15,032 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:15,193 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1994 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1994) |c_#length|)))) is different from true [2022-11-16 12:47:15,211 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:15,211 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:15,224 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:15,224 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:15,402 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1995 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1995))))) is different from true [2022-11-16 12:47:15,420 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:15,421 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:15,437 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:15,437 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:15,617 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1996 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1996))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:47:15,634 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:15,635 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:15,652 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:15,652 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:15,844 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1997 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1997) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:47:15,862 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:15,862 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:15,875 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:15,875 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:16,256 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1998 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1998))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:47:16,280 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:16,281 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:16,296 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:16,296 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:16,539 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1999 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1999))))) is different from true [2022-11-16 12:47:16,558 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:16,559 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:16,578 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:16,579 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:16,676 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 228 refuted. 0 times theorem prover too weak. 90 trivial. 108 not checked. [2022-11-16 12:47:16,676 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:47:19,476 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:47:19,476 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [228566552] [2022-11-16 12:47:19,476 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [228566552] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:47:19,476 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1864549701] [2022-11-16 12:47:19,476 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:47:19,476 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:47:19,476 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:47:19,477 INFO L229 MonitoredProcess]: Starting monitored process 44 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:47:19,479 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (44)] Waiting until timeout for monitored process [2022-11-16 12:47:20,155 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:47:20,155 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:47:20,184 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 90 conjunts are in the unsatisfiable core [2022-11-16 12:47:20,189 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:47:20,199 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:47:20,208 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:47:20,297 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2079 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2079))))) is different from true [2022-11-16 12:47:20,317 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:20,318 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:20,333 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:20,333 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:20,408 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2080 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2080) |c_#length|)))) is different from true [2022-11-16 12:47:20,427 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:20,427 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:20,440 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:20,441 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:20,527 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2081 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2081))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:47:20,548 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:20,549 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:20,566 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:20,566 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:20,655 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2082 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2082))))) is different from true [2022-11-16 12:47:20,672 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:20,673 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:20,688 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:20,689 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:20,769 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2083 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2083))))) is different from true [2022-11-16 12:47:20,790 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:20,791 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:20,806 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:20,807 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:20,883 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2084 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2084))))) is different from true [2022-11-16 12:47:20,901 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:20,902 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:20,919 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:20,920 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:21,001 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2085 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2085))))) is different from true [2022-11-16 12:47:21,024 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:21,025 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:21,042 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:21,042 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:21,221 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2086 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2086))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:47:21,242 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:21,243 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:21,260 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:21,261 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:21,352 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2087 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2087) |c_#length|)))) is different from true [2022-11-16 12:47:21,374 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:21,374 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:21,394 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:21,394 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:21,414 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 228 refuted. 0 times theorem prover too weak. 90 trivial. 108 not checked. [2022-11-16 12:47:21,414 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:47:21,939 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1864549701] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:47:21,939 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:47:21,939 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 34] total 43 [2022-11-16 12:47:21,939 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [558267494] [2022-11-16 12:47:21,940 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:47:21,940 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 44 states [2022-11-16 12:47:21,940 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:47:21,941 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 44 interpolants. [2022-11-16 12:47:21,942 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=127, Invalid=683, Unknown=18, NotChecked=1242, Total=2070 [2022-11-16 12:47:21,942 INFO L87 Difference]: Start difference. First operand 124 states and 163 transitions. Second operand has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) [2022-11-16 12:47:25,638 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:47:25,638 INFO L93 Difference]: Finished difference Result 175 states and 222 transitions. [2022-11-16 12:47:25,640 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-16 12:47:25,640 INFO L78 Accepts]: Start accepts. Automaton has has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) Word has length 98 [2022-11-16 12:47:25,640 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:47:25,641 INFO L225 Difference]: With dead ends: 175 [2022-11-16 12:47:25,641 INFO L226 Difference]: Without dead ends: 175 [2022-11-16 12:47:25,641 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 155 SyntacticMatches, 1 SemanticMatches, 46 ConstructedPredicates, 18 IntricatePredicates, 0 DeprecatedPredicates, 82 ImplicationChecksByTransitivity, 5.3s TimeCoverageRelationStatistics Valid=135, Invalid=789, Unknown=18, NotChecked=1314, Total=2256 [2022-11-16 12:47:25,642 INFO L413 NwaCegarLoop]: 40 mSDtfsCounter, 32 mSDsluCounter, 502 mSDsCounter, 0 mSdLazyCounter, 1379 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 542 SdHoareTripleChecker+Invalid, 2813 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 1379 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1410 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-11-16 12:47:25,642 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [32 Valid, 542 Invalid, 2813 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 1379 Invalid, 0 Unknown, 1410 Unchecked, 2.5s Time] [2022-11-16 12:47:25,643 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 175 states. [2022-11-16 12:47:25,648 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 175 to 119. [2022-11-16 12:47:25,648 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 119 states, 93 states have (on average 1.043010752688172) internal successors, (97), 95 states have internal predecessors, (97), 20 states have call successors, (20), 2 states have call predecessors, (20), 4 states have return successors, (39), 21 states have call predecessors, (39), 20 states have call successors, (39) [2022-11-16 12:47:25,649 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 119 states to 119 states and 156 transitions. [2022-11-16 12:47:25,649 INFO L78 Accepts]: Start accepts. Automaton has 119 states and 156 transitions. Word has length 98 [2022-11-16 12:47:25,650 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:47:25,650 INFO L495 AbstractCegarLoop]: Abstraction has 119 states and 156 transitions. [2022-11-16 12:47:25,650 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) [2022-11-16 12:47:25,650 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 156 transitions. [2022-11-16 12:47:25,651 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:47:25,651 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:47:25,652 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:47:25,668 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (43)] Forceful destruction successful, exit code 0 [2022-11-16 12:47:25,872 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (44)] Forceful destruction successful, exit code 0 [2022-11-16 12:47:26,067 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 43 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,44 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:47:26,068 INFO L420 AbstractCegarLoop]: === Iteration 26 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:47:26,068 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:47:26,068 INFO L85 PathProgramCache]: Analyzing trace with hash -955607186, now seen corresponding path program 9 times [2022-11-16 12:47:26,068 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:47:26,068 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1193920143] [2022-11-16 12:47:26,069 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:47:26,069 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:47:26,069 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:47:26,070 INFO L229 MonitoredProcess]: Starting monitored process 45 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:47:26,072 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (45)] Waiting until timeout for monitored process [2022-11-16 12:47:26,620 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-16 12:47:26,620 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:47:26,635 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-16 12:47:26,642 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:47:26,664 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:47:26,672 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:47:26,851 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2167 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2167) |c_#length|)))) is different from true [2022-11-16 12:47:26,869 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:26,870 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:26,887 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:26,887 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:27,034 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2168 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2168) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:47:27,065 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:27,066 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:27,080 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:27,081 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:27,226 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2169 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2169) |c_#length|)))) is different from true [2022-11-16 12:47:27,245 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:27,246 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:27,258 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:27,258 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:27,478 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-16 12:47:27,509 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:47:27,509 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:47:27,849 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-16 12:47:27,850 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-16 12:47:28,274 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-16 12:47:28,274 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-16 12:47:28,935 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2173 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2173))))) is different from true [2022-11-16 12:47:28,955 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:28,983 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:47:28,984 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-16 12:47:29,012 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:29,012 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:29,358 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2174 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2174) |c_#length|)))) is different from true [2022-11-16 12:47:29,381 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:29,382 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:29,402 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:29,402 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:29,644 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2175 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2175))))) is different from true [2022-11-16 12:47:29,664 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:29,665 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:29,682 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:29,683 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:29,777 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 28 proven. 261 refuted. 0 times theorem prover too weak. 45 trivial. 