./Ultimate.py --spec ../../sv-benchmarks/c/properties/valid-memsafety.prp --file ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 8393723b Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/config/AutomizerMemDerefMemtrack.xml -i ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-8393723 [2022-11-18 20:37:42,279 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-18 20:37:42,282 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-18 20:37:42,305 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-18 20:37:42,306 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-18 20:37:42,307 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-18 20:37:42,309 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-18 20:37:42,311 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-18 20:37:42,313 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-18 20:37:42,315 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-18 20:37:42,316 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-18 20:37:42,318 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-18 20:37:42,318 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-18 20:37:42,320 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-18 20:37:42,321 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-18 20:37:42,323 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-18 20:37:42,324 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-18 20:37:42,325 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-18 20:37:42,327 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-18 20:37:42,329 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-18 20:37:42,331 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-18 20:37:42,340 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-18 20:37:42,345 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-18 20:37:42,347 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-18 20:37:42,353 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-18 20:37:42,363 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-18 20:37:42,363 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-18 20:37:42,364 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-18 20:37:42,365 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-18 20:37:42,366 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-18 20:37:42,368 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-18 20:37:42,369 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-18 20:37:42,370 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-18 20:37:42,372 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-18 20:37:42,374 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-18 20:37:42,375 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-18 20:37:42,377 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-18 20:37:42,378 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-18 20:37:42,379 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-18 20:37:42,381 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-18 20:37:42,381 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-18 20:37:42,382 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2022-11-18 20:37:42,421 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-18 20:37:42,430 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-18 20:37:42,432 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-18 20:37:42,432 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-18 20:37:42,433 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-18 20:37:42,433 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-18 20:37:42,434 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-18 20:37:42,435 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-18 20:37:42,435 INFO L138 SettingsManager]: * Use SBE=true [2022-11-18 20:37:42,435 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-18 20:37:42,436 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-18 20:37:42,437 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-11-18 20:37:42,437 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-18 20:37:42,437 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-18 20:37:42,438 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-18 20:37:42,438 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-11-18 20:37:42,438 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-11-18 20:37:42,438 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-11-18 20:37:42,439 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-18 20:37:42,439 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-11-18 20:37:42,439 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-18 20:37:42,439 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-18 20:37:42,440 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-18 20:37:42,440 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-18 20:37:42,440 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-18 20:37:42,440 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-18 20:37:42,442 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-18 20:37:42,443 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-18 20:37:42,443 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-18 20:37:42,443 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-18 20:37:42,443 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2022-11-18 20:37:42,785 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-18 20:37:42,820 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-18 20:37:42,824 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-18 20:37:42,826 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-18 20:37:42,827 INFO L275 PluginConnector]: CDTParser initialized [2022-11-18 20:37:42,829 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-18 20:37:42,914 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/7cca0d860/e057ca5af7c74887840f811bfd6fc8ae/FLAGdd687d84a [2022-11-18 20:37:43,702 INFO L306 CDTParser]: Found 1 translation units. [2022-11-18 20:37:43,703 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-18 20:37:43,721 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/7cca0d860/e057ca5af7c74887840f811bfd6fc8ae/FLAGdd687d84a [2022-11-18 20:37:43,909 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/7cca0d860/e057ca5af7c74887840f811bfd6fc8ae [2022-11-18 20:37:43,914 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-18 20:37:43,918 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-18 20:37:43,924 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-18 20:37:43,924 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-18 20:37:43,929 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-18 20:37:43,930 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 08:37:43" (1/1) ... [2022-11-18 20:37:43,931 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@534be7c2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:43, skipping insertion in model container [2022-11-18 20:37:43,932 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 08:37:43" (1/1) ... [2022-11-18 20:37:43,943 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-18 20:37:44,016 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-18 20:37:44,650 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-18 20:37:44,671 ERROR L326 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2022-11-18 20:37:44,671 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@1cee1e87 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:44, skipping insertion in model container [2022-11-18 20:37:44,671 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-18 20:37:44,672 INFO L184 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.procedureinliner [2022-11-18 20:37:44,676 INFO L158 Benchmark]: Toolchain (without parser) took 755.10ms. Allocated memory is still 140.5MB. Free memory was 108.6MB in the beginning and 113.9MB in the end (delta: -5.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-11-18 20:37:44,678 INFO L158 Benchmark]: CDTParser took 0.35ms. Allocated memory is still 92.3MB. Free memory was 48.1MB in the beginning and 48.1MB in the end (delta: 44.3kB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-18 20:37:44,679 INFO L158 Benchmark]: CACSL2BoogieTranslator took 748.31ms. Allocated memory is still 140.5MB. Free memory was 108.6MB in the beginning and 113.9MB in the end (delta: -5.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-11-18 20:37:44,682 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.35ms. Allocated memory is still 92.3MB. Free memory was 48.1MB in the beginning and 48.1MB in the end (delta: 44.3kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 748.31ms. Allocated memory is still 140.5MB. Free memory was 108.6MB in the beginning and 113.9MB in the end (delta: -5.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 576]: Unsupported Syntax Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/config/AutomizerMemDerefMemtrack.xml -i ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-8393723 [2022-11-18 20:37:47,228 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-18 20:37:47,233 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-18 20:37:47,263 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-18 20:37:47,263 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-18 20:37:47,265 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-18 20:37:47,266 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-18 20:37:47,268 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-18 20:37:47,271 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-18 20:37:47,272 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-18 20:37:47,273 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-18 20:37:47,275 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-18 20:37:47,275 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-18 20:37:47,276 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-18 20:37:47,278 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-18 20:37:47,279 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-18 20:37:47,280 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-18 20:37:47,281 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-18 20:37:47,283 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-18 20:37:47,286 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-18 20:37:47,288 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-18 20:37:47,296 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-18 20:37:47,297 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-18 20:37:47,298 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-18 20:37:47,303 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-18 20:37:47,303 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-18 20:37:47,304 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-18 20:37:47,305 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-18 20:37:47,306 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-18 20:37:47,307 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-18 20:37:47,307 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-18 20:37:47,308 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-18 20:37:47,309 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-18 20:37:47,317 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-18 20:37:47,323 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-18 20:37:47,323 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-18 20:37:47,324 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-18 20:37:47,324 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-18 20:37:47,325 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-18 20:37:47,327 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-18 20:37:47,328 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-18 20:37:47,334 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2022-11-18 20:37:47,391 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-18 20:37:47,392 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-18 20:37:47,393 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-18 20:37:47,394 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-18 20:37:47,395 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-18 20:37:47,395 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-18 20:37:47,397 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-18 20:37:47,397 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-18 20:37:47,398 INFO L138 SettingsManager]: * Use SBE=true [2022-11-18 20:37:47,398 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-18 20:37:47,399 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-18 20:37:47,399 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-11-18 20:37:47,400 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-18 20:37:47,400 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-18 20:37:47,400 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-18 20:37:47,400 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-11-18 20:37:47,401 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-11-18 20:37:47,401 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-11-18 20:37:47,401 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-18 20:37:47,401 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-11-18 20:37:47,401 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-11-18 20:37:47,402 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-11-18 20:37:47,402 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-18 20:37:47,402 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-18 20:37:47,402 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-18 20:37:47,403 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-18 20:37:47,403 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-18 20:37:47,403 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-18 20:37:47,403 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-18 20:37:47,404 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-18 20:37:47,404 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-11-18 20:37:47,404 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-11-18 20:37:47,404 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-11-18 20:37:47,405 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2022-11-18 20:37:47,882 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-18 20:37:47,922 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-18 20:37:47,926 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-18 20:37:47,928 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-18 20:37:47,931 INFO L275 PluginConnector]: CDTParser initialized [2022-11-18 20:37:47,934 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-18 20:37:48,030 INFO L220 CDTParser]: Created temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/a9e593bcf/8c8ee14463a745639da0b2bfdc301af1/FLAG75fd37922 [2022-11-18 20:37:48,827 INFO L306 CDTParser]: Found 1 translation units. [2022-11-18 20:37:48,828 INFO L160 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-18 20:37:48,859 INFO L349 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/a9e593bcf/8c8ee14463a745639da0b2bfdc301af1/FLAG75fd37922 [2022-11-18 20:37:49,028 INFO L357 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/data/a9e593bcf/8c8ee14463a745639da0b2bfdc301af1 [2022-11-18 20:37:49,032 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-18 20:37:49,034 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-18 20:37:49,035 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-18 20:37:49,036 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-18 20:37:49,041 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-18 20:37:49,042 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:49,043 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@680af7d7 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49, skipping insertion in model container [2022-11-18 20:37:49,043 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:49,055 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-18 20:37:49,113 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-18 20:37:49,705 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-18 20:37:49,735 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-11-18 20:37:49,756 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-18 20:37:49,839 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-18 20:37:49,848 INFO L203 MainTranslator]: Completed pre-run [2022-11-18 20:37:49,920 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-18 20:37:49,970 INFO L208 MainTranslator]: Completed translation [2022-11-18 20:37:49,970 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49 WrapperNode [2022-11-18 20:37:49,971 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-18 20:37:49,972 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-18 20:37:49,972 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-18 20:37:49,973 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-18 20:37:49,985 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,032 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,055 INFO L138 Inliner]: procedures = 165, calls = 70, calls flagged for inlining = 21, calls inlined = 3, statements flattened = 31 [2022-11-18 20:37:50,056 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-18 20:37:50,056 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-18 20:37:50,057 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-18 20:37:50,057 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-18 20:37:50,069 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,069 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,073 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,074 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,082 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,092 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,094 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,095 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,098 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-18 20:37:50,099 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-18 20:37:50,100 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-18 20:37:50,100 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-18 20:37:50,101 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (1/1) ... [2022-11-18 20:37:50,131 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-18 20:37:50,143 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/z3 [2022-11-18 20:37:50,156 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-18 20:37:50,164 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-18 20:37:50,209 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2022-11-18 20:37:50,210 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2022-11-18 20:37:50,210 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2022-11-18 20:37:50,210 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-18 20:37:50,210 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2022-11-18 20:37:50,211 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2022-11-18 20:37:50,211 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-18 20:37:50,211 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-18 20:37:50,413 INFO L235 CfgBuilder]: Building ICFG [2022-11-18 20:37:50,415 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-18 20:37:50,686 INFO L276 CfgBuilder]: Performing block encoding [2022-11-18 20:37:50,693 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-18 20:37:50,694 INFO L300 CfgBuilder]: Removed 1 assume(true) statements. [2022-11-18 20:37:50,696 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 08:37:50 BoogieIcfgContainer [2022-11-18 20:37:50,696 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-18 20:37:50,714 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-18 20:37:50,714 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-18 20:37:50,717 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-18 20:37:50,718 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 18.11 08:37:49" (1/3) ... [2022-11-18 20:37:50,719 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@308e221f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 08:37:50, skipping insertion in model container [2022-11-18 20:37:50,719 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 18.11 08:37:49" (2/3) ... [2022-11-18 20:37:50,719 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@308e221f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 18.11 08:37:50, skipping insertion in model container [2022-11-18 20:37:50,719 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 08:37:50" (3/3) ... [2022-11-18 20:37:50,721 INFO L112 eAbstractionObserver]: Analyzing ICFG memleaks_test18_3.i [2022-11-18 20:37:50,748 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-18 20:37:50,748 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 3 error locations. [2022-11-18 20:37:50,853 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-18 20:37:50,863 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=false, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=All, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@57a0e30c, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-18 20:37:50,864 INFO L358 AbstractCegarLoop]: Starting to check reachability of 3 error locations. [2022-11-18 20:37:50,870 INFO L276 IsEmpty]: Start isEmpty. Operand has 21 states, 14 states have (on average 1.5) internal successors, (21), 17 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-18 20:37:50,880 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-11-18 20:37:50,880 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:50,882 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:50,882 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:50,892 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:50,893 INFO L85 PathProgramCache]: Analyzing trace with hash -74700687, now seen corresponding path program 1 times [2022-11-18 20:37:50,910 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:50,912 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1821725525] [2022-11-18 20:37:50,913 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:50,913 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:50,913 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:50,921 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:50,963 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-11-18 20:37:51,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:51,049 INFO L263 TraceCheckSpWp]: Trace formula consists of 42 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-18 20:37:51,055 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:51,186 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-18 20:37:51,189 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-18 20:37:51,190 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:37:51,191 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1821725525] [2022-11-18 20:37:51,192 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1821725525] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-18 20:37:51,192 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-18 20:37:51,193 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-18 20:37:51,196 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [836099359] [2022-11-18 20:37:51,199 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-18 20:37:51,205 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-18 20:37:51,207 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:37:51,250 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-18 20:37:51,251 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-18 20:37:51,253 INFO L87 Difference]: Start difference. First operand has 21 states, 14 states have (on average 1.5) internal successors, (21), 17 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Second operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-18 20:37:51,378 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:37:51,379 INFO L93 Difference]: Finished difference Result 37 states and 43 transitions. [2022-11-18 20:37:51,381 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-18 20:37:51,383 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-11-18 20:37:51,383 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:37:51,390 INFO L225 Difference]: With dead ends: 37 [2022-11-18 20:37:51,390 INFO L226 Difference]: Without dead ends: 33 [2022-11-18 20:37:51,392 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-18 20:37:51,396 INFO L413 NwaCegarLoop]: 24 mSDtfsCounter, 12 mSDsluCounter, 59 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 14 SdHoareTripleChecker+Valid, 83 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-18 20:37:51,397 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [14 Valid, 83 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-18 20:37:51,420 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 33 states. [2022-11-18 20:37:51,444 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 33 to 23. [2022-11-18 20:37:51,446 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 23 states, 16 states have (on average 1.3125) internal successors, (21), 18 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-18 20:37:51,448 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 23 states to 23 states and 27 transitions. [2022-11-18 20:37:51,449 INFO L78 Accepts]: Start accepts. Automaton has 23 states and 27 transitions. Word has length 11 [2022-11-18 20:37:51,450 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:37:51,450 INFO L495 AbstractCegarLoop]: Abstraction has 23 states and 27 transitions. [2022-11-18 20:37:51,451 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-18 20:37:51,451 INFO L276 IsEmpty]: Start isEmpty. Operand 23 states and 27 transitions. [2022-11-18 20:37:51,452 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-11-18 20:37:51,453 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:51,453 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:51,468 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:51,666 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:51,667 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:51,668 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:51,668 INFO L85 PathProgramCache]: Analyzing trace with hash 812802994, now seen corresponding path program 1 times [2022-11-18 20:37:51,669 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:51,669 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1895947006] [2022-11-18 20:37:51,669 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:51,670 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:51,670 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:51,673 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:51,726 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-11-18 20:37:51,774 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:51,776 INFO L263 TraceCheckSpWp]: Trace formula consists of 36 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-18 20:37:51,779 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:51,823 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-18 20:37:51,824 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-18 20:37:51,824 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:37:51,825 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1895947006] [2022-11-18 20:37:51,825 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1895947006] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-18 20:37:51,825 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-18 20:37:51,826 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-18 20:37:51,826 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [788774084] [2022-11-18 20:37:51,827 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-18 20:37:51,828 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-18 20:37:51,828 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:37:51,829 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-18 20:37:51,830 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-18 20:37:51,830 INFO L87 Difference]: Start difference. First operand 23 states and 27 transitions. Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-18 20:37:51,914 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:37:51,915 INFO L93 Difference]: Finished difference Result 32 states and 38 transitions. [2022-11-18 20:37:51,915 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-18 20:37:51,916 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-11-18 20:37:51,917 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:37:51,918 INFO L225 Difference]: With dead ends: 32 [2022-11-18 20:37:51,918 INFO L226 Difference]: Without dead ends: 30 [2022-11-18 20:37:51,919 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-18 20:37:51,920 INFO L413 NwaCegarLoop]: 32 mSDtfsCounter, 8 mSDsluCounter, 34 mSDsCounter, 0 mSdLazyCounter, 26 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 66 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 26 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-18 20:37:51,921 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 66 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 26 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-18 20:37:51,925 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 30 states. [2022-11-18 20:37:51,934 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 30 to 28. [2022-11-18 20:37:51,935 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 28 states, 20 states have (on average 1.3) internal successors, (26), 22 states have internal predecessors, (26), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2022-11-18 20:37:51,940 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 28 states to 28 states and 35 transitions. [2022-11-18 20:37:51,940 INFO L78 Accepts]: Start accepts. Automaton has 28 states and 35 transitions. Word has length 11 [2022-11-18 20:37:51,941 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:37:51,941 INFO L495 AbstractCegarLoop]: Abstraction has 28 states and 35 transitions. [2022-11-18 20:37:51,941 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-18 20:37:51,941 INFO L276 IsEmpty]: Start isEmpty. Operand 28 states and 35 transitions. [2022-11-18 20:37:51,942 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 13 [2022-11-18 20:37:51,942 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:51,945 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:51,965 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:52,158 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:52,159 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:52,159 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:52,160 INFO L85 PathProgramCache]: Analyzing trace with hash 1979292102, now seen corresponding path program 1 times [2022-11-18 20:37:52,160 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:52,161 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1827495105] [2022-11-18 20:37:52,161 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:52,161 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:52,161 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:52,171 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:52,194 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-11-18 20:37:52,274 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:52,277 INFO L263 TraceCheckSpWp]: Trace formula consists of 42 conjuncts, 3 conjunts are in the unsatisfiable core [2022-11-18 20:37:52,281 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:52,369 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-18 20:37:52,370 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-18 20:37:52,372 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:37:52,373 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1827495105] [2022-11-18 20:37:52,374 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1827495105] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-18 20:37:52,375 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-18 20:37:52,375 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-18 20:37:52,376 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [877808124] [2022-11-18 20:37:52,376 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-18 20:37:52,376 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-18 20:37:52,377 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:37:52,378 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-18 20:37:52,378 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2022-11-18 20:37:52,379 INFO L87 Difference]: Start difference. First operand 28 states and 35 transitions. Second operand has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-18 20:37:52,496 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:37:52,497 INFO L93 Difference]: Finished difference Result 40 states and 53 transitions. [2022-11-18 20:37:52,498 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-18 20:37:52,499 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 12 [2022-11-18 20:37:52,500 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:37:52,502 INFO L225 Difference]: With dead ends: 40 [2022-11-18 20:37:52,503 INFO L226 Difference]: Without dead ends: 40 [2022-11-18 20:37:52,503 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2022-11-18 20:37:52,511 INFO L413 NwaCegarLoop]: 17 mSDtfsCounter, 17 mSDsluCounter, 16 mSDsCounter, 0 mSdLazyCounter, 15 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 33 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 15 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-18 20:37:52,515 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 33 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 15 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-18 20:37:52,517 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2022-11-18 20:37:52,523 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 29. [2022-11-18 20:37:52,525 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 29 states, 21 states have (on average 1.2857142857142858) internal successors, (27), 23 states have internal predecessors, (27), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2022-11-18 20:37:52,527 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 29 states to 29 states and 36 transitions. [2022-11-18 20:37:52,529 INFO L78 Accepts]: Start accepts. Automaton has 29 states and 36 transitions. Word has length 12 [2022-11-18 20:37:52,529 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:37:52,529 INFO L495 AbstractCegarLoop]: Abstraction has 29 states and 36 transitions. [2022-11-18 20:37:52,530 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-18 20:37:52,530 INFO L276 IsEmpty]: Start isEmpty. Operand 29 states and 36 transitions. [2022-11-18 20:37:52,531 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-18 20:37:52,531 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:52,532 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:52,558 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:52,758 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:52,759 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:52,759 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:52,760 INFO L85 PathProgramCache]: Analyzing trace with hash -938120081, now seen corresponding path program 1 times [2022-11-18 20:37:52,760 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:52,761 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1833929024] [2022-11-18 20:37:52,761 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:52,761 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:52,761 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:52,773 INFO L229 MonitoredProcess]: Starting monitored process 5 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:52,776 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-11-18 20:37:52,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:52,875 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 9 conjunts are in the unsatisfiable core [2022-11-18 20:37:52,879 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:52,923 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:37:53,033 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_10 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_10))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:37:53,089 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:37:53,090 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:37:53,105 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-18 20:37:53,106 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:37:53,454 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-18 20:37:53,454 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:37:53,455 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1833929024] [2022-11-18 20:37:53,455 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1833929024] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-18 20:37:53,455 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:37:53,455 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 5] total 7 [2022-11-18 20:37:53,455 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [958115719] [2022-11-18 20:37:53,456 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:37:53,457 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-18 20:37:53,457 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:37:53,458 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-18 20:37:53,458 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=31, Unknown=1, NotChecked=10, Total=56 [2022-11-18 20:37:53,458 INFO L87 Difference]: Start difference. First operand 29 states and 36 transitions. Second operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-18 20:37:53,649 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:37:53,649 INFO L93 Difference]: Finished difference Result 36 states and 46 transitions. [2022-11-18 20:37:53,650 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-18 20:37:53,650 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-11-18 20:37:53,651 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:37:53,652 INFO L225 Difference]: With dead ends: 36 [2022-11-18 20:37:53,652 INFO L226 Difference]: Without dead ends: 36 [2022-11-18 20:37:53,652 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 24 SyntacticMatches, 2 SemanticMatches, 7 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=18, Invalid=41, Unknown=1, NotChecked=12, Total=72 [2022-11-18 20:37:53,654 INFO L413 NwaCegarLoop]: 18 mSDtfsCounter, 8 mSDsluCounter, 36 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 54 SdHoareTripleChecker+Invalid, 100 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 42 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-18 20:37:53,655 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 54 Invalid, 100 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 55 Invalid, 0 Unknown, 42 Unchecked, 0.1s Time] [2022-11-18 20:37:53,655 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 36 states. [2022-11-18 20:37:53,660 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 36 to 35. [2022-11-18 20:37:53,661 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 35 states, 26 states have (on average 1.3076923076923077) internal successors, (34), 27 states have internal predecessors, (34), 4 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (8), 6 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-18 20:37:53,662 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 35 states to 35 states and 46 transitions. [2022-11-18 20:37:53,662 INFO L78 Accepts]: Start accepts. Automaton has 35 states and 46 transitions. Word has length 17 [2022-11-18 20:37:53,663 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:37:53,663 INFO L495 AbstractCegarLoop]: Abstraction has 35 states and 46 transitions. [2022-11-18 20:37:53,663 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-18 20:37:53,664 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 46 transitions. [2022-11-18 20:37:53,664 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-18 20:37:53,665 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:53,665 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:53,685 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:53,878 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:53,879 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:53,879 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:53,880 INFO L85 PathProgramCache]: Analyzing trace with hash -938120080, now seen corresponding path program 1 times [2022-11-18 20:37:53,880 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:53,880 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1875168498] [2022-11-18 20:37:53,880 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:53,881 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:53,881 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:53,882 INFO L229 MonitoredProcess]: Starting monitored process 6 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:53,898 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-11-18 20:37:53,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:53,980 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 20 conjunts are in the unsatisfiable core [2022-11-18 20:37:53,984 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:54,011 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:37:54,018 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:37:54,236 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_21 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_21) |c_#length|)))) is different from true [2022-11-18 20:37:54,284 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:37:54,286 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:37:54,306 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:37:54,307 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:37:54,350 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-18 20:37:54,350 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:37:56,958 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:37:56,959 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1875168498] [2022-11-18 20:37:56,959 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1875168498] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:37:56,959 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1138938791] [2022-11-18 20:37:56,959 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:56,960 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:37:56,960 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:37:56,966 INFO L229 MonitoredProcess]: Starting monitored process 7 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:37:56,974 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (7)] Waiting until timeout for monitored process [2022-11-18 20:37:57,155 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:57,157 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 20 conjunts are in the unsatisfiable core [2022-11-18 20:37:57,171 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:57,211 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:37:57,222 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:37:57,354 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_31 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_31) |c_#length|)))) is different from true [2022-11-18 20:37:57,408 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:37:57,411 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:37:57,425 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:37:57,425 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:37:57,445 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-18 20:37:57,445 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:37:57,804 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1138938791] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:37:57,805 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:37:57,805 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 10 [2022-11-18 20:37:57,805 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1049722782] [2022-11-18 20:37:57,805 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:37:57,806 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-11-18 20:37:57,806 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:37:57,806 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-11-18 20:37:57,806 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=89, Unknown=2, NotChecked=38, Total=156 [2022-11-18 20:37:57,807 INFO L87 Difference]: Start difference. First operand 35 states and 46 transitions. Second operand has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-18 20:37:58,309 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:37:58,309 INFO L93 Difference]: Finished difference Result 43 states and 54 transitions. [2022-11-18 20:37:58,310 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-11-18 20:37:58,310 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-11-18 20:37:58,310 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:37:58,311 INFO L225 Difference]: With dead ends: 43 [2022-11-18 20:37:58,311 INFO L226 Difference]: Without dead ends: 43 [2022-11-18 20:37:58,312 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 26 SyntacticMatches, 1 SemanticMatches, 13 ConstructedPredicates, 2 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 2.9s TimeCoverageRelationStatistics Valid=35, Invalid=127, Unknown=2, NotChecked=46, Total=210 [2022-11-18 20:37:58,312 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 17 mSDsluCounter, 76 mSDsCounter, 0 mSdLazyCounter, 145 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 99 SdHoareTripleChecker+Invalid, 217 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 145 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 66 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-18 20:37:58,313 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 99 Invalid, 217 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 145 Invalid, 0 Unknown, 66 Unchecked, 0.3s Time] [2022-11-18 20:37:58,313 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 43 states. [2022-11-18 20:37:58,322 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 43 to 38. [2022-11-18 20:37:58,330 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 38 states, 28 states have (on average 1.2857142857142858) internal successors, (36), 29 states have internal predecessors, (36), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (10), 7 states have call predecessors, (10), 5 states have call successors, (10) [2022-11-18 20:37:58,332 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 38 states to 38 states and 51 transitions. [2022-11-18 20:37:58,332 INFO L78 Accepts]: Start accepts. Automaton has 38 states and 51 transitions. Word has length 17 [2022-11-18 20:37:58,333 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:37:58,333 INFO L495 AbstractCegarLoop]: Abstraction has 38 states and 51 transitions. [2022-11-18 20:37:58,333 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-18 20:37:58,333 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 51 transitions. [2022-11-18 20:37:58,334 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-18 20:37:58,334 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:58,335 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:58,344 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (7)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:58,546 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:58,737 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,6 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:58,738 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:58,739 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:58,739 INFO L85 PathProgramCache]: Analyzing trace with hash -1231523088, now seen corresponding path program 1 times [2022-11-18 20:37:58,739 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:58,739 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [451096153] [2022-11-18 20:37:58,739 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:58,740 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:58,740 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:58,741 INFO L229 MonitoredProcess]: Starting monitored process 8 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:58,744 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-11-18 20:37:58,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:58,819 INFO L263 TraceCheckSpWp]: Trace formula consists of 55 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-18 20:37:58,821 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:58,888 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-18 20:37:58,889 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-18 20:37:58,889 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:37:58,889 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [451096153] [2022-11-18 20:37:58,889 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [451096153] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-18 20:37:58,890 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-18 20:37:58,890 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-18 20:37:58,890 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1393450212] [2022-11-18 20:37:58,890 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-18 20:37:58,892 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-18 20:37:58,893 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:37:58,893 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-18 20:37:58,893 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-18 20:37:58,894 INFO L87 Difference]: Start difference. First operand 38 states and 51 transitions. Second operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-18 20:37:58,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:37:58,939 INFO L93 Difference]: Finished difference Result 26 states and 30 transitions. [2022-11-18 20:37:58,940 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-18 20:37:58,941 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-11-18 20:37:58,943 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:37:58,945 INFO L225 Difference]: With dead ends: 26 [2022-11-18 20:37:58,945 INFO L226 Difference]: Without dead ends: 24 [2022-11-18 20:37:58,945 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-18 20:37:58,948 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 0 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 79 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-18 20:37:58,949 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 79 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-18 20:37:58,950 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 