102 not checked. [2022-11-16 12:47:29,778 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:47:34,528 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:47:34,528 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1193920143] [2022-11-16 12:47:34,528 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1193920143] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:47:34,528 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [852858315] [2022-11-16 12:47:34,528 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:47:34,529 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:47:34,529 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:47:34,530 INFO L229 MonitoredProcess]: Starting monitored process 46 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:47:34,535 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (46)] Waiting until timeout for monitored process [2022-11-16 12:47:35,834 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-16 12:47:35,835 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:47:35,848 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 103 conjunts are in the unsatisfiable core [2022-11-16 12:47:35,853 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:47:35,863 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:47:35,873 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:47:35,973 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2256 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2256))) (exists ((v_ArrVal_2255 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2255) |c_#length|)))) is different from true [2022-11-16 12:47:36,032 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:47:36,033 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:47:36,039 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:36,254 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:36,255 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:36,263 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:36,538 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2022-11-16 12:47:36,847 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2022-11-16 12:47:36,852 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2022-11-16 12:47:45,218 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:45,219 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:45,229 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:45,561 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 4 [2022-11-16 12:47:45,724 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2263 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2263) |c_#length|)))) is different from true [2022-11-16 12:47:45,743 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:45,744 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:45,760 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:45,760 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:45,998 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2264 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2264) |c_#length|)))) is different from true [2022-11-16 12:47:46,050 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:46,051 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:46,071 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:46,071 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:46,410 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:47:46,411 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:47:46,807 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:46,808 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:46,847 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:47:46,847 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-16 12:47:47,240 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2268 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2268))))) is different from true [2022-11-16 12:47:47,263 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:47,263 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:47,281 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:47,281 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:47,370 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2269 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2269))))) is different from true [2022-11-16 12:47:47,389 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:47:47,389 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:47:47,402 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:47:47,402 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:47:47,427 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 26 proven. 263 refuted. 12 times theorem prover too weak. 45 trivial. 90 not checked. [2022-11-16 12:47:47,427 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:47:49,583 WARN L833 $PredicateComparison]: unable to prove that (let ((.cse0 (bvmul (_ bv4 32) |c_ULTIMATE.start_entry_point_~i~0#1|))) (let ((.cse1 (bvadd (_ bv4 32) .cse0 |c_ULTIMATE.start_entry_point_~array~0#1.offset|))) (and (or (bvule (bvadd .cse0 |c_ULTIMATE.start_entry_point_~array~0#1.offset|) .cse1) (forall ((|v_ldv_malloc_#res.base_147| (_ BitVec 32))) (not (= (_ bv0 1) (select |c_#valid| |v_ldv_malloc_#res.base_147|))))) (forall ((|v_ldv_malloc_#res.base_147| (_ BitVec 32))) (or (not (= (_ bv0 1) (select |c_#valid| |v_ldv_malloc_#res.base_147|))) (forall ((v_ArrVal_2272 (_ BitVec 32))) (bvule .cse1 (select (store |c_#length| |v_ldv_malloc_#res.base_147| v_ArrVal_2272) |c_ULTIMATE.start_entry_point_~array~0#1.base|)))))))) is different from false [2022-11-16 12:47:49,590 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [852858315] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:47:49,590 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:47:49,591 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 42] total 54 [2022-11-16 12:47:49,591 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1315785427] [2022-11-16 12:47:49,591 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:47:49,591 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 55 states [2022-11-16 12:47:49,591 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:47:49,592 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 55 interpolants. [2022-11-16 12:47:49,593 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=171, Invalid=1844, Unknown=17, NotChecked=1274, Total=3306 [2022-11-16 12:47:49,593 INFO L87 Difference]: Start difference. First operand 119 states and 156 transitions. Second operand has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) [2022-11-16 12:48:09,130 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:48:09,130 INFO L93 Difference]: Finished difference Result 171 states and 222 transitions. [2022-11-16 12:48:09,131 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 40 states. [2022-11-16 12:48:09,132 INFO L78 Accepts]: Start accepts. Automaton has has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) Word has length 98 [2022-11-16 12:48:09,132 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:48:09,133 INFO L225 Difference]: With dead ends: 171 [2022-11-16 12:48:09,133 INFO L226 Difference]: Without dead ends: 171 [2022-11-16 12:48:09,134 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 212 GetRequests, 142 SyntacticMatches, 2 SemanticMatches, 68 ConstructedPredicates, 13 IntricatePredicates, 0 DeprecatedPredicates, 643 ImplicationChecksByTransitivity, 34.8s TimeCoverageRelationStatistics Valid=251, Invalid=2972, Unknown=21, NotChecked=1586, Total=4830 [2022-11-16 12:48:09,135 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 32 mSDsluCounter, 739 mSDsCounter, 0 mSdLazyCounter, 1485 mSolverCounterSat, 26 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 778 SdHoareTripleChecker+Invalid, 3292 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 26 IncrementalHoareTripleChecker+Valid, 1485 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1781 IncrementalHoareTripleChecker+Unchecked, 2.7s IncrementalHoareTripleChecker+Time [2022-11-16 12:48:09,135 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [32 Valid, 778 Invalid, 3292 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [26 Valid, 1485 Invalid, 0 Unknown, 1781 Unchecked, 2.7s Time] [2022-11-16 12:48:09,136 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 171 states. [2022-11-16 12:48:09,140 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 171 to 129. [2022-11-16 12:48:09,141 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 129 states, 101 states have (on average 1.0396039603960396) internal successors, (105), 103 states have internal predecessors, (105), 22 states have call successors, (22), 2 states have call predecessors, (22), 4 states have return successors, (43), 23 states have call predecessors, (43), 22 states have call successors, (43) [2022-11-16 12:48:09,142 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 129 states to 129 states and 170 transitions. [2022-11-16 12:48:09,142 INFO L78 Accepts]: Start accepts. Automaton has 129 states and 170 transitions. Word has length 98 [2022-11-16 12:48:09,142 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:48:09,143 INFO L495 AbstractCegarLoop]: Abstraction has 129 states and 170 transitions. [2022-11-16 12:48:09,144 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) [2022-11-16 12:48:09,144 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 170 transitions. [2022-11-16 12:48:09,145 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:48:09,145 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:48:09,145 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:48:09,160 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (45)] Forceful destruction successful, exit code 0 [2022-11-16 12:48:09,351 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (46)] Forceful destruction successful, exit code 0 [2022-11-16 12:48:09,546 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 45 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,46 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:48:09,546 INFO L420 AbstractCegarLoop]: === Iteration 27 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:48:09,546 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:48:09,546 INFO L85 PathProgramCache]: Analyzing trace with hash -1196147315, now seen corresponding path program 10 times [2022-11-16 12:48:09,547 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:48:09,547 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1806277719] [2022-11-16 12:48:09,547 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:48:09,547 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:09,547 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:48:09,548 INFO L229 MonitoredProcess]: Starting monitored process 47 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:48:09,549 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (47)] Waiting until timeout for monitored process [2022-11-16 12:48:09,928 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:48:09,928 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:48:09,943 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-16 12:48:09,948 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:09,969 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:09,978 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:10,167 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2347 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2347) |c_#length|)))) is different from true [2022-11-16 12:48:10,189 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:10,189 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:10,206 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:10,207 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:10,367 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2348 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2348) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:48:10,385 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:10,386 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:10,403 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:10,404 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:10,611 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2349 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2349))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:48:10,635 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:10,636 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:10,657 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:10,657 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:10,856 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2350 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2350))))) is different from true [2022-11-16 12:48:10,878 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:10,879 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:10,899 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:10,899 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:11,231 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2351 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2351) |c_#length|)))) is different from true [2022-11-16 12:48:11,249 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:11,250 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:11,267 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:11,267 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:11,644 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2352 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2352) |c_#length|)))) is different from true [2022-11-16 12:48:11,669 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:11,669 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:11,684 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:11,684 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:11,886 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2353 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2353) |c_#length|)))) is different from true [2022-11-16 12:48:11,911 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:11,911 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:11,935 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:11,935 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:12,146 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2354 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2354) |c_#length|)))) is different from true [2022-11-16 12:48:12,164 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:12,165 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:12,186 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:12,186 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:12,271 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-16 12:48:12,272 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:14,927 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:48:14,927 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1806277719] [2022-11-16 12:48:14,927 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1806277719] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:14,927 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1095988836] [2022-11-16 12:48:14,927 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:48:14,927 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:48:14,927 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:48:14,928 INFO L229 MonitoredProcess]: Starting monitored process 48 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:48:14,930 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (48)] Waiting until timeout for monitored process [2022-11-16 12:48:15,655 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:48:15,656 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:48:15,667 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-16 12:48:15,671 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:15,683 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:15,694 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:15,790 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2432 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2432))))) is different from true [2022-11-16 12:48:15,810 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:15,811 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:15,828 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:15,829 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:15,922 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2433 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2433) |c_#length|)))) is different from true [2022-11-16 12:48:15,941 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:15,942 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:15,959 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:15,960 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:16,047 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2434 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2434) |c_#length|)))) is different from true [2022-11-16 12:48:16,070 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:16,071 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:16,084 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:16,084 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:16,171 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2435 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2435))))) is different from true [2022-11-16 12:48:16,190 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:16,190 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:16,203 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:16,204 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:16,393 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2436 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2436))))) is different from true [2022-11-16 12:48:16,421 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:16,422 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:16,440 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:16,440 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:16,647 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2437 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2437) |c_#length|)))) is different from true [2022-11-16 12:48:16,668 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:16,669 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:16,684 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:16,685 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:16,780 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2438 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2438) |c_#length|)))) is different from true [2022-11-16 12:48:16,802 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:16,802 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:16,819 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:16,820 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:16,904 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2439 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2439) |c_#length|)))) is different from true [2022-11-16 12:48:16,922 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:16,923 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:16,949 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:16,949 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:16,968 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-16 12:48:16,968 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:17,411 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1095988836] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:17,411 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:48:17,412 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-16 12:48:17,412 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1374580295] [2022-11-16 12:48:17,412 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:48:17,412 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-16 12:48:17,413 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:48:17,413 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-16 12:48:17,413 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-16 12:48:17,414 INFO L87 Difference]: Start difference. First operand 129 states and 170 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:48:20,460 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:48:20,461 INFO L93 Difference]: Finished difference Result 204 states and 265 transitions. [2022-11-16 12:48:20,462 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-16 12:48:20,462 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-16 12:48:20,462 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:48:20,463 INFO L225 Difference]: With dead ends: 204 [2022-11-16 12:48:20,463 INFO L226 Difference]: Without dead ends: 204 [2022-11-16 12:48:20,464 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 68 ImplicationChecksByTransitivity, 4.8s TimeCoverageRelationStatistics Valid=127, Invalid=733, Unknown=16, NotChecked=1104, Total=1980 [2022-11-16 12:48:20,464 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 29 mSDsluCounter, 417 mSDsCounter, 0 mSdLazyCounter, 1171 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 29 SdHoareTripleChecker+Valid, 456 SdHoareTripleChecker+Invalid, 2355 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 1171 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1160 IncrementalHoareTripleChecker+Unchecked, 2.