24 states. [2022-11-18 20:37:58,960 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 24 to 24. [2022-11-18 20:37:58,961 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 24 states, 17 states have (on average 1.1764705882352942) internal successors, (20), 19 states have internal predecessors, (20), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-18 20:37:58,963 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 28 transitions. [2022-11-18 20:37:58,966 INFO L78 Accepts]: Start accepts. Automaton has 24 states and 28 transitions. Word has length 17 [2022-11-18 20:37:58,966 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:37:58,967 INFO L495 AbstractCegarLoop]: Abstraction has 24 states and 28 transitions. [2022-11-18 20:37:58,967 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-18 20:37:58,967 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 28 transitions. [2022-11-18 20:37:58,968 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-18 20:37:58,968 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:58,968 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:58,989 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:59,183 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:59,183 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:59,184 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:59,184 INFO L85 PathProgramCache]: Analyzing trace with hash -1382319161, now seen corresponding path program 1 times [2022-11-18 20:37:59,184 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:59,185 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1901773398] [2022-11-18 20:37:59,185 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:59,186 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:59,186 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:59,187 INFO L229 MonitoredProcess]: Starting monitored process 9 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:59,193 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-11-18 20:37:59,283 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:59,286 INFO L263 TraceCheckSpWp]: Trace formula consists of 77 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-18 20:37:59,288 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:37:59,379 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-18 20:37:59,380 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:37:59,479 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-18 20:37:59,479 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:37:59,480 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1901773398] [2022-11-18 20:37:59,480 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1901773398] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-18 20:37:59,480 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:37:59,480 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 5] total 8 [2022-11-18 20:37:59,480 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1006538606] [2022-11-18 20:37:59,480 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:37:59,481 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-18 20:37:59,481 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:37:59,481 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-18 20:37:59,482 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-11-18 20:37:59,482 INFO L87 Difference]: Start difference. First operand 24 states and 28 transitions. Second operand has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-18 20:37:59,636 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:37:59,636 INFO L93 Difference]: Finished difference Result 38 states and 46 transitions. [2022-11-18 20:37:59,637 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-18 20:37:59,637 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 21 [2022-11-18 20:37:59,638 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:37:59,638 INFO L225 Difference]: With dead ends: 38 [2022-11-18 20:37:59,638 INFO L226 Difference]: Without dead ends: 38 [2022-11-18 20:37:59,639 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=38, Invalid=52, Unknown=0, NotChecked=0, Total=90 [2022-11-18 20:37:59,639 INFO L413 NwaCegarLoop]: 20 mSDtfsCounter, 60 mSDsluCounter, 29 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 61 SdHoareTripleChecker+Valid, 49 SdHoareTripleChecker+Invalid, 50 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-18 20:37:59,640 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [61 Valid, 49 Invalid, 50 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-18 20:37:59,640 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 38 states. [2022-11-18 20:37:59,644 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 38 to 36. [2022-11-18 20:37:59,644 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1851851851851851) internal successors, (32), 29 states have internal predecessors, (32), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-18 20:37:59,645 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 46 transitions. [2022-11-18 20:37:59,645 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 46 transitions. Word has length 21 [2022-11-18 20:37:59,646 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:37:59,646 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 46 transitions. [2022-11-18 20:37:59,646 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-18 20:37:59,647 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 46 transitions. [2022-11-18 20:37:59,648 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-11-18 20:37:59,648 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:37:59,648 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:37:59,668 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (9)] Forceful destruction successful, exit code 0 [2022-11-18 20:37:59,862 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:59,862 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:37:59,863 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:37:59,863 INFO L85 PathProgramCache]: Analyzing trace with hash -704273649, now seen corresponding path program 1 times [2022-11-18 20:37:59,863 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:37:59,863 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2087596667] [2022-11-18 20:37:59,864 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:37:59,864 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:37:59,864 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:37:59,867 INFO L229 MonitoredProcess]: Starting monitored process 10 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:37:59,906 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-11-18 20:37:59,989 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:37:59,995 INFO L263 TraceCheckSpWp]: Trace formula consists of 96 conjuncts, 28 conjunts are in the unsatisfiable core [2022-11-18 20:37:59,999 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:00,027 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:00,034 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:00,291 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_61 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_61))))) is different from true [2022-11-18 20:38:00,325 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:00,326 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:00,347 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:00,347 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:00,526 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_62 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_62) |c_#length|)))) is different from true [2022-11-18 20:38:00,558 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:00,560 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:00,574 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:00,575 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:00,629 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 2 trivial. 6 not checked. [2022-11-18 20:38:00,630 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:03,392 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:38:03,392 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2087596667] [2022-11-18 20:38:03,392 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2087596667] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:03,392 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [651357187] [2022-11-18 20:38:03,392 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:38:03,393 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:03,393 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:38:03,397 INFO L229 MonitoredProcess]: Starting monitored process 11 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:38:03,399 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (11)] Waiting until timeout for monitored process [2022-11-18 20:38:03,615 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:38:03,620 INFO L263 TraceCheckSpWp]: Trace formula consists of 96 conjuncts, 28 conjunts are in the unsatisfiable core [2022-11-18 20:38:03,624 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:03,659 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:03,667 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:03,781 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_80 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_80) |c_#length|)))) is different from true [2022-11-18 20:38:03,831 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:03,834 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:03,853 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:03,853 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:03,955 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_81 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_81))))) is different from true [2022-11-18 20:38:03,984 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:03,986 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:04,008 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:04,008 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:04,025 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 2 trivial. 6 not checked. [2022-11-18 20:38:04,025 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:04,327 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [651357187] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:04,327 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:38:04,327 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 12] total 14 [2022-11-18 20:38:04,327 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1734810343] [2022-11-18 20:38:04,327 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:38:04,328 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-18 20:38:04,328 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:38:04,329 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-18 20:38:04,329 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=129, Unknown=4, NotChecked=100, Total=272 [2022-11-18 20:38:04,329 INFO L87 Difference]: Start difference. First operand 36 states and 46 transitions. Second operand has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-18 20:38:04,861 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:38:04,861 INFO L93 Difference]: Finished difference Result 40 states and 49 transitions. [2022-11-18 20:38:04,862 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-18 20:38:04,862 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) Word has length 26 [2022-11-18 20:38:04,862 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:38:04,863 INFO L225 Difference]: With dead ends: 40 [2022-11-18 20:38:04,863 INFO L226 Difference]: Without dead ends: 40 [2022-11-18 20:38:04,863 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 58 GetRequests, 40 SyntacticMatches, 1 SemanticMatches, 17 ConstructedPredicates, 4 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 3.1s TimeCoverageRelationStatistics Valid=47, Invalid=175, Unknown=4, NotChecked=116, Total=342 [2022-11-18 20:38:04,864 INFO L413 NwaCegarLoop]: 17 mSDtfsCounter, 13 mSDsluCounter, 73 mSDsCounter, 0 mSdLazyCounter, 154 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 13 SdHoareTripleChecker+Valid, 90 SdHoareTripleChecker+Invalid, 276 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 114 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-18 20:38:04,864 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [13 Valid, 90 Invalid, 276 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 154 Invalid, 0 Unknown, 114 Unchecked, 0.3s Time] [2022-11-18 20:38:04,865 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2022-11-18 20:38:04,868 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 36. [2022-11-18 20:38:04,869 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1481481481481481) internal successors, (31), 29 states have internal predecessors, (31), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-18 20:38:04,869 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 45 transitions. [2022-11-18 20:38:04,870 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 45 transitions. Word has length 26 [2022-11-18 20:38:04,870 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:38:04,870 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 45 transitions. [2022-11-18 20:38:04,871 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-18 20:38:04,871 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 45 transitions. [2022-11-18 20:38:04,872 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-11-18 20:38:04,872 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:38:04,872 INFO L195 NwaCegarLoop]: trace histogram [4, 4, 4, 3, 3, 3, 3, 2, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:38:04,889 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (10)] Ended with exit code 0 [2022-11-18 20:38:05,087 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (11)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:05,284 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,11 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:05,285 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:38:05,285 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:38:05,285 INFO L85 PathProgramCache]: Analyzing trace with hash -1383108784, now seen corresponding path program 2 times [2022-11-18 20:38:05,286 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:38:05,286 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1398928800] [2022-11-18 20:38:05,286 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:38:05,286 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:05,286 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:38:05,288 INFO L229 MonitoredProcess]: Starting monitored process 12 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:38:05,306 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (12)] Waiting until timeout for monitored process [2022-11-18 20:38:05,432 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:38:05,432 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:05,438 INFO L263 TraceCheckSpWp]: Trace formula consists of 131 conjuncts, 36 conjunts are in the unsatisfiable core [2022-11-18 20:38:05,442 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:05,464 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:05,471 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:05,661 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_107 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_107) |c_#length|)))) is different from true [2022-11-18 20:38:05,685 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:05,686 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:05,698 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:05,698 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:05,837 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_108 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_108) |c_#length|)))) is different from true [2022-11-18 20:38:05,862 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:05,863 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:05,874 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:05,875 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:06,030 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_109 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_109))))) is different from true [2022-11-18 20:38:06,072 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:06,073 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:06,090 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:06,094 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:06,135 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 6 trivial. 12 not checked. [2022-11-18 20:38:06,135 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:06,566 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:38:06,567 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1398928800] [2022-11-18 20:38:06,567 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1398928800] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:06,567 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [563939274] [2022-11-18 20:38:06,567 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:38:06,567 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:06,567 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:38:06,568 INFO L229 MonitoredProcess]: Starting monitored process 13 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:38:06,571 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (13)] Waiting until timeout for monitored process [2022-11-18 20:38:06,763 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:38:06,763 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:06,766 INFO L263 TraceCheckSpWp]: Trace formula consists of 131 conjuncts, 36 conjunts are in the unsatisfiable core [2022-11-18 20:38:06,770 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:06,780 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:06,789 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:06,872 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_135 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_135) |c_#length|)))) is different from true [2022-11-18 20:38:06,896 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:06,897 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:06,907 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:06,908 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:06,978 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_136 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_136))))) is different from true [2022-11-18 20:38:07,000 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:07,001 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:07,016 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:07,017 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:07,113 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_137 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_137) |c_#length|)))) is different from true [2022-11-18 20:38:07,138 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:07,139 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:07,150 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:07,150 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:07,163 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 6 trivial. 12 not checked. [2022-11-18 20:38:07,163 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:07,415 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [563939274] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:07,415 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:38:07,415 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 15] total 18 [2022-11-18 20:38:07,416 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [676815232] [2022-11-18 20:38:07,416 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:38:07,416 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 19 states [2022-11-18 20:38:07,416 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:38:07,417 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2022-11-18 20:38:07,417 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=51, Invalid=177, Unknown=6, NotChecked=186, Total=420 [2022-11-18 20:38:07,417 INFO L87 Difference]: Start difference. First operand 36 states and 45 transitions. Second operand has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-18 20:38:08,074 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:38:08,074 INFO L93 Difference]: Finished difference Result 42 states and 50 transitions. [2022-11-18 20:38:08,075 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-18 20:38:08,075 INFO L78 Accepts]: Start accepts. Automaton has has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) Word has length 35 [2022-11-18 20:38:08,075 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:38:08,076 INFO L225 Difference]: With dead ends: 42 [2022-11-18 20:38:08,076 INFO L226 Difference]: Without dead ends: 42 [2022-11-18 20:38:08,077 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 76 GetRequests, 54 SyntacticMatches, 1 SemanticMatches, 21 ConstructedPredicates, 6 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.9s TimeCoverageRelationStatistics Valid=59, Invalid=231, Unknown=6, NotChecked=210, Total=506 [2022-11-18 20:38:08,077 INFO L413 NwaCegarLoop]: 20 mSDtfsCounter, 15 mSDsluCounter, 110 mSDsCounter, 0 mSdLazyCounter, 251 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 130 SdHoareTripleChecker+Invalid, 468 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 251 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 207 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-18 20:38:08,078 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [15 Valid, 130 Invalid, 468 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 251 Invalid, 0 Unknown, 207 Unchecked, 0.4s Time] [2022-11-18 20:38:08,079 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2022-11-18 20:38:08,082 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 36. [2022-11-18 20:38:08,083 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1111111111111112) internal successors, (30), 29 states have internal predecessors, (30), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-18 20:38:08,083 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 44 transitions. [2022-11-18 20:38:08,083 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 44 transitions. Word has length 35 [2022-11-18 20:38:08,084 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:38:08,084 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 44 transitions. [2022-11-18 20:38:08,084 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-18 20:38:08,084 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 44 transitions. [2022-11-18 20:38:08,085 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2022-11-18 20:38:08,086 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:38:08,086 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 3, 3, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:38:08,090 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (13)] Ended with exit code 0 [2022-11-18 20:38:08,297 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (12)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:08,489 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 13 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,12 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:08,489 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:38:08,490 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:38:08,490 INFO L85 PathProgramCache]: Analyzing trace with hash -856630225, now seen corresponding path program 3 times [2022-11-18 20:38:08,490 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:38:08,490 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [812667923] [2022-11-18 20:38:08,490 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:38:08,491 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:08,491 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:38:08,491 INFO L229 MonitoredProcess]: Starting monitored process 14 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:38:08,493 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (14)] Waiting until timeout for monitored process [2022-11-18 20:38:08,687 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2022-11-18 20:38:08,687 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:08,695 INFO L263 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 44 conjunts are in the unsatisfiable core [2022-11-18 20:38:08,699 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:08,724 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:08,734 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:08,911 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_171 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_171) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:38:08,935 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:08,936 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:08,948 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:08,948 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:09,097 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_172 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_172))))) is different from true [2022-11-18 20:38:09,124 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:09,127 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:09,145 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:09,146 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:09,305 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_173 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_173))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:38:09,332 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:09,333 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:09,347 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:09,348 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:09,482 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_174 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_174) |c_#length|)))) is different from true [2022-11-18 20:38:09,518 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:09,519 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:09,534 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:09,535 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:09,582 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 31 refuted. 0 times theorem prover too weak. 12 trivial. 20 not checked. [2022-11-18 20:38:09,583 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:12,029 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:38:12,030 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [812667923] [2022-11-18 20:38:12,030 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [812667923] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:12,030 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1485706615] [2022-11-18 20:38:12,030 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:38:12,030 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:12,030 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:38:12,032 INFO L229 MonitoredProcess]: Starting monitored process 15 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:38:12,034 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (15)] Waiting until timeout for monitored process [2022-11-18 20:38:12,444 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2022-11-18 20:38:12,445 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:12,453 INFO L263 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 53 conjunts are in the unsatisfiable core [2022-11-18 20:38:12,459 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:12,472 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:12,480 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:12,684 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:12,684 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:12,695 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:13,008 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:38:13,009 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:38:13,035 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:13,035 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:13,370 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:38:13,371 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:38:13,400 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:13,400 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:13,630 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_214 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_214))))) is different from true [2022-11-18 20:38:13,656 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:13,657 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:13,674 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:13,674 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:13,692 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 37 refuted. 0 times theorem prover too weak. 18 trivial. 8 not checked. [2022-11-18 20:38:13,692 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:16,022 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1485706615] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:16,022 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:38:16,022 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [18, 19] total 26 [2022-11-18 20:38:16,023 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1203344027] [2022-11-18 20:38:16,023 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:38:16,023 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 27 states [2022-11-18 20:38:16,023 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:38:16,024 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2022-11-18 20:38:16,025 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=83, Invalid=484, Unknown=5, NotChecked=240, Total=812 [2022-11-18 20:38:16,025 INFO L87 Difference]: Start difference. First operand 36 states and 44 transitions. Second operand has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-18 20:38:17,511 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:38:17,512 INFO L93 Difference]: Finished difference Result 57 states and 71 transitions. [2022-11-18 20:38:17,512 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-18 20:38:17,513 INFO L78 Accepts]: Start accepts. Automaton has has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) Word has length 44 [2022-11-18 20:38:17,513 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:38:17,514 INFO L225 Difference]: With dead ends: 57 [2022-11-18 20:38:17,514 INFO L226 Difference]: Without dead ends: 57 [2022-11-18 20:38:17,515 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 97 GetRequests, 62 SyntacticMatches, 3 SemanticMatches, 32 ConstructedPredicates, 5 IntricatePredicates, 0 DeprecatedPredicates, 132 ImplicationChecksByTransitivity, 5.8s TimeCoverageRelationStatistics Valid=113, Invalid=714, Unknown=5, NotChecked=290, Total=1122 [2022-11-18 20:38:17,516 INFO L413 NwaCegarLoop]: 21 mSDtfsCounter, 24 mSDsluCounter, 173 mSDsCounter, 0 mSdLazyCounter, 650 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 194 SdHoareTripleChecker+Invalid, 998 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 650 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 329 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-18 20:38:17,516 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 194 Invalid, 998 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 650 Invalid, 0 Unknown, 329 Unchecked, 1.1s Time] [2022-11-18 20:38:17,517 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2022-11-18 20:38:17,521 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 39. [2022-11-18 20:38:17,522 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 39 states, 29 states have (on average 1.103448275862069) internal successors, (32), 31 states have internal predecessors, (32), 6 states have call successors, (6), 1 states have call predecessors, (6), 2 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-18 20:38:17,523 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 49 transitions. [2022-11-18 20:38:17,523 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 49 transitions. Word has length 44 [2022-11-18 20:38:17,524 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:38:17,525 INFO L495 AbstractCegarLoop]: Abstraction has 39 states and 49 transitions. [2022-11-18 20:38:17,525 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-18 20:38:17,525 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 49 transitions. [2022-11-18 20:38:17,527 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-11-18 20:38:17,527 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:38:17,527 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 4, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:38:17,543 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (14)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:17,749 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (15)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:17,942 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,15 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:17,943 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:38:17,943 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:38:17,943 INFO L85 PathProgramCache]: Analyzing trace with hash -206900218, now seen corresponding path program 2 times [2022-11-18 20:38:17,944 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:38:17,944 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1871459516] [2022-11-18 20:38:17,944 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:38:17,945 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:17,945 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:38:17,947 INFO L229 MonitoredProcess]: Starting monitored process 16 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:38:17,949 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (16)] Waiting until timeout for monitored process [2022-11-18 20:38:18,095 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:38:18,095 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:18,101 INFO L263 TraceCheckSpWp]: Trace formula consists of 182 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-18 20:38:18,108 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:18,322 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-11-18 20:38:18,322 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:18,689 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-11-18 20:38:18,689 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:38:18,690 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1871459516] [2022-11-18 20:38:18,690 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1871459516] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-18 20:38:18,690 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:38:18,690 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 14 [2022-11-18 20:38:18,691 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [71521104] [2022-11-18 20:38:18,691 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:38:18,693 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-11-18 20:38:18,693 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:38:18,695 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-11-18 20:38:18,695 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=61, Invalid=121, Unknown=0, NotChecked=0, Total=182 [2022-11-18 20:38:18,696 INFO L87 Difference]: Start difference. First operand 39 states and 49 transitions. Second operand has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2022-11-18 20:38:19,382 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:38:19,382 INFO L93 Difference]: Finished difference Result 71 states and 91 transitions. [2022-11-18 20:38:19,383 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-18 20:38:19,383 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) Word has length 48 [2022-11-18 20:38:19,383 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:38:19,384 INFO L225 Difference]: With dead ends: 71 [2022-11-18 20:38:19,384 INFO L226 Difference]: Without dead ends: 71 [2022-11-18 20:38:19,385 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 99 GetRequests, 82 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.5s TimeCoverageRelationStatistics Valid=131, Invalid=211, Unknown=0, NotChecked=0, Total=342 [2022-11-18 20:38:19,386 INFO L413 NwaCegarLoop]: 32 mSDtfsCounter, 104 mSDsluCounter, 120 mSDsCounter, 0 mSdLazyCounter, 169 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 105 SdHoareTripleChecker+Valid, 152 SdHoareTripleChecker+Invalid, 198 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 169 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-18 20:38:19,386 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [105 Valid, 152 Invalid, 198 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 169 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-18 20:38:19,387 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 71 states. [2022-11-18 20:38:19,392 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 71 to 66. [2022-11-18 20:38:19,393 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1568627450980393) internal successors, (59), 53 states have internal predecessors, (59), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-18 20:38:19,394 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 91 transitions. [2022-11-18 20:38:19,394 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 91 transitions. Word has length 48 [2022-11-18 20:38:19,395 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:38:19,395 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 91 transitions. [2022-11-18 20:38:19,395 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2022-11-18 20:38:19,395 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 91 transitions. [2022-11-18 20:38:19,396 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2022-11-18 20:38:19,397 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:38:19,397 INFO L195 NwaCegarLoop]: trace histogram [6, 6, 6, 5, 5, 5, 5, 4, 4, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:38:19,411 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (16)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:19,610 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 16 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:19,611 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:38:19,611 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:38:19,611 INFO L85 PathProgramCache]: Analyzing trace with hash 845314608, now seen corresponding path program 4 times [2022-11-18 20:38:19,612 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:38:19,612 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1694586863] [2022-11-18 20:38:19,612 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:38:19,612 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:19,612 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:38:19,613 INFO L229 MonitoredProcess]: Starting monitored process 17 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:38:19,614 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (17)] Waiting until timeout for monitored process [2022-11-18 20:38:19,812 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:38:19,812 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:19,821 INFO L263 TraceCheckSpWp]: Trace formula consists of 201 conjuncts, 52 conjunts are in the unsatisfiable core [2022-11-18 20:38:19,826 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:19,859 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:19,870 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:20,086 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_290 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_290) |c_#length|)))) is different from true [2022-11-18 20:38:20,124 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:20,126 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:20,148 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:20,148 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:20,309 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_291 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_291) |c_#length|)))) is different from true [2022-11-18 20:38:20,334 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:20,336 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:20,354 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:20,355 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:20,541 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_292 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_292) |c_#length|)))) is different from true [2022-11-18 20:38:20,574 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:20,575 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:20,594 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:20,594 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:20,766 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_293 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_293) |c_#length|)))) is different from true [2022-11-18 20:38:20,791 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:20,796 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:20,820 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:20,820 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:21,008 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_294 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_294) |c_#length|)))) is different from true [2022-11-18 20:38:21,040 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:21,041 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:21,060 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:21,061 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:21,116 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 20 trivial. 30 not checked. [2022-11-18 20:38:21,116 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:29,682 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:38:29,682 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1694586863] [2022-11-18 20:38:29,683 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1694586863] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:29,683 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1341986605] [2022-11-18 20:38:29,683 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:38:29,683 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:29,683 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:38:29,687 INFO L229 MonitoredProcess]: Starting monitored process 18 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:38:29,699 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (18)] Waiting until timeout for monitored process [2022-11-18 20:38:30,014 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:38:30,014 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:30,019 INFO L263 TraceCheckSpWp]: Trace formula consists of 201 conjuncts, 52 conjunts are in the unsatisfiable core [2022-11-18 20:38:30,026 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:30,040 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:30,050 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:30,159 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_336 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_336))))) is different from true [2022-11-18 20:38:30,185 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:30,187 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:30,209 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:30,209 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:30,314 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_337 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_337))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:38:30,346 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:30,347 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:30,368 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:30,369 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:30,462 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_338 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_338) |c_#length|)))) is different from true [2022-11-18 20:38:30,497 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:30,498 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:30,518 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:30,519 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:30,627 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_339 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_339) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:38:30,649 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:30,650 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:30,666 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:30,667 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:30,745 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_340 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_340) |c_#length|)))) is different from true [2022-11-18 20:38:30,765 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:30,766 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:30,782 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:30,783 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:30,799 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 20 trivial. 30 not checked. [2022-11-18 20:38:30,799 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:33,928 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1341986605] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:33,928 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:38:33,929 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [21, 21] total 26 [2022-11-18 20:38:33,929 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1501722674] [2022-11-18 20:38:33,929 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:38:33,929 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 27 states [2022-11-18 20:38:33,930 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:38:33,930 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2022-11-18 20:38:33,931 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=75, Invalid=294, Unknown=13, NotChecked=430, Total=812 [2022-11-18 20:38:33,931 INFO L87 Difference]: Start difference. First operand 66 states and 91 transitions. Second operand has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-18 20:38:35,471 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:38:35,471 INFO L93 Difference]: Finished difference Result 76 states and 100 transitions. [2022-11-18 20:38:35,471 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2022-11-18 20:38:35,472 INFO L78 Accepts]: Start accepts. Automaton has has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) Word has length 53 [2022-11-18 20:38:35,472 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:38:35,474 INFO L225 Difference]: With dead ends: 76 [2022-11-18 20:38:35,474 INFO L226 Difference]: Without dead ends: 76 [2022-11-18 20:38:35,475 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 112 GetRequests, 82 SyntacticMatches, 1 SemanticMatches, 29 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 12.3s TimeCoverageRelationStatistics Valid=83, Invalid=364, Unknown=13, NotChecked=470, Total=930 [2022-11-18 20:38:35,476 INFO L413 NwaCegarLoop]: 26 mSDtfsCounter, 21 mSDsluCounter, 221 mSDsCounter, 0 mSdLazyCounter, 549 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 247 SdHoareTripleChecker+Invalid, 1057 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 549 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 495 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-18 20:38:35,476 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 247 Invalid, 1057 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 549 Invalid, 0 Unknown, 495 Unchecked, 1.1s Time] [2022-11-18 20:38:35,477 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2022-11-18 20:38:35,484 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 66. [2022-11-18 20:38:35,484 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1372549019607843) internal successors, (58), 53 states have internal predecessors, (58), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-18 20:38:35,485 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 90 transitions. [2022-11-18 20:38:35,486 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 90 transitions. Word has length 53 [2022-11-18 20:38:35,486 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:38:35,487 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 90 transitions. [2022-11-18 20:38:35,487 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-18 20:38:35,487 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 90 transitions. [2022-11-18 20:38:35,489 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-18 20:38:35,489 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:38:35,489 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 7, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:38:35,500 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (18)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:35,703 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (17)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:35,894 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 18 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,17 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:35,895 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:38:35,895 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:38:35,896 INFO L85 PathProgramCache]: Analyzing trace with hash -1540616881, now seen corresponding path program 5 times [2022-11-18 20:38:35,896 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:38:35,896 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [654925793] [2022-11-18 20:38:35,896 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:38:35,896 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:35,896 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:38:35,897 INFO L229 MonitoredProcess]: Starting monitored process 19 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:38:35,912 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (19)] Waiting until timeout for monitored process [2022-11-18 20:38:36,301 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2022-11-18 20:38:36,302 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:36,317 INFO L263 TraceCheckSpWp]: Trace formula consists of 236 conjuncts, 64 conjunts are in the unsatisfiable core [2022-11-18 20:38:36,323 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:36,355 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:36,620 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:38:36,620 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:38:37,138 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_391 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_391) |c_#length|)))) is different from true [2022-11-18 20:38:37,182 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:37,214 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:38:37,214 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-18 20:38:37,242 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:37,242 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:37,603 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_392 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_392) |c_#length|)))) is different from true [2022-11-18 20:38:37,628 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:37,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:37,644 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:37,645 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:37,851 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_393 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_393))))) is different from true [2022-11-18 20:38:37,875 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:37,877 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:37,895 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:37,896 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:38,081 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_394 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_394) |c_#length|)))) is different from true [2022-11-18 20:38:38,105 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:38,106 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:38,133 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:38,133 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:38,336 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_395 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_395))))) is different from true [2022-11-18 20:38:38,358 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:38,359 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:38,379 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:38,379 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:38,463 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 20 trivial. 