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:48:20,464 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [29 Valid, 456 Invalid, 2355 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 1171 Invalid, 0 Unknown, 1160 Unchecked, 2.1s Time] [2022-11-16 12:48:20,465 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 204 states. [2022-11-16 12:48:20,470 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 204 to 124. [2022-11-16 12:48:20,471 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 97 states have (on average 1.041237113402062) internal successors, (101), 99 states have internal predecessors, (101), 21 states have call successors, (21), 2 states have call predecessors, (21), 4 states have return successors, (41), 22 states have call predecessors, (41), 21 states have call successors, (41) [2022-11-16 12:48:20,472 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 163 transitions. [2022-11-16 12:48:20,472 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 163 transitions. Word has length 98 [2022-11-16 12:48:20,472 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:48:20,472 INFO L495 AbstractCegarLoop]: Abstraction has 124 states and 163 transitions. [2022-11-16 12:48:20,473 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:48:20,473 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 163 transitions. [2022-11-16 12:48:20,474 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:48:20,474 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:48:20,474 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:48:20,481 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (48)] Ended with exit code 0 [2022-11-16 12:48:20,691 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (47)] Forceful destruction successful, exit code 0 [2022-11-16 12:48:20,880 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 48 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,47 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:20,881 INFO L420 AbstractCegarLoop]: === Iteration 28 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:48:20,881 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:48:20,881 INFO L85 PathProgramCache]: Analyzing trace with hash -616016914, now seen corresponding path program 11 times [2022-11-16 12:48:20,882 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:48:20,882 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [947676169] [2022-11-16 12:48:20,882 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:48:20,882 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:20,882 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:48:20,883 INFO L229 MonitoredProcess]: Starting monitored process 49 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:48:20,888 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (49)] Waiting until timeout for monitored process [2022-11-16 12:48:21,500 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-16 12:48:21,500 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:48:21,515 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-16 12:48:21,520 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:21,546 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:21,783 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:48:21,783 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:48:22,234 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2520 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2520) |c_#length|)))) is different from true [2022-11-16 12:48:22,256 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:22,286 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:48:22,287 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-16 12:48:22,308 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:22,308 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:22,790 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2521 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2521) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:48:22,818 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:22,819 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:22,832 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:22,832 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:23,041 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2522 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2522) |c_#length|)))) is different from true [2022-11-16 12:48:23,062 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:23,063 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:23,079 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:23,080 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:23,284 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2523 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2523) |c_#length|)))) is different from true [2022-11-16 12:48:23,306 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:23,307 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:23,320 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:23,320 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:23,546 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2524 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2524) |c_#length|)))) is different from true [2022-11-16 12:48:23,565 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:23,565 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:23,591 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:23,591 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:23,825 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2525 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2525) |c_#length|)))) is different from true [2022-11-16 12:48:23,845 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:23,846 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:23,862 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:23,863 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:24,099 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2526 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2526) |c_#length|)))) is different from true [2022-11-16 12:48:24,121 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:24,122 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:24,135 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:24,135 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:24,384 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2527 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2527) |c_#length|)))) is different from true [2022-11-16 12:48:24,403 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:24,404 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:24,421 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:24,422 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:24,530 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 20 proven. 240 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-16 12:48:24,530 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:25,250 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:48:25,251 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [947676169] [2022-11-16 12:48:25,251 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [947676169] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:25,251 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [183290401] [2022-11-16 12:48:25,251 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:48:25,251 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:48:25,251 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:48:25,252 INFO L229 MonitoredProcess]: Starting monitored process 50 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:48:25,254 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (50)] Waiting until timeout for monitored process [2022-11-16 12:48:26,698 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-16 12:48:26,698 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:48:26,737 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 98 conjunts are in the unsatisfiable core [2022-11-16 12:48:26,744 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:26,759 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:26,846 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:27,031 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:48:27,031 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:48:27,799 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2610 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2610) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2609 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2609))))) is different from true [2022-11-16 12:48:27,926 INFO L321 Elim1Store]: treesize reduction 44, result has 42.9 percent of original size [2022-11-16 12:48:27,926 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 0 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 5 case distinctions, treesize of input 43 treesize of output 70 [2022-11-16 12:48:27,991 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:48:27,992 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 29 treesize of output 36 [2022-11-16 12:48:28,864 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2612 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2612))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2611 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2611))))) is different from true [2022-11-16 12:48:28,906 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:28,980 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-16 12:48:28,981 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-16 12:48:28,999 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-16 12:48:28,999 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-16 12:48:29,284 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2613 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2613) |c_#valid|)) (exists ((v_ArrVal_2614 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2614) |c_#length|)))) is different from true [2022-11-16 12:48:29,317 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:29,319 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:29,323 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-16 12:48:29,323 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-16 12:48:29,334 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:29,383 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-16 12:48:29,384 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-16 12:48:29,656 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2615 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2615) |c_#length|)))) is different from true [2022-11-16 12:48:29,686 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:29,688 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:29,692 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-16 12:48:29,693 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-16 12:48:29,723 INFO L321 Elim1Store]: treesize reduction 22, result has 29.0 percent of original size [2022-11-16 12:48:29,724 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 0 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 3 case distinctions, treesize of input 20 treesize of output 22 [2022-11-16 12:48:30,237 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2616 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2616))) (exists ((v_ArrVal_2617 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2617))))) is different from true [2022-11-16 12:48:30,262 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:30,290 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-16 12:48:30,291 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-16 12:48:30,332 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:48:30,332 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:48:30,437 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2618 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2618) |c_#length|)) (exists ((v_ArrVal_2619 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2619) |c_#valid|)))) is different from true [2022-11-16 12:48:30,491 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:48:30,491 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:48:30,497 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:30,603 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2620 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2620) |c_#length|)))) is different from true [2022-11-16 12:48:30,634 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:30,634 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:30,656 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:30,656 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:30,759 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2621 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2621) |c_#length|)))) is different from true [2022-11-16 12:48:30,783 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:30,784 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:30,805 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:30,805 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:30,828 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 20 proven. 