40 not checked. [2022-11-18 20:38:38,463 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:43,105 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:38:43,105 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [654925793] [2022-11-18 20:38:43,105 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [654925793] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:43,105 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [2007645406] [2022-11-18 20:38:43,105 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:38:43,106 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:43,106 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:38:43,107 INFO L229 MonitoredProcess]: Starting monitored process 20 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:38:43,118 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (20)] Waiting until timeout for monitored process [2022-11-18 20:38:43,639 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2022-11-18 20:38:43,640 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:38:43,666 INFO L263 TraceCheckSpWp]: Trace formula consists of 236 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-18 20:38:43,677 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:43,687 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:43,786 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:38:43,787 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:38:43,974 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_446 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_446) |c_#length|)))) is different from true [2022-11-18 20:38:44,006 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:44,041 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:38:44,041 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-18 20:38:44,068 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:44,069 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:44,222 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_447 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_447) |c_#length|)) (exists ((v_ArrVal_448 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_448))))) is different from true [2022-11-18 20:38:44,254 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:44,256 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:44,293 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:38:44,294 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:38:44,414 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_450 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_450))) (exists ((v_ArrVal_449 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_449) |c_#length|)))) is different from true [2022-11-18 20:38:44,500 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:38:44,500 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:38:44,513 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:44,622 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_451 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_451))))) is different from true [2022-11-18 20:38:44,650 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:44,651 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:44,667 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:44,668 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:44,773 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_452 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_452))))) is different from true [2022-11-18 20:38:44,803 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:44,804 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:44,819 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:44,820 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:44,847 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 20 trivial. 40 not checked. [2022-11-18 20:38:44,848 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:49,363 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [2007645406] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:49,363 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:38:49,364 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [29, 27] total 34 [2022-11-18 20:38:49,364 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [129381111] [2022-11-18 20:38:49,364 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:38:49,365 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 35 states [2022-11-18 20:38:49,365 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:38:49,365 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 35 interpolants. [2022-11-18 20:38:49,366 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=99, Invalid=632, Unknown=11, NotChecked=590, Total=1332 [2022-11-18 20:38:49,366 INFO L87 Difference]: Start difference. First operand 66 states and 90 transitions. Second operand has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-18 20:38:51,365 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:38:51,365 INFO L93 Difference]: Finished difference Result 98 states and 132 transitions. [2022-11-18 20:38:51,366 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-11-18 20:38:51,366 INFO L78 Accepts]: Start accepts. Automaton has has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-18 20:38:51,366 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:38:51,367 INFO L225 Difference]: With dead ends: 98 [2022-11-18 20:38:51,367 INFO L226 Difference]: Without dead ends: 98 [2022-11-18 20:38:51,368 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 92 SyntacticMatches, 1 SemanticMatches, 38 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 80 ImplicationChecksByTransitivity, 10.7s TimeCoverageRelationStatistics Valid=116, Invalid=783, Unknown=11, NotChecked=650, Total=1560 [2022-11-18 20:38:51,369 INFO L413 NwaCegarLoop]: 25 mSDtfsCounter, 23 mSDsluCounter, 232 mSDsCounter, 0 mSdLazyCounter, 654 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 23 SdHoareTripleChecker+Valid, 257 SdHoareTripleChecker+Invalid, 1376 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 654 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 702 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-11-18 20:38:51,369 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [23 Valid, 257 Invalid, 1376 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 654 Invalid, 0 Unknown, 702 Unchecked, 1.3s Time] [2022-11-18 20:38:51,370 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 98 states. [2022-11-18 20:38:51,376 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 98 to 93. [2022-11-18 20:38:51,377 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 93 states, 73 states have (on average 1.095890410958904) internal successors, (80), 74 states have internal predecessors, (80), 16 states have call successors, (16), 1 states have call predecessors, (16), 2 states have return successors, (31), 17 states have call predecessors, (31), 16 states have call successors, (31) [2022-11-18 20:38:51,378 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 93 states to 93 states and 127 transitions. [2022-11-18 20:38:51,379 INFO L78 Accepts]: Start accepts. Automaton has 93 states and 127 transitions. Word has length 62 [2022-11-18 20:38:51,379 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:38:51,379 INFO L495 AbstractCegarLoop]: Abstraction has 93 states and 127 transitions. [2022-11-18 20:38:51,379 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-18 20:38:51,380 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 127 transitions. [2022-11-18 20:38:51,381 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-18 20:38:51,381 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:38:51,382 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 6, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:38:51,396 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (19)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:51,600 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (20)] Forceful destruction successful, exit code 0 [2022-11-18 20:38:51,796 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 19 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,20 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:51,796 INFO L420 AbstractCegarLoop]: === Iteration 14 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:38:51,796 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:38:51,796 INFO L85 PathProgramCache]: Analyzing trace with hash 818690128, now seen corresponding path program 1 times [2022-11-18 20:38:51,797 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:38:51,797 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1504989187] [2022-11-18 20:38:51,797 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:38:51,797 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:38:51,797 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:38:51,799 INFO L229 MonitoredProcess]: Starting monitored process 21 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:38:51,818 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (21)] Waiting until timeout for monitored process [2022-11-18 20:38:52,040 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:38:52,052 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-18 20:38:52,056 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:38:52,084 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:38:52,092 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:38:52,295 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_500 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_500) |c_#length|)))) is different from true [2022-11-18 20:38:52,319 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:52,320 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:52,340 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:52,341 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:52,651 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_501 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_501) |c_#length|)))) is different from true [2022-11-18 20:38:52,672 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:52,673 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:52,690 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:52,690 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:52,826 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_502 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_502) |c_#length|)))) is different from true [2022-11-18 20:38:52,851 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:52,852 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:52,869 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:52,870 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:53,017 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_503 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_503) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:38:53,043 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:53,044 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:53,061 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:53,061 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:53,219 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_504 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_504))))) is different from true [2022-11-18 20:38:53,242 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:38:53,243 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:38:53,259 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:38:53,259 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:38:53,314 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-18 20:38:53,314 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:38:59,834 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:38:59,834 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1504989187] [2022-11-18 20:38:59,834 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1504989187] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:38:59,835 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1297676871] [2022-11-18 20:38:59,835 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-18 20:38:59,835 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:38:59,835 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:38:59,837 INFO L229 MonitoredProcess]: Starting monitored process 22 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:38:59,839 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (22)] Waiting until timeout for monitored process [2022-11-18 20:39:00,191 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:39:00,225 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-18 20:39:00,230 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:00,241 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:00,250 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:00,365 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_552 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_552))))) is different from true [2022-11-18 20:39:00,385 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:00,386 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:00,404 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:00,405 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:00,612 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_553 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_553) |c_#length|)))) is different from true [2022-11-18 20:39:00,642 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:00,643 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:00,663 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:00,664 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:00,760 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_554) |c_#length|)))) is different from true [2022-11-18 20:39:00,785 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:00,787 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:00,802 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:00,803 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:00,903 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_555 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_555) |c_#length|)))) is different from true [2022-11-18 20:39:00,932 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:00,934 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:00,958 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:00,959 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:01,054 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_556) |c_#length|)))) is different from true [2022-11-18 20:39:01,077 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:01,078 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:01,090 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:01,090 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:01,107 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-18 20:39:01,107 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:01,552 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1297676871] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:01,553 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:39:01,553 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [22, 22] total 27 [2022-11-18 20:39:01,553 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [605419698] [2022-11-18 20:39:01,553 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:39:01,554 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 28 states [2022-11-18 20:39:01,554 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:39:01,554 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2022-11-18 20:39:01,554 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=79, Invalid=329, Unknown=12, NotChecked=450, Total=870 [2022-11-18 20:39:01,555 INFO L87 Difference]: Start difference. First operand 93 states and 127 transitions. Second operand has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-18 20:39:03,019 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:39:03,019 INFO L93 Difference]: Finished difference Result 124 states and 166 transitions. [2022-11-18 20:39:03,019 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-11-18 20:39:03,019 INFO L78 Accepts]: Start accepts. Automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-18 20:39:03,020 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:39:03,021 INFO L225 Difference]: With dead ends: 124 [2022-11-18 20:39:03,021 INFO L226 Difference]: Without dead ends: 124 [2022-11-18 20:39:03,022 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 99 SyntacticMatches, 1 SemanticMatches, 30 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 7.6s TimeCoverageRelationStatistics Valid=87, Invalid=403, Unknown=12, NotChecked=490, Total=992 [2022-11-18 20:39:03,022 INFO L413 NwaCegarLoop]: 28 mSDtfsCounter, 20 mSDsluCounter, 197 mSDsCounter, 0 mSdLazyCounter, 510 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 225 SdHoareTripleChecker+Invalid, 1105 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 510 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 578 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2022-11-18 20:39:03,023 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 225 Invalid, 1105 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 510 Invalid, 0 Unknown, 578 Unchecked, 1.0s Time] [2022-11-18 20:39:03,023 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 124 states. [2022-11-18 20:39:03,029 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 124 to 93. [2022-11-18 20:39:03,030 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 93 states, 73 states have (on average 1.095890410958904) internal successors, (80), 74 states have internal predecessors, (80), 16 states have call successors, (16), 1 states have call predecessors, (16), 2 states have return successors, (31), 17 states have call predecessors, (31), 16 states have call successors, (31) [2022-11-18 20:39:03,031 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 93 states to 93 states and 127 transitions. [2022-11-18 20:39:03,032 INFO L78 Accepts]: Start accepts. Automaton has 93 states and 127 transitions. Word has length 62 [2022-11-18 20:39:03,032 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:39:03,032 INFO L495 AbstractCegarLoop]: Abstraction has 93 states and 127 transitions. [2022-11-18 20:39:03,032 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-18 20:39:03,033 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 127 transitions. [2022-11-18 20:39:03,037 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-18 20:39:03,038 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:39:03,038 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 6, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:39:03,054 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (22)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:03,251 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (21)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:03,442 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 22 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,21 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:03,442 INFO L420 AbstractCegarLoop]: === Iteration 15 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:39:03,443 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:39:03,443 INFO L85 PathProgramCache]: Analyzing trace with hash -1781157010, now seen corresponding path program 2 times [2022-11-18 20:39:03,443 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:39:03,443 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2067815472] [2022-11-18 20:39:03,443 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:39:03,443 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:03,444 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:39:03,445 INFO L229 MonitoredProcess]: Starting monitored process 23 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:39:03,446 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (23)] Waiting until timeout for monitored process [2022-11-18 20:39:03,657 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:39:03,657 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:03,665 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-18 20:39:03,668 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:03,689 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:03,698 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:04,020 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_604 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_604) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:39:04,042 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:04,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:04,062 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:04,062 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:04,217 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_605 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_605))))) is different from true [2022-11-18 20:39:04,241 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:04,242 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:04,261 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:04,262 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:04,425 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_606 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_606) |c_#length|)))) is different from true [2022-11-18 20:39:04,445 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:04,446 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:04,458 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:04,459 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:04,618 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_607 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_607))))) is different from true [2022-11-18 20:39:04,654 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:04,655 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:04,666 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:04,666 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:04,825 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_608 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_608))))) is different from true [2022-11-18 20:39:04,845 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:04,846 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:04,857 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:04,858 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:04,913 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-18 20:39:04,913 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:07,428 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:39:07,428 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2067815472] [2022-11-18 20:39:07,428 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2067815472] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:07,428 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [676775026] [2022-11-18 20:39:07,428 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:39:07,429 