240 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-16 12:48:30,828 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:31,435 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [183290401] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:31,436 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:48:31,436 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [39, 36] total 60 [2022-11-16 12:48:31,436 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1503159684] [2022-11-16 12:48:31,436 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:48:31,436 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 61 states [2022-11-16 12:48:31,436 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:48:31,437 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 61 interpolants. [2022-11-16 12:48:31,438 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=204, Invalid=2006, Unknown=16, NotChecked=1680, Total=3906 [2022-11-16 12:48:31,438 INFO L87 Difference]: Start difference. First operand 124 states and 163 transitions. Second operand has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) [2022-11-16 12:48:34,729 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:48:34,729 INFO L93 Difference]: Finished difference Result 204 states and 263 transitions. [2022-11-16 12:48:34,730 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 29 states. [2022-11-16 12:48:34,731 INFO L78 Accepts]: Start accepts. Automaton has has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) Word has length 98 [2022-11-16 12:48:34,731 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:48:34,732 INFO L225 Difference]: With dead ends: 204 [2022-11-16 12:48:34,732 INFO L226 Difference]: Without dead ends: 204 [2022-11-16 12:48:34,733 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 206 GetRequests, 138 SyntacticMatches, 2 SemanticMatches, 66 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 505 ImplicationChecksByTransitivity, 6.3s TimeCoverageRelationStatistics Valid=237, Invalid=2463, Unknown=16, NotChecked=1840, Total=4556 [2022-11-16 12:48:34,734 INFO L413 NwaCegarLoop]: 33 mSDtfsCounter, 28 mSDsluCounter, 508 mSDsCounter, 0 mSdLazyCounter, 798 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 541 SdHoareTripleChecker+Invalid, 2123 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 798 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1308 IncrementalHoareTripleChecker+Unchecked, 1.5s IncrementalHoareTripleChecker+Time [2022-11-16 12:48:34,734 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 541 Invalid, 2123 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 798 Invalid, 0 Unknown, 1308 Unchecked, 1.5s Time] [2022-11-16 12:48:34,735 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 204 states. [2022-11-16 12:48:34,741 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 204 to 181. [2022-11-16 12:48:34,742 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 181 states, 141 states have (on average 1.0425531914893618) internal successors, (147), 145 states have internal predecessors, (147), 30 states have call successors, (30), 4 states have call predecessors, (30), 8 states have return successors, (59), 31 states have call predecessors, (59), 30 states have call successors, (59) [2022-11-16 12:48:34,743 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 181 states to 181 states and 236 transitions. [2022-11-16 12:48:34,743 INFO L78 Accepts]: Start accepts. Automaton has 181 states and 236 transitions. Word has length 98 [2022-11-16 12:48:34,744 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:48:34,744 INFO L495 AbstractCegarLoop]: Abstraction has 181 states and 236 transitions. [2022-11-16 12:48:34,744 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) [2022-11-16 12:48:34,744 INFO L276 IsEmpty]: Start isEmpty. Operand 181 states and 236 transitions. [2022-11-16 12:48:34,746 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:48:34,746 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:48:34,746 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:48:34,760 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (50)] Ended with exit code 0 [2022-11-16 12:48:34,963 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (49)] Forceful destruction successful, exit code 0 [2022-11-16 12:48:35,154 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 50 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,49 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:35,154 INFO L420 AbstractCegarLoop]: === Iteration 29 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:48:35,155 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:48:35,155 INFO L85 PathProgramCache]: Analyzing trace with hash 1668846541, now seen corresponding path program 12 times [2022-11-16 12:48:35,155 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:48:35,155 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1769401826] [2022-11-16 12:48:35,155 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-16 12:48:35,155 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:35,156 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:48:35,157 INFO L229 MonitoredProcess]: Starting monitored process 51 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:48:35,162 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (51)] Waiting until timeout for monitored process [2022-11-16 12:48:35,819 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 11 check-sat command(s) [2022-11-16 12:48:35,820 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:48:35,834 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 84 conjunts are in the unsatisfiable core [2022-11-16 12:48:35,839 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:35,867 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:35,873 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:36,061 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2699 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2699) |c_#length|)))) is different from true [2022-11-16 12:48:36,082 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:36,082 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:36,100 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:36,100 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:36,248 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2700 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2700) |c_#length|)))) is different from true [2022-11-16 12:48:36,267 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:36,268 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:36,285 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:36,285 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:36,591 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2701 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2701) |c_#length|)))) is different from true [2022-11-16 12:48:36,610 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:36,611 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:36,634 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:36,634 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:36,818 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2702 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2702) |c_#length|)))) is different from true [2022-11-16 12:48:36,840 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:36,841 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:36,854 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:36,854 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:37,040 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2703 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2703))))) is different from true [2022-11-16 12:48:37,060 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:37,060 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:37,073 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:37,073 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:37,492 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2704 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2704) |c_#length|)))) is different from true [2022-11-16 12:48:37,515 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:37,516 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:37,529 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:37,529 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:37,736 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2705 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2705))))) is different from true [2022-11-16 12:48:37,760 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:37,760 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:37,773 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:37,773 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:37,981 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2706 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2706) |c_#length|)))) is different from true [2022-11-16 12:48:38,011 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:38,011 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:38,028 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:38,028 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:38,110 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 16 proven. 244 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-16 12:48:38,110 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:40,848 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:48:40,848 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1769401826] [2022-11-16 12:48:40,848 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1769401826] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:40,848 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1114998983] [2022-11-16 12:48:40,848 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-16 12:48:40,849 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:48:40,849 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:48:40,849 INFO L229 MonitoredProcess]: Starting monitored process 52 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:48:40,853 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (52)] Waiting until timeout for monitored process [2022-11-16 12:48:42,255 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 11 check-sat command(s) [2022-11-16 12:48:42,256 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:48:42,271 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 94 conjunts are in the unsatisfiable core [2022-11-16 12:48:42,277 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:42,291 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:42,302 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:42,556 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:42,556 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:42,573 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:42,864 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2787 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2787))) (exists ((v_ArrVal_2786 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2786))))) is different from true [2022-11-16 12:48:42,918 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:48:42,919 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:48:42,925 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:43,132 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2788 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2788) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2789 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2789) |c_#valid|)))) is different from true [2022-11-16 12:48:43,195 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:48:43,196 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:48:43,201 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:43,305 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2791 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2791) |c_#valid|)) (exists ((v_ArrVal_2790 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2790) |c_#length|)))) is different from true [2022-11-16 12:48:43,333 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:43,333 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:43,364 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:48:43,365 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:48:43,475 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2792 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2792) |c_#length|)))) is different from true [2022-11-16 12:48:43,494 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:43,495 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:43,522 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:43,522 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:43,842 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:48:43,843 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:48:43,889 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:48:43,890 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:48:44,494 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2796 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2796))))) is different from true [2022-11-16 12:48:44,521 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:44,522 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:44,554 INFO L321 Elim1Store]: treesize reduction 12, result has 42.9 percent of original size [2022-11-16 12:48:44,554 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 22 [2022-11-16 12:48:44,645 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2797 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2797))))) is different from true [2022-11-16 12:48:44,666 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:44,666 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:44,680 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:44,681 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:44,704 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 18 proven. 256 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-16 12:48:44,705 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:45,227 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1114998983] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:45,227 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:48:45,227 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 35] total 48 [2022-11-16 12:48:45,227 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [165016962] [2022-11-16 12:48:45,227 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:48:45,228 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 49 states [2022-11-16 12:48:45,228 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:48:45,228 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 49 interpolants. [2022-11-16 12:48:45,228 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=161, Invalid=1212, Unknown=15, NotChecked=1162, Total=2550 [2022-11-16 12:48:45,229 INFO L87 Difference]: Start difference. First operand 181 states and 236 transitions. Second operand has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) [2022-11-16 12:48:48,545 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:48:48,545 INFO L93 Difference]: Finished difference Result 253 states and 330 transitions. [2022-11-16 12:48:48,546 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 27 states. [2022-11-16 12:48:48,546 INFO L78 Accepts]: Start accepts. Automaton has has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) Word has length 98 [2022-11-16 12:48:48,546 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:48:48,547 INFO L225 Difference]: With dead ends: 253 [2022-11-16 12:48:48,547 INFO L226 Difference]: Without dead ends: 253 [2022-11-16 12:48:48,548 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 203 GetRequests, 150 SyntacticMatches, 1 SemanticMatches, 52 ConstructedPredicates, 14 IntricatePredicates, 0 DeprecatedPredicates, 257 ImplicationChecksByTransitivity, 6.2s TimeCoverageRelationStatistics Valid=179, Invalid=1422, Unknown=15, NotChecked=1246, Total=2862 [2022-11-16 12:48:48,548 INFO L413 NwaCegarLoop]: 33 mSDtfsCounter, 30 mSDsluCounter, 381 mSDsCounter, 0 mSdLazyCounter, 1229 mSolverCounterSat, 31 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 30 SdHoareTripleChecker+Valid, 414 SdHoareTripleChecker+Invalid, 2486 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 1229 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1226 IncrementalHoareTripleChecker+Unchecked, 2.1s IncrementalHoareTripleChecker+Time [2022-11-16 12:48:48,548 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [30 Valid, 414 Invalid, 2486 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 1229 Invalid, 0 Unknown, 1226 Unchecked, 2.1s Time] [2022-11-16 12:48:48,549 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 253 states. [2022-11-16 12:48:48,556 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 253 to 191. [2022-11-16 12:48:48,557 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 191 states, 149 states have (on average 1.0402684563758389) internal successors, (155), 153 states have internal predecessors, (155), 32 states have call successors, (32), 4 states have call predecessors, (32), 8 states have return successors, (63), 33 states have call predecessors, (63), 32 states have call successors, (63) [2022-11-16 12:48:48,558 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 191 states to 191 states and 250 transitions. [2022-11-16 12:48:48,558 INFO L78 Accepts]: Start accepts. Automaton has 191 states and 250 transitions. Word has length 98 [2022-11-16 12:48:48,558 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:48:48,559 INFO L495 AbstractCegarLoop]: Abstraction has 191 states and 250 transitions. [2022-11-16 12:48:48,559 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) [2022-11-16 12:48:48,559 INFO L276 IsEmpty]: Start isEmpty. Operand 191 states and 250 transitions. [2022-11-16 12:48:48,560 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:48:48,560 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:48:48,561 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 8, 3, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:48:48,574 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (52)] Forceful destruction successful, exit code 0 [2022-11-16 12:48:48,779 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (51)] Forceful destruction successful, exit code 0 [2022-11-16 12:48:48,969 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 52 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,51 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:48,969 INFO L420 AbstractCegarLoop]: === Iteration 30 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:48:48,969 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:48:48,969 INFO L85 PathProgramCache]: Analyzing trace with hash 1163287916, now seen corresponding path program 13 times [2022-11-16 12:48:48,970 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:48:48,970 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1230328506] [2022-11-16 12:48:48,970 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-16 12:48:48,970 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:48,970 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:48:48,971 INFO L229 MonitoredProcess]: Starting monitored process 53 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:48:48,972 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (53)] Waiting until timeout for monitored process [2022-11-16 12:48:49,374 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:48:49,389 INFO L263 TraceCheckSpWp]: Trace formula consists of 358 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-16 12:48:49,393 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:49,415 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:49,421 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:49,609 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2873 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2873) |c_#length|)))) is different from true [2022-11-16 12:48:49,628 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:49,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:49,647 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:49,647 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:49,804 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2874 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2874) |c_#length|)))) is different from true [2022-11-16 12:48:49,824 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:49,824 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:49,841 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:49,841 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:50,143 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2875 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2875) |c_#length|)))) is different from true [2022-11-16 12:48:50,168 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:50,169 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:50,185 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:50,186 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:50,407 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2876 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2876) |c_#length|)))) is different from true [2022-11-16 12:48:50,430 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:50,431 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:50,447 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:50,447 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:50,655 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2877 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2877))))) is different from true [2022-11-16 12:48:50,673 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:50,674 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:50,688 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:50,688 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:51,053 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2878 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2878) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:48:51,073 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:51,074 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:51,091 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:51,091 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:51,465 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2879 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2879))))) is different from true [2022-11-16 12:48:51,483 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:51,484 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:51,498 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:51,498 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:51,587 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 232 refuted. 0 times theorem prover too weak. 96 trivial. 98 not checked. [2022-11-16 12:48:51,588 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:52,334 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:48:52,334 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1230328506] [2022-11-16 12:48:52,334 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1230328506] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:52,334 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1884436690] [2022-11-16 12:48:52,334 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-16 12:48:52,334 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:48:52,334 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:48:52,335 INFO L229 MonitoredProcess]: Starting monitored process 54 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:48:52,337 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (54)] Waiting until timeout for monitored process [2022-11-16 12:48:53,083 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-16 12:48:53,113 INFO L263 TraceCheckSpWp]: Trace formula consists of 358 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-16 12:48:53,118 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:53,130 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:53,139 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:53,238 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2955 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2955))))) is different from true [2022-11-16 12:48:53,260 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:53,261 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:53,279 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:53,279 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:53,369 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2956 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2956) |c_#length|)))) is different from true [2022-11-16 12:48:53,398 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:53,398 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:53,411 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:53,412 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:53,595 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2957 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2957) |c_#length|)))) is different from true [2022-11-16 12:48:53,615 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:53,616 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:53,628 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:53,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:53,718 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2958 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2958) |c_#length|)))) is different from true [2022-11-16 12:48:53,741 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:53,742 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:53,755 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:53,756 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:53,844 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2959 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2959) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:48:53,864 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:53,865 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:53,879 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:53,879 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:54,081 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2960 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2960))))) is different from true [2022-11-16 12:48:54,102 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:54,103 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:54,115 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:54,116 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:54,293 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2961 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2961))))) is different from true [2022-11-16 12:48:54,310 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:54,311 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:54,325 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:54,325 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:54,347 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 232 refuted. 0 times theorem prover too weak. 96 trivial. 98 not checked. [2022-11-16 12:48:54,347 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:48:55,391 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1884436690] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:48:55,391 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:48:55,391 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 37 [2022-11-16 12:48:55,391 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1506993990] [2022-11-16 12:48:55,392 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:48:55,392 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 38 states [2022-11-16 12:48:55,392 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:48:55,393 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 38 interpolants. [2022-11-16 12:48:55,393 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=111, Invalid=581, Unknown=14, NotChecked=854, Total=1560 [2022-11-16 12:48:55,393 INFO L87 Difference]: Start difference. First operand 191 states and 250 transitions. Second operand has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) [2022-11-16 12:48:58,155 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:48:58,156 INFO L93 Difference]: Finished difference Result 254 states and 329 transitions. [2022-11-16 12:48:58,157 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 24 states. [2022-11-16 12:48:58,157 INFO L78 Accepts]: Start accepts. Automaton has has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) Word has length 98 [2022-11-16 12:48:58,157 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:48:58,158 INFO L225 Difference]: With dead ends: 254 [2022-11-16 12:48:58,159 INFO L226 Difference]: Without dead ends: 254 [2022-11-16 12:48:58,159 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 161 SyntacticMatches, 1 SemanticMatches, 40 ConstructedPredicates, 14 IntricatePredicates, 0 DeprecatedPredicates, 58 ImplicationChecksByTransitivity, 3.2s TimeCoverageRelationStatistics Valid=119, Invalid=679, Unknown=14, NotChecked=910, Total=1722 [2022-11-16 12:48:58,160 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 26 mSDsluCounter, 378 mSDsCounter, 0 mSdLazyCounter, 1092 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 26 SdHoareTripleChecker+Valid, 416 SdHoareTripleChecker+Invalid, 2200 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 1092 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1086 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-11-16 12:48:58,160 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [26 Valid, 416 Invalid, 2200 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 1092 Invalid, 0 Unknown, 1086 Unchecked, 2.0s Time] [2022-11-16 12:48:58,168 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 254 states. [2022-11-16 12:48:58,174 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 254 to 171. [2022-11-16 12:48:58,175 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-16 12:48:58,176 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-16 12:48:58,176 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-16 12:48:58,177 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:48:58,177 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-16 12:48:58,177 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) [2022-11-16 12:48:58,177 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-16 12:48:58,178 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:48:58,179 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:48:58,179 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:48:58,201 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (53)] Ended with exit code 0 [2022-11-16 12:48:58,400 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (54)] Forceful destruction successful, exit code 0 [2022-11-16 12:48:58,595 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 53 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,54 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:48:58,596 INFO L420 AbstractCegarLoop]: === Iteration 31 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:48:58,596 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:48:58,596 INFO L85 PathProgramCache]: Analyzing trace with hash 1743290095, now seen corresponding path program 14 times [2022-11-16 12:48:58,596 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:48:58,596 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1998616843] [2022-11-16 12:48:58,597 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:48:58,597 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:48:58,597 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:48:58,598 INFO L229 MonitoredProcess]: Starting monitored process 55 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:48:58,599 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (55)] Waiting until timeout for monitored process [2022-11-16 12:48:59,052 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:48:59,052 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:48:59,069 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-16 12:48:59,074 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:48:59,094 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:48:59,103 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:48:59,287 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3039 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3039) |c_#length|)))) is different from true [2022-11-16 12:48:59,306 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:59,307 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:59,324 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:59,324 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:59,480 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3040 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3040) |c_#length|)))) is different from true [2022-11-16 12:48:59,498 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:59,499 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:59,526 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:59,527 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:48:59,829 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3041 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3041))))) is different from true [2022-11-16 12:48:59,850 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:48:59,850 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:48:59,864 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:48:59,865 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:00,048 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3042 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3042))))) is different from true [2022-11-16 12:49:00,068 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:00,069 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:00,082 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:00,083 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:00,425 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3043 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3043) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:00,446 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:00,447 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:00,465 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:00,465 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:00,669 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3044 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3044) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:00,690 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:00,690 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:00,709 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:00,709 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:00,920 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3045 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3045))))) is different from true [2022-11-16 12:49:00,942 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:00,943 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:00,960 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:00,960 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:01,177 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3046 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3046) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:01,196 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:01,197 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:01,210 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:01,211 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:01,302 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-16 12:49:01,302 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:49:08,026 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:49:08,026 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1998616843] [2022-11-16 12:49:08,027 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1998616843] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:49:08,027 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [337542076] [2022-11-16 12:49:08,027 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-16 12:49:08,027 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:49:08,028 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:49:08,028 INFO L229 MonitoredProcess]: Starting monitored process 56 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:49:08,031 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (56)] Waiting until timeout for monitored process [2022-11-16 12:49:08,783 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-16 12:49:08,783 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:49:08,811 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 87 conjunts are in the unsatisfiable core [2022-11-16 12:49:08,816 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:49:08,830 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:49:08,843 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:49:08,942 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3124 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3124) |c_#length|)))) is different from true [2022-11-16 12:49:08,978 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:08,979 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:08,997 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:08,997 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:09,081 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3125 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3125) |c_#length|)))) is different from true [2022-11-16 12:49:09,103 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:09,104 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:09,121 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:09,121 