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:39:07,429 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:39:07,429 INFO L229 MonitoredProcess]: Starting monitored process 24 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:39:07,431 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (24)] Waiting until timeout for monitored process [2022-11-18 20:39:07,788 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:39:07,789 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:07,794 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-18 20:39:07,798 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:07,807 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:07,813 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:08,011 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_656 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_656) |c_#length|)))) is different from true [2022-11-18 20:39:08,029 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:08,029 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:08,043 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:08,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:08,136 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_657 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_657))))) is different from true [2022-11-18 20:39:08,163 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:08,164 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:08,177 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:08,177 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:08,262 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_658 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_658))))) is different from true [2022-11-18 20:39:08,282 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:08,283 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:08,300 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:08,300 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:08,383 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_659 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_659) |c_#length|)))) is different from true [2022-11-18 20:39:08,409 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:08,410 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:08,426 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:08,426 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:08,531 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_660 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_660) |c_#length|)))) is different from true [2022-11-18 20:39:08,552 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:08,553 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:08,563 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:08,564 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:08,583 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-18 20:39:08,583 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:10,975 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [676775026] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:10,975 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:39:10,975 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [22, 22] total 27 [2022-11-18 20:39:10,975 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [423878594] [2022-11-18 20:39:10,975 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:39:10,976 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 28 states [2022-11-18 20:39:10,976 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:39:10,977 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2022-11-18 20:39:10,977 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=79, Invalid=330, Unknown=11, NotChecked=450, Total=870 [2022-11-18 20:39:10,977 INFO L87 Difference]: Start difference. First operand 93 states and 127 transitions. Second operand has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-18 20:39:12,502 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:39:12,503 INFO L93 Difference]: Finished difference Result 132 states and 173 transitions. [2022-11-18 20:39:12,503 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-11-18 20:39:12,503 INFO L78 Accepts]: Start accepts. Automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-18 20:39:12,504 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:39:12,505 INFO L225 Difference]: With dead ends: 132 [2022-11-18 20:39:12,505 INFO L226 Difference]: Without dead ends: 132 [2022-11-18 20:39:12,506 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 99 SyntacticMatches, 1 SemanticMatches, 30 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 5.6s TimeCoverageRelationStatistics Valid=87, Invalid=404, Unknown=11, NotChecked=490, Total=992 [2022-11-18 20:39:12,506 INFO L413 NwaCegarLoop]: 31 mSDtfsCounter, 18 mSDsluCounter, 230 mSDsCounter, 0 mSdLazyCounter, 568 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 261 SdHoareTripleChecker+Invalid, 976 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 568 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 392 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2022-11-18 20:39:12,507 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [18 Valid, 261 Invalid, 976 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 568 Invalid, 0 Unknown, 392 Unchecked, 1.0s Time] [2022-11-18 20:39:12,507 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 132 states. [2022-11-18 20:39:12,513 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 132 to 66. [2022-11-18 20:39:12,514 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1176470588235294) internal successors, (57), 53 states have internal predecessors, (57), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-18 20:39:12,515 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 89 transitions. [2022-11-18 20:39:12,515 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 89 transitions. Word has length 62 [2022-11-18 20:39:12,515 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:39:12,515 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 89 transitions. [2022-11-18 20:39:12,515 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-18 20:39:12,516 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 89 transitions. [2022-11-18 20:39:12,517 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-18 20:39:12,517 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:39:12,517 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 8, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:39:12,527 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (24)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:12,732 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (23)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:12,922 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 24 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,23 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:12,922 INFO L420 AbstractCegarLoop]: === Iteration 16 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:39:12,922 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:39:12,922 INFO L85 PathProgramCache]: Analyzing trace with hash -446919408, now seen corresponding path program 6 times [2022-11-18 20:39:12,923 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:39:12,923 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1320300302] [2022-11-18 20:39:12,923 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-18 20:39:12,923 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:12,923 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:39:12,924 INFO L229 MonitoredProcess]: Starting monitored process 25 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:39:12,925 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (25)] Waiting until timeout for monitored process [2022-11-18 20:39:13,298 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-18 20:39:13,299 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:13,310 INFO L263 TraceCheckSpWp]: Trace formula consists of 271 conjuncts, 68 conjunts are in the unsatisfiable core [2022-11-18 20:39:13,316 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:13,339 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:13,346 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:13,535 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_718 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_718) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_719 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_719) |c_#valid|)))) is different from true [2022-11-18 20:39:13,597 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:39:13,598 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:39:13,609 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:13,727 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_720 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_720))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:39:13,746 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:13,747 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:13,763 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:13,763 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:13,907 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_721 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_721))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:39:13,929 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:13,930 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:13,947 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:13,948 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:14,142 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-18 20:39:14,166 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:39:14,167 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:39:14,541 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_723 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_723) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:39:14,561 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:14,584 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:39:14,584 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-18 20:39:14,619 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:14,620 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:14,871 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_724 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_724))))) is different from true [2022-11-18 20:39:14,888 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:14,888 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:14,900 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:14,900 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:15,091 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_725 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_725) |c_#length|)))) is different from true [2022-11-18 20:39:15,109 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:15,110 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:15,128 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:15,128 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:15,218 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 11 proven. 114 refuted. 0 times theorem prover too weak. 30 trivial. 56 not checked. [2022-11-18 20:39:15,218 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:17,922 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:39:17,922 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1320300302] [2022-11-18 20:39:17,922 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1320300302] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:17,923 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [719316730] [2022-11-18 20:39:17,923 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-18 20:39:17,923 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:39:17,923 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:39:17,927 INFO L229 MonitoredProcess]: Starting monitored process 26 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:39:17,929 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (26)] Waiting until timeout for monitored process [2022-11-18 20:39:19,222 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-18 20:39:19,223 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:19,233 INFO L263 TraceCheckSpWp]: Trace formula consists of 271 conjuncts, 81 conjunts are in the unsatisfiable core [2022-11-18 20:39:19,238 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:19,247 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:19,255 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:19,453 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:39:19,453 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:39:19,505 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:39:19,506 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:39:19,953 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_787 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_787))) (exists ((v_ArrVal_786 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_786) |c_#length|)))) is different from true [2022-11-18 20:39:19,978 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:19,979 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:20,027 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-18 20:39:20,028 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-18 20:39:20,407 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:39:20,407 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:39:20,480 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-18 20:39:20,481 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-18 20:39:21,212 INFO L321 Elim1Store]: treesize reduction 12, result has 42.9 percent of original size [2022-11-18 20:39:21,212 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 22 [2022-11-18 20:39:21,221 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:21,681 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:39:21,681 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:39:21,700 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:21,701 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:21,954 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_795 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_795))))) is different from true [2022-11-18 20:39:21,971 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:21,972 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:21,993 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:21,993 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:22,079 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_796 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_796) |c_#length|)))) is different from true [2022-11-18 20:39:22,097 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:22,097 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:22,107 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:22,108 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:22,125 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 120 refuted. 4 times theorem prover too weak. 44 trivial. 36 not checked. [2022-11-18 20:39:22,125 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:24,668 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [719316730] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:24,668 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:39:24,668 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 31] total 49 [2022-11-18 20:39:24,668 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1240386776] [2022-11-18 20:39:24,669 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:39:24,669 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 50 states [2022-11-18 20:39:24,669 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:39:24,670 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 50 interpolants. [2022-11-18 20:39:24,670 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=183, Invalid=1568, Unknown=11, NotChecked=890, Total=2652 [2022-11-18 20:39:24,671 INFO L87 Difference]: Start difference. First operand 66 states and 89 transitions. Second operand has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-18 20:39:26,440 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:39:26,441 INFO L93 Difference]: Finished difference Result 103 states and 138 transitions. [2022-11-18 20:39:26,441 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-18 20:39:26,442 INFO L78 Accepts]: Start accepts. Automaton has has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) Word has length 71 [2022-11-18 20:39:26,442 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:39:26,443 INFO L225 Difference]: With dead ends: 103 [2022-11-18 20:39:26,443 INFO L226 Difference]: Without dead ends: 103 [2022-11-18 20:39:26,445 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 93 SyntacticMatches, 3 SemanticMatches, 54 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 536 ImplicationChecksByTransitivity, 8.4s TimeCoverageRelationStatistics Valid=208, Invalid=1891, Unknown=11, NotChecked=970, Total=3080 [2022-11-18 20:39:26,446 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 19 mSDsluCounter, 250 mSDsCounter, 0 mSdLazyCounter, 437 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 273 SdHoareTripleChecker+Invalid, 1141 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 437 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 692 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-11-18 20:39:26,447 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 273 Invalid, 1141 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 437 Invalid, 0 Unknown, 692 Unchecked, 0.8s Time] [2022-11-18 20:39:26,447 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 103 states. [2022-11-18 20:39:26,453 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 103 to 98. [2022-11-18 20:39:26,454 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-18 20:39:26,455 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-18 20:39:26,455 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-18 20:39:26,456 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:39:26,456 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-18 20:39:26,456 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-18 20:39:26,457 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-18 20:39:26,458 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-18 20:39:26,458 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:39:26,458 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:39:26,466 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (26)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:26,676 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (25)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:26,866 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 26 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,25 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:26,866 INFO L420 AbstractCegarLoop]: === Iteration 17 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:39:26,866 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:39:26,867 INFO L85 PathProgramCache]: Analyzing trace with hash 797845073, now seen corresponding path program 3 times [2022-11-18 20:39:26,867 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:39:26,867 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1738303832] [2022-11-18 20:39:26,867 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:39:26,867 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:26,867 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:39:26,868 INFO L229 MonitoredProcess]: Starting monitored process 27 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:39:26,876 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (27)] Waiting until timeout for monitored process [2022-11-18 20:39:27,233 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 8 check-sat command(s) [2022-11-18 20:39:27,233 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:27,245 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 63 conjunts are in the unsatisfiable core [2022-11-18 20:39:27,249 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:27,270 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:27,278 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:27,468 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_852 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_852))))) is different from true [2022-11-18 20:39:27,497 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:27,498 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:27,512 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:27,513 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:27,655 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_853 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_853) |c_#length|)))) is different from true [2022-11-18 20:39:27,678 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:27,679 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:27,692 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:27,693 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:27,853 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_854 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_854) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:39:27,879 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:27,880 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:27,896 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:27,897 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:28,037 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_855 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_855) |c_#length|)))) is different from true [2022-11-18 20:39:28,059 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:28,060 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:28,075 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:28,075 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:28,423 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_856 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_856))))) is different from true [2022-11-18 20:39:28,447 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:28,448 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:28,468 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:28,468 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:28,689 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_857 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_857) |c_#length|)))) is different from true [2022-11-18 20:39:28,721 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:28,722 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:28,743 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:28,743 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:28,810 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 11 proven. 116 refuted. 0 times theorem prover too weak. 30 trivial. 54 not checked. [2022-11-18 20:39:28,810 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:34,654 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:39:34,654 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1738303832] [2022-11-18 20:39:34,654 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1738303832] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:34,654 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [754223593] [2022-11-18 20:39:34,654 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:39:34,655 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:39:34,655 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:39:34,656 INFO L229 MonitoredProcess]: Starting monitored process 28 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:39:34,657 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (28)] Waiting until timeout for monitored process [2022-11-18 20:39:35,412 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 8 check-sat command(s) [2022-11-18 20:39:35,413 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:35,423 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 74 conjunts are in the unsatisfiable core [2022-11-18 20:39:35,429 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:35,442 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:35,449 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:35,661 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:35,661 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:35,671 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:35,919 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_915 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_915) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:39:35,949 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:35,950 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:35,972 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:35,972 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:36,225 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:39:36,226 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:39:36,888 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-18 20:39:36,888 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-18 20:39:37,875 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_920 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_920) |c_#length|)))) is different from true [2022-11-18 20:39:37,900 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:37,927 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:39:37,927 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-18 20:39:37,942 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:37,942 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:38,036 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_921 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_921))))) is different from true [2022-11-18 20:39:38,058 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:38,059 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:38,078 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:38,078 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:38,113 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 17 proven. 140 refuted. 0 times theorem prover too weak. 18 trivial. 36 not checked. [2022-11-18 20:39:38,114 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:38,508 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [754223593] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:38,508 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:39:38,508 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [27, 33] total 45 [2022-11-18 20:39:38,509 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [16802187] [2022-11-18 20:39:38,509 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:39:38,509 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 46 states [2022-11-18 20:39:38,509 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:39:38,510 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 46 interpolants. [2022-11-18 20:39:38,510 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=146, Invalid=1362, Unknown=10, NotChecked=738, Total=2256 [2022-11-18 20:39:38,511 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-18 20:39:43,745 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:39:43,745 INFO L93 Difference]: Finished difference Result 169 states and 224 transitions. [2022-11-18 20:39:43,746 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 37 states. [2022-11-18 20:39:43,747 INFO L78 Accepts]: Start accepts. Automaton has has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) Word has length 71 [2022-11-18 20:39:43,747 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:39:43,748 INFO L225 Difference]: With dead ends: 169 [2022-11-18 20:39:43,748 INFO L226 Difference]: Without dead ends: 169 [2022-11-18 20:39:43,750 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 173 GetRequests, 99 SyntacticMatches, 2 SemanticMatches, 72 ConstructedPredicates, 9 IntricatePredicates, 0 DeprecatedPredicates, 848 ImplicationChecksByTransitivity, 10.5s TimeCoverageRelationStatistics Valid=344, Invalid=3842, Unknown=10, NotChecked=1206, Total=5402 [2022-11-18 20:39:43,751 INFO L413 NwaCegarLoop]: 34 mSDtfsCounter, 86 mSDsluCounter, 442 mSDsCounter, 0 mSdLazyCounter, 1561 mSolverCounterSat, 51 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 89 SdHoareTripleChecker+Valid, 476 SdHoareTripleChecker+Invalid, 2918 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 51 IncrementalHoareTripleChecker+Valid, 1561 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1306 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time [2022-11-18 20:39:43,751 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [89 Valid, 476 Invalid, 2918 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [51 Valid, 1561 Invalid, 0 Unknown, 1306 Unchecked, 2.8s Time] [2022-11-18 20:39:43,752 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 169 states. [2022-11-18 20:39:43,758 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 169 to 113. [2022-11-18 20:39:43,759 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 113 states, 89 states have (on average 1.0674157303370786) internal successors, (95), 90 states have internal predecessors, (95), 20 states have call successors, (20), 1 states have call predecessors, (20), 2 states have return successors, (39), 21 states have call predecessors, (39), 20 states have call successors, (39) [2022-11-18 20:39:43,760 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 113 states to 113 states and 154 transitions. [2022-11-18 20:39:43,761 INFO L78 Accepts]: Start accepts. Automaton has 113 states and 154 transitions. Word has length 71 [2022-11-18 20:39:43,761 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:39:43,761 INFO L495 AbstractCegarLoop]: Abstraction has 113 states and 154 transitions. [2022-11-18 20:39:43,762 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-18 20:39:43,762 INFO L276 IsEmpty]: Start isEmpty. Operand 113 states and 154 transitions. [2022-11-18 20:39:43,763 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-18 20:39:43,763 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:39:43,763 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 6, 6, 6, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:39:43,771 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (28)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:43,994 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (27)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:44,169 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 28 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,27 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:44,169 INFO L420 AbstractCegarLoop]: === Iteration 18 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:39:44,169 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:39:44,170 INFO L85 PathProgramCache]: Analyzing trace with hash 292286448, now seen corresponding path program 4 times [2022-11-18 20:39:44,170 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:39:44,170 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [297193130] [2022-11-18 20:39:44,170 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:39:44,170 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:44,171 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:39:44,172 INFO L229 MonitoredProcess]: Starting monitored process 29 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:39:44,176 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (29)] Waiting until timeout for monitored process [2022-11-18 20:39:44,401 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:39:44,401 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:44,412 INFO L263 TraceCheckSpWp]: Trace formula consists of 259 conjuncts, 62 conjunts are in the unsatisfiable core [2022-11-18 20:39:44,417 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:44,438 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:44,445 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:44,651 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_975 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_975))))) is different from true [2022-11-18 20:39:44,677 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:44,678 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:44,699 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:44,699 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:44,866 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_976 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_976) |c_#length|)))) is different from true [2022-11-18 20:39:44,911 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:44,912 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:44,927 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:44,927 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:45,092 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_977 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_977))))) is different from true [2022-11-18 20:39:45,120 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:45,121 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:45,143 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:45,143 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:45,335 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_978 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_978) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:39:45,356 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:45,357 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:45,373 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:45,374 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:45,764 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_979 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_979) |c_#length|)))) is different from true [2022-11-18 20:39:45,783 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:45,784 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:45,800 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:45,800 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:45,861 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 110 refuted. 0 times theorem prover too weak. 44 trivial. 50 not checked. [2022-11-18 20:39:45,861 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:50,398 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:39:50,398 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [297193130] [2022-11-18 20:39:50,398 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [297193130] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:50,398 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1113898517] [2022-11-18 20:39:50,399 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:39:50,399 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:39:50,399 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:39:50,400 INFO L229 MonitoredProcess]: Starting monitored process 30 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:39:50,401 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (30)] Waiting until timeout for monitored process [2022-11-18 20:39:50,863 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:39:50,863 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:50,871 INFO L263 TraceCheckSpWp]: Trace formula consists of 259 conjuncts, 62 conjunts are in the unsatisfiable core [2022-11-18 20:39:50,875 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:50,888 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:50,898 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:39:50,987 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1033 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1033) |c_#length|)))) is different from true [2022-11-18 20:39:51,022 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:51,023 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:51,038 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:51,039 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:51,117 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1034 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1034))))) is different from true [2022-11-18 20:39:51,135 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:51,136 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:51,148 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:51,149 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:51,228 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1035 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1035) |c_#length|)))) is different from true [2022-11-18 20:39:51,248 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:51,249 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:51,264 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:51,265 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:51,350 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1036 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1036) |c_#length|)))) is different from true [2022-11-18 20:39:51,367 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:51,368 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:51,380 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:51,380 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:51,649 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1037 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1037))))) is different from true [2022-11-18 20:39:51,664 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:51,670 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:51,684 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:51,684 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:51,703 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 110 refuted. 0 times theorem prover too weak. 44 trivial. 50 not checked. [2022-11-18 20:39:51,703 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:52,067 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1113898517] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:52,067 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:39:52,067 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [23, 23] total 28 [2022-11-18 20:39:52,068 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [300860999] [2022-11-18 20:39:52,068 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:39:52,068 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 29 states [2022-11-18 20:39:52,068 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:39:52,068 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 29 interpolants. [2022-11-18 20:39:52,069 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=83, Invalid=367, Unknown=10, NotChecked=470, Total=930 [2022-11-18 20:39:52,069 INFO L87 Difference]: Start difference. First operand 113 states and 154 transitions. Second operand has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-18 20:39:53,682 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:39:53,682 INFO L93 Difference]: Finished difference Result 143 states and 190 transitions. [2022-11-18 20:39:53,682 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 19 states. [2022-11-18 20:39:53,683 INFO L78 Accepts]: Start accepts. Automaton has has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) Word has length 71 [2022-11-18 20:39:53,683 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:39:53,684 INFO L225 Difference]: With dead ends: 143 [2022-11-18 20:39:53,685 INFO L226 Difference]: Without dead ends: 143 [2022-11-18 20:39:53,685 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 148 GetRequests, 116 SyntacticMatches, 1 SemanticMatches, 31 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 32 ImplicationChecksByTransitivity, 5.6s TimeCoverageRelationStatistics Valid=91, Invalid=445, Unknown=10, NotChecked=510, Total=1056 [2022-11-18 20:39:53,685 INFO L413 NwaCegarLoop]: 30 mSDtfsCounter, 20 mSDsluCounter, 225 mSDsCounter, 0 mSdLazyCounter, 616 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 255 SdHoareTripleChecker+Invalid, 1250 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 616 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 617 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-18 20:39:53,686 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 255 Invalid, 1250 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 616 Invalid, 0 Unknown, 617 Unchecked, 1.2s Time] [2022-11-18 20:39:53,686 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 143 states. [2022-11-18 20:39:53,691 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 143 to 103. [2022-11-18 20:39:53,691 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 103 states, 81 states have (on average 1.0740740740740742) internal successors, (87), 82 states have internal predecessors, (87), 18 states have call successors, (18), 1 states have call predecessors, (18), 2 states have return successors, (35), 19 states have call predecessors, (35), 18 states have call successors, (35) [2022-11-18 20:39:53,692 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 103 states to 103 states and 140 transitions. [2022-11-18 20:39:53,693 INFO L78 Accepts]: Start accepts. Automaton has 103 states and 140 transitions. Word has length 71 [2022-11-18 20:39:53,693 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:39:53,693 INFO L495 AbstractCegarLoop]: Abstraction has 103 states and 140 transitions. [2022-11-18 20:39:53,694 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-18 20:39:53,694 INFO L276 IsEmpty]: Start isEmpty. Operand 103 states and 140 transitions. [2022-11-18 20:39:53,695 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-18 20:39:53,695 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:39:53,695 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:39:53,706 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (30)] Ended with exit code 0 [2022-11-18 20:39:53,910 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (29)] Forceful destruction successful, exit code 0 [2022-11-18 20:39:54,101 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 30 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,29 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:54,101 INFO L420 AbstractCegarLoop]: === Iteration 19 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:39:54,101 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:39:54,101 INFO L85 PathProgramCache]: Analyzing trace with hash 1837944047, now seen corresponding path program 5 times [2022-11-18 20:39:54,102 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:39:54,102 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1220954341] [2022-11-18 20:39:54,102 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:39:54,102 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:39:54,102 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:39:54,103 INFO L229 MonitoredProcess]: Starting monitored process 31 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:39:54,105 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (31)] Waiting until timeout for monitored process [2022-11-18 20:39:54,480 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 8 check-sat command(s) [2022-11-18 20:39:54,480 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:39:54,492 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 69 conjunts are in the unsatisfiable core [2022-11-18 20:39:54,496 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:39:54,517 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:39:54,744 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:39:54,744 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:39:55,203 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1094 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1094) |c_#length|)))) is different from true [2022-11-18 20:39:55,240 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:55,271 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:39:55,271 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-18 20:39:55,291 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:55,292 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:55,594 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1095 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1095))))) is different from true [2022-11-18 20:39:55,625 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:55,626 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:55,648 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:55,648 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:56,043 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1096 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1096) |c_#length|)))) is different from true [2022-11-18 20:39:56,070 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:56,071 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:56,087 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:56,087 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:56,318 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1097 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1097) |c_#length|)))) is different from true [2022-11-18 20:39:56,337 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:56,338 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:56,350 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:56,351 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:56,578 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1098 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1098) |c_#length|)))) is different from true [2022-11-18 20:39:56,599 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:39:56,600 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:39:56,618 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:39:56,618 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:39:56,707 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 14 proven. 117 refuted. 0 times theorem prover too weak. 30 trivial. 50 not checked. [2022-11-18 20:39:56,707 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:39:59,426 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:39:59,426 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1220954341] [2022-11-18 20:39:59,426 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1220954341] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:39:59,426 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [16194547] [2022-11-18 20:39:59,426 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:39:59,426 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:39:59,427 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:39:59,428 INFO L229 MonitoredProcess]: Starting monitored process 32 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:39:59,430 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (32)] Waiting until timeout for monitored process [2022-11-18 20:40:00,234 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 8 check-sat command(s) [2022-11-18 20:40:00,235 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:40:00,245 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 74 conjunts are in the unsatisfiable core [2022-11-18 20:40:00,257 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:00,268 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:00,397 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:40:00,397 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:40:00,564 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1156 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1156) |c_#length|)) (exists ((v_ArrVal_1155 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1155) |c_#valid|)))) is different from true [2022-11-18 20:40:00,630 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:40:00,630 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:40:00,668 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:40:00,668 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-18 20:40:01,050 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:40:01,051 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:40:01,077 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:01,077 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:01,450 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1159 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1159))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1160 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1160) |c_#length|)))) is different from true [2022-11-18 20:40:01,477 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:01,478 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:01,512 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:40:01,512 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:40:01,601 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1161 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1161) |c_#length|)))) is different from true [2022-11-18 20:40:01,626 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:01,628 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:01,642 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:01,642 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:01,727 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1162 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1162))))) is different from true [2022-11-18 20:40:01,760 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:01,761 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:01,773 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:01,774 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:01,794 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 14 proven. 123 refuted. 0 times theorem prover too weak. 30 trivial. 