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:09,300 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3126 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3126))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:09,319 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:09,320 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:09,337 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:09,338 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:09,428 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3127 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3127) |c_#length|)))) is different from true [2022-11-16 12:49:09,447 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:09,447 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:09,461 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:09,461 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:09,661 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3128 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3128) |c_#length|)))) is different from true [2022-11-16 12:49:09,681 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:09,682 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:09,700 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:09,701 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:09,787 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3129 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3129))))) is different from true [2022-11-16 12:49:09,807 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:09,808 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:09,826 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:09,826 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:09,914 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3130 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3130) |c_#length|)))) is different from true [2022-11-16 12:49:09,935 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:09,936 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:09,954 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:09,954 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:10,059 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3131 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3131) |c_#length|)))) is different from true [2022-11-16 12:49:10,079 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:10,080 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:10,098 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:10,098 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:10,117 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-16 12:49:10,117 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:49:12,634 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [337542076] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:49:12,634 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:49:12,634 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-16 12:49:12,634 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1540425079] [2022-11-16 12:49:12,634 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:49:12,635 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-16 12:49:12,635 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:49:12,635 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-16 12:49:12,635 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=630, Unknown=17, NotChecked=1040, Total=1806 [2022-11-16 12:49:12,636 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:49:16,110 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:49:16,110 INFO L93 Difference]: Finished difference Result 251 states and 324 transitions. [2022-11-16 12:49:16,111 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-16 12:49:16,111 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-16 12:49:16,111 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:49:16,113 INFO L225 Difference]: With dead ends: 251 [2022-11-16 12:49:16,113 INFO L226 Difference]: Without dead ends: 251 [2022-11-16 12:49:16,113 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 65 ImplicationChecksByTransitivity, 11.0s TimeCoverageRelationStatistics Valid=127, Invalid=732, Unknown=17, NotChecked=1104, Total=1980 [2022-11-16 12:49:16,114 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 28 mSDsluCounter, 480 mSDsCounter, 0 mSdLazyCounter, 1359 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 519 SdHoareTripleChecker+Invalid, 2396 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 1359 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1016 IncrementalHoareTripleChecker+Unchecked, 2.4s IncrementalHoareTripleChecker+Time [2022-11-16 12:49:16,114 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 519 Invalid, 2396 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 1359 Invalid, 0 Unknown, 1016 Unchecked, 2.4s Time] [2022-11-16 12:49:16,115 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 251 states. [2022-11-16 12:49:16,120 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 251 to 171. [2022-11-16 12:49:16,120 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-16 12:49:16,122 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-16 12:49:16,122 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-16 12:49:16,122 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:49:16,122 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-16 12:49:16,123 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:49:16,123 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-16 12:49:16,124 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:49:16,124 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:49:16,124 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:49:16,151 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (55)] Forceful destruction successful, exit code 0 [2022-11-16 12:49:16,344 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (56)] Forceful destruction successful, exit code 0 [2022-11-16 12:49:16,539 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 55 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,56 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt [2022-11-16 12:49:16,540 INFO L420 AbstractCegarLoop]: === Iteration 32 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:49:16,540 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:49:16,540 INFO L85 PathProgramCache]: Analyzing trace with hash -856557043, now seen corresponding path program 15 times [2022-11-16 12:49:16,540 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:49:16,540 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [793332146] [2022-11-16 12:49:16,541 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:49:16,541 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:49:16,541 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:49:16,542 INFO L229 MonitoredProcess]: Starting monitored process 57 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:49:16,543 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (57)] Waiting until timeout for monitored process [2022-11-16 12:49:17,106 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-16 12:49:17,106 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:49:17,120 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-16 12:49:17,124 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:49:17,145 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:49:17,152 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:49:17,352 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3209 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3209))))) is different from true [2022-11-16 12:49:17,375 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:17,376 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:17,388 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:17,389 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:17,531 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3210 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3210))))) is different from true [2022-11-16 12:49:17,551 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:17,552 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:17,564 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:17,565 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:17,900 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3211 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3211))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:17,919 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:17,919 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:17,936 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:17,937 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:18,275 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3212 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3212))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:18,293 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:18,294 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:18,306 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:18,307 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:18,511 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3213 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3213))))) is different from true [2022-11-16 12:49:18,532 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:18,533 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:18,546 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:18,546 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:18,750 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3214 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3214) |c_#length|)))) is different from true [2022-11-16 12:49:18,769 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:18,770 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:18,787 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:18,787 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:19,006 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3215 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3215) |c_#length|)))) is different from true [2022-11-16 12:49:19,028 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:19,028 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:19,041 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:19,041 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:19,265 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3216 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3216) |c_#length|)))) is different from true [2022-11-16 12:49:19,286 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:19,287 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:19,300 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:19,300 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:19,402 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 32 proven. 240 refuted. 0 times theorem prover too weak. 60 trivial. 104 not checked. [2022-11-16 12:49:19,403 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:49:24,152 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:49:24,152 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [793332146] [2022-11-16 12:49:24,152 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [793332146] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:49:24,152 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [2117507036] [2022-11-16 12:49:24,152 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:49:24,153 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:49:24,153 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:49:24,154 INFO L229 MonitoredProcess]: Starting monitored process 58 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:49:24,155 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (58)] Waiting until timeout for monitored process [2022-11-16 12:49:25,550 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-16 12:49:25,550 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:49:25,565 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-16 12:49:25,570 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:49:25,582 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:49:25,593 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:49:25,700 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3295 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3295))) (exists ((v_ArrVal_3294 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3294))))) is different from true [2022-11-16 12:49:25,729 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:25,730 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:25,761 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:49:25,762 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:49:26,009 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:49:26,009 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:49:26,038 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:26,039 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:26,406 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3298 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3298) |c_#length|)))) is different from true [2022-11-16 12:49:26,425 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:26,426 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:26,440 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:26,440 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:26,687 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-16 12:49:26,718 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-16 12:49:26,718 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-16 12:49:27,303 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-16 12:49:27,303 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-16 12:49:28,250 INFO L321 Elim1Store]: treesize reduction 24, result has 48.9 percent of original size [2022-11-16 12:49:28,250 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 17 treesize of output 34 [2022-11-16 12:49:28,291 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:28,291 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:28,608 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3304 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3304))))) is different from true [2022-11-16 12:49:28,628 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:28,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:28,642 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:28,642 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:28,735 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3305 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3305))))) is different from true [2022-11-16 12:49:28,753 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:28,753 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:28,766 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:28,767 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:28,789 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 36 proven. 278 refuted. 0 times theorem prover too weak. 42 trivial. 80 not checked. [2022-11-16 12:49:28,789 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:49:31,263 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [2117507036] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:49:31,263 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:49:31,263 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [35, 39] total 53 [2022-11-16 12:49:31,263 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [698325497] [2022-11-16 12:49:31,263 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:49:31,264 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 54 states [2022-11-16 12:49:31,264 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:49:31,264 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 54 interpolants. [2022-11-16 12:49:31,265 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=171, Invalid=1672, Unknown=15, NotChecked=1222, Total=3080 [2022-11-16 12:49:31,265 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) [2022-11-16 12:49:36,956 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:49:36,956 INFO L93 Difference]: Finished difference Result 265 states and 344 transitions. [2022-11-16 12:49:36,957 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-11-16 12:49:36,957 INFO L78 Accepts]: Start accepts. Automaton has has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) Word has length 98 [2022-11-16 12:49:36,958 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:49:36,960 INFO L225 Difference]: With dead ends: 265 [2022-11-16 12:49:36,960 INFO L226 Difference]: Without dead ends: 265 [2022-11-16 12:49:36,962 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 209 GetRequests, 144 SyntacticMatches, 3 SemanticMatches, 62 ConstructedPredicates, 13 IntricatePredicates, 0 DeprecatedPredicates, 484 ImplicationChecksByTransitivity, 11.8s TimeCoverageRelationStatistics Valid=222, Invalid=2365, Unknown=15, NotChecked=1430, Total=4032 [2022-11-16 12:49:36,962 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 40 mSDsluCounter, 594 mSDsCounter, 0 mSdLazyCounter, 1885 mSolverCounterSat, 30 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 40 SdHoareTripleChecker+Valid, 632 SdHoareTripleChecker+Invalid, 3430 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 30 IncrementalHoareTripleChecker+Valid, 1885 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1515 IncrementalHoareTripleChecker+Unchecked, 3.6s IncrementalHoareTripleChecker+Time [2022-11-16 12:49:36,963 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [40 Valid, 632 Invalid, 3430 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [30 Valid, 1885 Invalid, 0 Unknown, 1515 Unchecked, 3.6s Time] [2022-11-16 12:49:36,963 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 265 states. [2022-11-16 12:49:36,969 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 265 to 171. [2022-11-16 12:49:36,970 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-16 12:49:36,971 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-16 12:49:36,971 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-16 12:49:36,972 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:49:36,972 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-16 12:49:36,972 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) [2022-11-16 12:49:36,972 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-16 12:49:36,973 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:49:36,973 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:49:36,974 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:49:36,982 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (58)] Forceful destruction successful, exit code 0 [2022-11-16 12:49:37,192 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (57)] Forceful destruction successful, exit code 0 [2022-11-16 12:49:37,382 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 58 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,57 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:49:37,382 INFO L420 AbstractCegarLoop]: === Iteration 33 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:49:37,382 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:49:37,383 INFO L85 PathProgramCache]: Analyzing trace with hash -335667025, now seen corresponding path program 16 times [2022-11-16 12:49:37,383 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:49:37,383 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [797430381] [2022-11-16 12:49:37,383 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:49:37,384 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:49:37,384 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:49:37,385 INFO L229 MonitoredProcess]: Starting monitored process 59 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:49:37,386 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (59)] Waiting until timeout for monitored process [2022-11-16 12:49:37,790 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:49:37,790 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:49:37,805 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-16 12:49:37,809 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:49:37,832 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:49:37,838 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:49:38,030 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3383 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3383) |c_#length|)))) is different from true [2022-11-16 12:49:38,048 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:38,049 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:38,065 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:38,065 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:38,211 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3384 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3384))))) is different from true [2022-11-16 12:49:38,229 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:38,229 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:38,246 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:38,246 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:38,699 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3385 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3385) |c_#length|)))) is different from true [2022-11-16 12:49:38,719 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:38,719 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:38,736 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:38,736 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:38,950 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3386 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3386))))) is different from true [2022-11-16 12:49:38,971 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:38,971 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:38,986 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:38,986 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:39,199 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3387 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3387) |c_#length|)))) is different from true [2022-11-16 12:49:39,220 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:39,221 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:39,237 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:39,237 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:39,436 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3388 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3388) |c_#length|)))) is different from true [2022-11-16 12:49:39,479 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:39,479 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:39,497 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:39,497 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:39,692 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3389 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3389) |c_#length|)))) is different from true [2022-11-16 12:49:39,713 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:39,714 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:39,727 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:39,727 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:39,932 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3390 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3390) |c_#length|)))) is different from true [2022-11-16 12:49:39,951 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:39,951 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:39,969 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:39,969 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:40,048 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-16 12:49:40,048 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:49:42,806 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:49:42,806 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [797430381] [2022-11-16 12:49:42,806 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [797430381] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:49:42,806 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [563549877] [2022-11-16 12:49:42,806 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-16 12:49:42,807 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:49:42,807 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:49:42,808 INFO L229 MonitoredProcess]: Starting monitored process 60 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:49:42,809 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (60)] Waiting until timeout for monitored process [2022-11-16 12:49:43,609 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-16 12:49:43,609 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:49:43,620 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-16 12:49:43,624 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:49:43,635 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-16 12:49:43,644 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:49:43,739 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3468 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3468))))) is different from true [2022-11-16 12:49:43,760 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:43,760 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:43,777 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:43,778 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:43,859 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3469 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3469) |c_#length|)))) is different from true [2022-11-16 12:49:43,881 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:43,882 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:43,895 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:43,895 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:44,187 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3470 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3470) |c_#length|)))) is different from true [2022-11-16 12:49:44,209 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:44,210 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:44,228 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:44,228 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:44,313 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3471 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3471))))) is different from true [2022-11-16 12:49:44,331 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:44,332 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:44,349 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:44,349 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:44,437 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3472 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3472))))) is different from true [2022-11-16 12:49:44,454 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:44,455 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:44,471 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:44,472 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:44,571 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3473 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3473) |c_#length|)))) is different from true [2022-11-16 12:49:44,591 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:44,591 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:44,604 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:44,604 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:44,689 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3474 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3474))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:44,710 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:44,710 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:44,733 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:44,733 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:44,824 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3475 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3475) |c_#length|)))) is different from true [2022-11-16 12:49:44,849 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:44,849 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:44,867 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:44,867 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:44,880 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-16 12:49:44,880 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:49:45,414 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [563549877] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:49:45,414 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:49:45,414 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-16 12:49:45,414 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [412025906] [2022-11-16 12:49:45,415 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:49:45,415 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-16 12:49:45,415 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:49:45,415 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-16 12:49:45,416 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=630, Unknown=17, NotChecked=1040, Total=1806 [2022-11-16 12:49:45,416 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:49:48,764 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:49:48,764 INFO L93 Difference]: Finished difference Result 257 states and 334 transitions. [2022-11-16 12:49:48,766 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-16 12:49:48,766 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-16 12:49:48,766 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:49:48,767 INFO L225 Difference]: With dead ends: 257 [2022-11-16 12:49:48,767 INFO L226 Difference]: Without dead ends: 257 [2022-11-16 12:49:48,767 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 63 ImplicationChecksByTransitivity, 4.9s TimeCoverageRelationStatistics Valid=127, Invalid=732, Unknown=17, NotChecked=1104, Total=1980 [2022-11-16 12:49:48,768 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 28 mSDsluCounter, 459 mSDsCounter, 0 mSdLazyCounter, 1297 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 498 SdHoareTripleChecker+Invalid, 2259 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 1297 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 940 IncrementalHoareTripleChecker+Unchecked, 2.4s IncrementalHoareTripleChecker+Time [2022-11-16 12:49:48,768 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 498 Invalid, 2259 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 1297 Invalid, 0 Unknown, 940 Unchecked, 2.4s Time] [2022-11-16 12:49:48,769 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 257 states. [2022-11-16 12:49:48,774 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 257 to 171. [2022-11-16 12:49:48,775 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-16 12:49:48,776 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-16 12:49:48,776 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-16 12:49:48,777 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:49:48,777 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-16 12:49:48,777 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:49:48,777 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-16 12:49:48,778 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-16 12:49:48,778 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:49:48,778 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:49:48,796 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (60)] Forceful destruction successful, exit code 0 [2022-11-16 12:49:48,996 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (59)] Forceful destruction successful, exit code 0 [2022-11-16 12:49:49,186 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 60 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,59 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:49:49,186 INFO L420 AbstractCegarLoop]: === Iteration 34 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:49:49,186 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:49:49,186 INFO L85 PathProgramCache]: Analyzing trace with hash 552179341, now seen corresponding path program 17 times [2022-11-16 12:49:49,187 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:49:49,187 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [459273418] [2022-11-16 12:49:49,187 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:49:49,187 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:49:49,187 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:49:49,188 INFO L229 MonitoredProcess]: Starting monitored process 61 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:49:49,190 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (61)] Waiting until timeout for monitored process [2022-11-16 12:49:49,865 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-16 12:49:49,866 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:49:49,879 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-16 12:49:49,883 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:49:49,904 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:49:50,230 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3552 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3552) |c_#length|)))) is different from true [2022-11-16 12:49:50,248 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:50,249 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:50,262 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:50,262 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:50,578 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3553 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3553) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:50,595 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:50,596 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:50,608 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:50,608 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:50,796 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3554) |c_#length|)))) is different from true [2022-11-16 12:49:50,815 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:50,816 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:50,834 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:50,834 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:51,033 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3555 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3555))))) is different from true [2022-11-16 12:49:51,051 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:51,052 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:51,071 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:51,071 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:51,272 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3556) |c_#length|)))) is different from true [2022-11-16 12:49:51,300 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:51,301 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:51,313 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:51,313 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:51,511 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3557 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3557) |c_#length|)))) is different from true [2022-11-16 12:49:51,528 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:51,528 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:51,545 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:51,545 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:51,756 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3558 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3558))))) is different from true [2022-11-16 12:49:51,777 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:51,778 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:51,791 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:51,791 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:52,018 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3559 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3559) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:52,036 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:52,037 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:52,063 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:52,064 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:52,162 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 30 proven. 230 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-16 12:49:52,162 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:49:56,998 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-16 12:49:56,998 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [459273418] [2022-11-16 12:49:56,998 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [459273418] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:49:56,998 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [501099739] [2022-11-16 12:49:56,998 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-16 12:49:56,999 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-16 12:49:56,999 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 [2022-11-16 12:49:57,000 INFO L229 MonitoredProcess]: Starting monitored process 62 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-16 12:49:57,001 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (62)] Waiting until timeout for monitored process [2022-11-16 12:49:58,486 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-16 12:49:58,486 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-16 12:49:58,522 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 85 conjunts are in the unsatisfiable core [2022-11-16 12:49:58,526 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-16 12:49:58,539 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-16 12:49:58,696 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3636 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3636) |c_#length|)) (exists ((v_ArrVal_3637 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3637))))) is different from true [2022-11-16 12:49:58,724 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:58,725 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:58,772 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:49:58,772 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:49:58,958 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3639 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3639) |c_#valid|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3638 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3638))))) is different from true [2022-11-16 12:49:59,012 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:49:59,012 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:49:59,018 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:59,119 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3641 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3641) |c_#valid|)) (exists ((v_ArrVal_3640 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3640) |c_#length|)))) is different from true [2022-11-16 12:49:59,178 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:49:59,178 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:49:59,184 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:59,277 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3642 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3642) |c_#length|)))) is different from true [2022-11-16 12:49:59,305 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:59,306 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:59,323 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:59,323 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:59,414 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3643 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3643) |c_#length|)) (exists ((v_ArrVal_3644 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3644) |c_#valid|)))) is different from true [2022-11-16 12:49:59,472 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:49:59,472 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:49:59,482 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:59,579 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3646 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3646) |c_#valid|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3645 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3645) |c_#length|)))) is different from true [2022-11-16 12:49:59,601 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:59,602 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:59,637 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-16 12:49:59,638 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-16 12:49:59,729 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3647 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3647) |c_#length|)))) is different from true [2022-11-16 12:49:59,751 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:59,751 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:59,764 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:59,765 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:59,857 WARN L855 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3648 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3648) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-16 12:49:59,880 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-16 12:49:59,881 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-16 12:49:59,895 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-16 12:49:59,895 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-16 12:49:59,912 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 30 proven. 230 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-16 12:49:59,913 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-16 12:50:02,457 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [501099739] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-16 12:50:02,458 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-16 12:50:02,458 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 29] total 42 [2022-11-16 12:50:02,458 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1275587853] [2022-11-16 12:50:02,458 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-16 12:50:02,458 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 43 states [2022-11-16 12:50:02,459 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-16 12:50:02,459 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 43 interpolants. [2022-11-16 12:50:02,459 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=126, Invalid=733, Unknown=17, NotChecked=1104, Total=1980 [2022-11-16 12:50:02,459 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:50:05,960 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-16 12:50:05,960 INFO L93 Difference]: Finished difference Result 227 states and 296 transitions. [2022-11-16 12:50:05,961 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-16 12:50:05,962 INFO L78 Accepts]: Start accepts. Automaton has has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-16 12:50:05,962 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-16 12:50:05,963 INFO L225 Difference]: With dead ends: 227 [2022-11-16 12:50:05,963 INFO L226 Difference]: Without dead ends: 227 [2022-11-16 12:50:05,964 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 156 SyntacticMatches, 1 SemanticMatches, 45 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 104 ImplicationChecksByTransitivity, 9.3s TimeCoverageRelationStatistics Valid=135, Invalid=842, Unknown=17, NotChecked=1168, Total=2162 [2022-11-16 12:50:05,964 INFO L413 NwaCegarLoop]: 37 mSDtfsCounter, 23 mSDsluCounter, 413 mSDsCounter, 0 mSdLazyCounter, 1283 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 23 SdHoareTripleChecker+Valid, 450 SdHoareTripleChecker+Invalid, 2336 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 1283 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1030 IncrementalHoareTripleChecker+Unchecked, 2.4s IncrementalHoareTripleChecker+Time [2022-11-16 12:50:05,965 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [23 Valid, 450 Invalid, 2336 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 1283 Invalid, 0 Unknown, 1030 Unchecked, 2.4s Time] [2022-11-16 12:50:05,965 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 227 states. [2022-11-16 12:50:05,970 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 227 to 135. [2022-11-16 12:50:05,971 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 135 states, 104 states have (on average 1.0576923076923077) internal successors, (110), 108 states have internal predecessors, (110), 22 states have call successors, (22), 4 states have call predecessors, (22), 7 states have return successors, (42), 22 states have call predecessors, (42), 22 states have call successors, (42) [2022-11-16 12:50:05,971 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 135 states to 135 states and 174 transitions. [2022-11-16 12:50:05,972 INFO L78 Accepts]: Start accepts. Automaton has 135 states and 174 transitions. Word has length 98 [2022-11-16 12:50:05,972 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-16 12:50:05,972 INFO L495 AbstractCegarLoop]: Abstraction has 135 states and 174 transitions. [2022-11-16 12:50:05,972 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-16 12:50:05,973 INFO L276 IsEmpty]: Start isEmpty. Operand 135 states and 174 transitions. [2022-11-16 12:50:05,973 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-11-16 12:50:05,973 INFO L187 NwaCegarLoop]: Found error trace [2022-11-16 12:50:05,974 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 11, 10, 10, 10, 10, 10, 10, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-16 12:50:05,986 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt (62)] Ended with exit code 0 [2022-11-16 12:50:06,191 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (61)] Forceful destruction successful, exit code 0 [2022-11-16 12:50:06,381 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 62 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/cvc4 --incremental --print-success --lang smt,61 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:50:06,382 INFO L420 AbstractCegarLoop]: === Iteration 35 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-16 12:50:06,382 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-16 12:50:06,382 INFO L85 PathProgramCache]: Analyzing trace with hash 329760614, now seen corresponding path program 3 times [2022-11-16 12:50:06,382 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-16 12:50:06,382 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [465920252] [2022-11-16 12:50:06,382 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-16 12:50:06,383 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:50:06,383 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat [2022-11-16 12:50:06,383 INFO L229 MonitoredProcess]: Starting monitored process 63 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-16 12:50:06,385 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (63)] Waiting until timeout for monitored process [2022-11-16 12:50:07,211 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-16 12:50:07,211 INFO L229 tOrderPrioritization]: Conjunction of SSA is sat [2022-11-16 12:50:07,211 INFO L356 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-11-16 12:50:07,580 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-11-16 12:50:07,682 INFO L130 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-11-16 12:50:07,683 INFO L359 BasicCegarLoop]: Counterexample is feasible [2022-11-16 12:50:07,684 INFO L805 garLoopResultBuilder]: Registering result UNSAFE for location ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK (2 of 3 remaining) [2022-11-16 12:50:07,686 INFO L805 garLoopResultBuilder]: Registering result UNKNOWN for location ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE (1 of 3 remaining) [2022-11-16 12:50:07,686 INFO L805 garLoopResultBuilder]: Registering result UNKNOWN for location ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE (0 of 3 remaining) [2022-11-16 12:50:07,709 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (63)] Forceful destruction successful, exit code 0 [2022-11-16 12:50:07,904 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 63 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_e5e58477-033e-43c6-b065-c22b517074ba/bin/uautomizer-tPACEb0tL8/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-16 12:50:07,907 INFO L444 BasicCegarLoop]: Path program histogram: [17, 9, 3, 1, 1, 1, 1, 1, 1] [2022-11-16 12:50:07,911 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-16 12:50:07,968 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 16.11 12:50:07 BoogieIcfgContainer [2022-11-16 12:50:07,968 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-16 12:50:07,968 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-16 12:50:07,969 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-16 12:50:07,969 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-16 12:50:07,972 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 16.11 12:43:44" (3/4) ... [2022-11-16 12:50:07,975 INFO L140 WitnessPrinter]: No result that supports witness generation found [2022-11-16 12:50:07,975 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-16 12:50:07,975 INFO L158 Benchmark]: Toolchain (without parser) took 384599.51ms. Allocated memory was 81.8MB in the beginning and 125.8MB in the end (delta: 44.0MB). Free memory was 64.8MB in the beginning and 92.0MB in the end (delta: -27.2MB). Peak memory consumption was 17.8MB. Max. memory is 16.1GB. [2022-11-16 12:50:07,975 INFO L158 Benchmark]: CDTParser took 0.30ms. Allocated memory is still 81.8MB. Free memory is still 62.5MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 12:50:07,976 INFO L158 Benchmark]: CACSL2BoogieTranslator took 753.48ms. Allocated memory is still 81.8MB. Free memory was 64.7MB in the beginning and 47.1MB in the end (delta: 17.6MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-11-16 12:50:07,976 INFO L158 Benchmark]: Boogie Procedure Inliner took 56.58ms. Allocated memory is still 81.8MB. Free memory was 47.1MB in the beginning and 45.0MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-16 12:50:07,976 INFO L158 Benchmark]: Boogie Preprocessor took 40.52ms. Allocated memory is still 81.8MB. Free memory was 45.0MB in the beginning and 43.4MB in the end (delta: 1.5MB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 12:50:07,976 INFO L158 Benchmark]: RCFGBuilder took 445.68ms. Allocated memory is still 81.8MB. Free memory was 43.4MB in the beginning and 62.8MB in the end (delta: -19.4MB). Peak memory consumption was 16.7MB. Max. memory is 16.1GB. [2022-11-16 12:50:07,976 INFO L158 Benchmark]: TraceAbstraction took 383289.19ms. Allocated memory was 81.8MB in the beginning and 125.8MB in the end (delta: 44.0MB). Free memory was 62.1MB in the beginning and 92.0MB in the end (delta: -29.9MB). Peak memory consumption was 85.5MB. Max. memory is 16.1GB. [2022-11-16 12:50:07,976 INFO L158 Benchmark]: Witness Printer took 6.63ms. Allocated memory is still 125.8MB. Free memory is still 92.0MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-16 12:50:07,977 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.30ms. Allocated memory is still 81.8MB. Free memory is still 62.5MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 753.48ms. Allocated memory is still 81.8MB. Free memory was 64.7MB in the beginning and 47.1MB in the end (delta: 17.6MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 56.58ms. Allocated memory is still 81.8MB. Free memory was 47.1MB in the beginning and 45.0MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 40.52ms. Allocated memory is still 81.8MB. Free memory was 45.0MB in the beginning and 43.4MB in the end (delta: 1.5MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 445.68ms. Allocated memory is still 81.8MB. Free memory was 43.4MB in the beginning and 62.8MB in the end (delta: -19.4MB). Peak memory consumption was 16.7MB. Max. memory is 16.1GB. * TraceAbstraction took 383289.19ms. Allocated memory was 81.8MB in the beginning and 125.8MB in the end (delta: 44.0MB). Free memory was 62.1MB in the beginning and 92.0MB in the end (delta: -29.9MB). Peak memory consumption was 85.5MB. Max. memory is 16.1GB. * Witness Printer took 6.63ms. Allocated memory is still 125.8MB. Free memory is still 92.0MB. There was no memory consumed. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - UnprovableResult [Line: 772]: Unable to prove that all allocated memory was freed Unable to prove that all allocated memory was freed Reason: overapproximation of memtrack at line 772. Possible FailurePath: [L569] struct ldv_list_head ldv_global_msg_list = { &(ldv_global_msg_list), &(ldv_global_msg_list) }; VAL [ldv_global_msg_list={1:0}] [L773] CALL entry_point() [L761] int len = 10; VAL [ldv_global_msg_list={1:0}, len=10] [L762] CALL, EXPR ldv_malloc(sizeof(struct A18*)*len) VAL [\old(size)=40, ldv_global_msg_list={1:0}] [L526] COND TRUE __VERIFIER_nondet_int() [L527] return malloc(size); [L762] RET, EXPR ldv_malloc(sizeof(struct A18*)*len) VAL [ldv_global_msg_list={1:0}, ldv_malloc(sizeof(struct A18*)*len)={10:0}, len=10] [L762] struct A18 **array = (struct A18 **)ldv_malloc(sizeof(struct A18*)*len); [L763] struct A18 *p; [L764] int i=0; VAL [array={10:0}, i=0, ldv_global_msg_list={1:0}, len=10] [L765] COND FALSE !(!array) VAL [array={10:0}, i=0, ldv_global_msg_list={1:0}, len=10] [L766] COND TRUE i