44 not checked. [2022-11-18 20:40:01,794 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:04,504 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [16194547] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:04,504 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:40:04,504 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 38 [2022-11-18 20:40:04,504 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1092129022] [2022-11-18 20:40:04,504 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:40:04,505 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 39 states [2022-11-18 20:40:04,505 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:40:04,506 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 39 interpolants. [2022-11-18 20:40:04,506 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=116, Invalid=903, Unknown=9, NotChecked=612, Total=1640 [2022-11-18 20:40:04,507 INFO L87 Difference]: Start difference. First operand 103 states and 140 transitions. Second operand has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-18 20:40:06,963 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:40:06,963 INFO L93 Difference]: Finished difference Result 151 states and 202 transitions. [2022-11-18 20:40:06,964 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-18 20:40:06,964 INFO L78 Accepts]: Start accepts. Automaton has has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) Word has length 71 [2022-11-18 20:40:06,964 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:40:06,966 INFO L225 Difference]: With dead ends: 151 [2022-11-18 20:40:06,966 INFO L226 Difference]: Without dead ends: 151 [2022-11-18 20:40:06,967 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 106 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 9 IntricatePredicates, 0 DeprecatedPredicates, 150 ImplicationChecksByTransitivity, 7.5s TimeCoverageRelationStatistics Valid=141, Invalid=1146, Unknown=9, NotChecked=684, Total=1980 [2022-11-18 20:40:06,967 INFO L413 NwaCegarLoop]: 27 mSDtfsCounter, 27 mSDsluCounter, 252 mSDsCounter, 0 mSdLazyCounter, 772 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 27 SdHoareTripleChecker+Valid, 279 SdHoareTripleChecker+Invalid, 1341 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 772 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 549 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-11-18 20:40:06,968 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [27 Valid, 279 Invalid, 1341 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 772 Invalid, 0 Unknown, 549 Unchecked, 1.6s Time] [2022-11-18 20:40:06,978 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 151 states. [2022-11-18 20:40:06,989 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 151 to 98. [2022-11-18 20:40:06,989 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-18 20:40:06,993 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-18 20:40:06,996 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-18 20:40:06,996 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:40:06,997 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-18 20:40:06,997 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-18 20:40:06,997 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-18 20:40:07,001 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-18 20:40:07,001 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:40:07,001 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:40:07,012 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (32)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:07,219 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (31)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:07,408 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 32 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,31 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:07,408 INFO L420 AbstractCegarLoop]: === Iteration 20 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:40:07,409 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:40:07,409 INFO L85 PathProgramCache]: Analyzing trace with hash -687459537, now seen corresponding path program 6 times [2022-11-18 20:40:07,409 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:40:07,409 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [684808588] [2022-11-18 20:40:07,409 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-18 20:40:07,410 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:07,410 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:40:07,411 INFO L229 MonitoredProcess]: Starting monitored process 33 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:40:07,415 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (33)] Waiting until timeout for monitored process [2022-11-18 20:40:07,884 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-18 20:40:07,884 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:40:07,896 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-18 20:40:07,901 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:07,928 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:07,936 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:08,134 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1218 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1218) |c_#length|)))) is different from true [2022-11-18 20:40:08,154 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:08,155 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:08,173 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:08,173 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:08,497 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1219 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1219))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:08,524 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:08,525 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:08,554 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:08,554 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:08,724 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1220 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1220) |c_#length|)))) is different from true [2022-11-18 20:40:08,744 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:08,745 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:08,774 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:08,775 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:08,960 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1221 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1221) |c_#length|)))) is different from true [2022-11-18 20:40:08,981 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:08,982 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:08,993 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:08,994 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:09,145 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1222 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1222) |c_#length|)))) is different from true [2022-11-18 20:40:09,173 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:09,174 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:09,189 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:09,189 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:09,349 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1223 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1223) |c_#length|)))) is different from true [2022-11-18 20:40:09,366 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:09,367 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:09,381 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:09,382 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:09,440 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-18 20:40:09,441 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:13,948 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:40:13,949 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [684808588] [2022-11-18 20:40:13,949 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [684808588] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:13,949 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1986820174] [2022-11-18 20:40:13,949 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-18 20:40:13,949 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:40:13,949 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:40:13,950 INFO L229 MonitoredProcess]: Starting monitored process 34 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:40:13,952 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (34)] Waiting until timeout for monitored process [2022-11-18 20:40:15,203 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-18 20:40:15,203 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:40:15,232 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 77 conjunts are in the unsatisfiable core [2022-11-18 20:40:15,237 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:15,252 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:15,260 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:15,454 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:40:15,455 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:40:15,465 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:15,864 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:40:15,864 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:40:15,875 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:16,225 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:40:16,226 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:40:16,246 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:16,247 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:16,597 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:40:16,597 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:40:16,620 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:16,620 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:16,847 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1289 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1289) |c_#length|)))) is different from true [2022-11-18 20:40:16,864 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:16,866 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:16,881 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:16,882 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:16,956 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1290 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1290))))) is different from true [2022-11-18 20:40:16,974 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:16,974 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:16,990 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:16,990 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:17,006 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 124 refuted. 8 times theorem prover too weak. 46 trivial. 26 not checked. [2022-11-18 20:40:17,006 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:17,433 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1986820174] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:17,433 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:40:17,433 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [25, 27] total 37 [2022-11-18 20:40:17,433 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1730773888] [2022-11-18 20:40:17,433 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:40:17,433 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 38 states [2022-11-18 20:40:17,434 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:40:17,434 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 38 interpolants. [2022-11-18 20:40:17,434 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=128, Invalid=885, Unknown=11, NotChecked=536, Total=1560 [2022-11-18 20:40:17,434 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-18 20:40:19,503 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:40:19,503 INFO L93 Difference]: Finished difference Result 170 states and 227 transitions. [2022-11-18 20:40:19,503 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-18 20:40:19,504 INFO L78 Accepts]: Start accepts. Automaton has has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) Word has length 71 [2022-11-18 20:40:19,504 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:40:19,505 INFO L225 Difference]: With dead ends: 170 [2022-11-18 20:40:19,505 INFO L226 Difference]: Without dead ends: 170 [2022-11-18 20:40:19,506 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 105 SyntacticMatches, 3 SemanticMatches, 42 ConstructedPredicates, 8 IntricatePredicates, 0 DeprecatedPredicates, 231 ImplicationChecksByTransitivity, 6.7s TimeCoverageRelationStatistics Valid=152, Invalid=1129, Unknown=11, NotChecked=600, Total=1892 [2022-11-18 20:40:19,507 INFO L413 NwaCegarLoop]: 25 mSDtfsCounter, 37 mSDsluCounter, 205 mSDsCounter, 0 mSdLazyCounter, 946 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 230 SdHoareTripleChecker+Invalid, 1483 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 946 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 508 IncrementalHoareTripleChecker+Unchecked, 1.5s IncrementalHoareTripleChecker+Time [2022-11-18 20:40:19,507 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [37 Valid, 230 Invalid, 1483 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 946 Invalid, 0 Unknown, 508 Unchecked, 1.5s Time] [2022-11-18 20:40:19,508 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 170 states. [2022-11-18 20:40:19,512 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 170 to 98. [2022-11-18 20:40:19,513 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-18 20:40:19,514 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-18 20:40:19,514 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-18 20:40:19,514 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:40:19,514 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-18 20:40:19,515 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-18 20:40:19,515 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-18 20:40:19,516 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-18 20:40:19,516 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:40:19,516 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:40:19,530 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (34)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:19,732 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (33)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:19,922 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 34 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,33 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:19,923 INFO L420 AbstractCegarLoop]: === Iteration 21 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:40:19,923 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:40:19,923 INFO L85 PathProgramCache]: Analyzing trace with hash -166569519, now seen corresponding path program 7 times [2022-11-18 20:40:19,924 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:40:19,924 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1679104754] [2022-11-18 20:40:19,924 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-18 20:40:19,924 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:19,924 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:40:19,925 INFO L229 MonitoredProcess]: Starting monitored process 35 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:40:19,926 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (35)] Waiting until timeout for monitored process [2022-11-18 20:40:20,169 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:40:20,180 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-18 20:40:20,184 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:20,201 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:20,208 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:20,492 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1346 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1346) |c_#length|)))) is different from true [2022-11-18 20:40:20,518 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:20,519 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:20,533 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:20,533 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:20,688 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1347 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1347) |c_#length|)))) is different from true [2022-11-18 20:40:20,709 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:20,710 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:20,727 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:20,727 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:20,889 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1348 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1348))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:20,908 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:20,909 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:20,922 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:20,923 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:21,075 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1349 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1349) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:21,093 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:21,094 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:21,109 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:21,109 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:21,258 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1350 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1350))))) is different from true [2022-11-18 20:40:21,279 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:21,279 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:21,294 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:21,294 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:21,451 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1351 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1351) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:21,467 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:21,467 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:21,498 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:21,499 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:21,558 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-18 20:40:21,558 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:24,094 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:40:24,094 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1679104754] [2022-11-18 20:40:24,094 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1679104754] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:24,094 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [211583098] [2022-11-18 20:40:24,094 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-18 20:40:24,094 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:40:24,095 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:40:24,095 INFO L229 MonitoredProcess]: Starting monitored process 36 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:40:24,097 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (36)] Waiting until timeout for monitored process [2022-11-18 20:40:24,558 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:40:24,564 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-18 20:40:24,568 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:24,586 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:24,592 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:24,752 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1407 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1407) |c_#length|)))) is different from true [2022-11-18 20:40:24,768 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:24,769 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:24,782 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:24,782 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:24,863 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1408 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1408))))) is different from true [2022-11-18 20:40:24,882 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:24,883 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:24,894 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:24,894 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:24,973 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1409 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1409))))) is different from true [2022-11-18 20:40:24,989 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:24,990 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:25,004 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:25,004 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:25,073 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1410 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1410) |c_#length|)))) is different from true [2022-11-18 20:40:25,102 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:25,103 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:25,116 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:25,117 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:25,191 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1411 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1411) |c_#length|)))) is different from true [2022-11-18 20:40:25,207 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:25,207 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:25,218 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:25,218 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:25,294 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1412 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1412) |c_#length|)))) is different from true [2022-11-18 20:40:25,309 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:25,310 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:25,325 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:25,325 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:25,340 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-18 20:40:25,340 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:27,687 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [211583098] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:27,688 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:40:27,688 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [25, 25] total 31 [2022-11-18 20:40:27,688 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [808574657] [2022-11-18 20:40:27,688 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:40:27,688 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 32 states [2022-11-18 20:40:27,688 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:40:27,689 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 32 interpolants. [2022-11-18 20:40:27,689 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=91, Invalid=407, Unknown=12, NotChecked=612, Total=1122 [2022-11-18 20:40:27,689 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-18 20:40:29,363 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:40:29,363 INFO L93 Difference]: Finished difference Result 142 states and 186 transitions. [2022-11-18 20:40:29,364 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-11-18 20:40:29,364 INFO L78 Accepts]: Start accepts. Automaton has has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) Word has length 71 [2022-11-18 20:40:29,364 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:40:29,365 INFO L225 Difference]: With dead ends: 142 [2022-11-18 20:40:29,365 INFO L226 Difference]: Without dead ends: 142 [2022-11-18 20:40:29,366 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 148 GetRequests, 113 SyntacticMatches, 1 SemanticMatches, 34 ConstructedPredicates, 12 IntricatePredicates, 0 DeprecatedPredicates, 34 ImplicationChecksByTransitivity, 5.7s TimeCoverageRelationStatistics Valid=99, Invalid=489, Unknown=12, NotChecked=660, Total=1260 [2022-11-18 20:40:29,367 INFO L413 NwaCegarLoop]: 34 mSDtfsCounter, 22 mSDsluCounter, 276 mSDsCounter, 0 mSdLazyCounter, 696 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 22 SdHoareTripleChecker+Valid, 310 SdHoareTripleChecker+Invalid, 1404 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 696 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 689 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-18 20:40:29,367 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [22 Valid, 310 Invalid, 1404 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 696 Invalid, 0 Unknown, 689 Unchecked, 1.2s Time] [2022-11-18 20:40:29,368 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 142 states. [2022-11-18 20:40:29,371 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 142 to 66. [2022-11-18 20:40:29,372 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0980392156862746) internal successors, (56), 53 states have internal predecessors, (56), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-18 20:40:29,373 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 88 transitions. [2022-11-18 20:40:29,373 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 88 transitions. Word has length 71 [2022-11-18 20:40:29,373 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:40:29,373 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 88 transitions. [2022-11-18 20:40:29,374 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-18 20:40:29,374 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 88 transitions. [2022-11-18 20:40:29,374 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 81 [2022-11-18 20:40:29,375 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:40:29,375 INFO L195 NwaCegarLoop]: trace histogram [9, 9, 9, 8, 8, 8, 8, 7, 7, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:40:29,391 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (36)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:29,606 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (35)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:29,783 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 36 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,35 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:29,783 INFO L420 AbstractCegarLoop]: === Iteration 22 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:40:29,783 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:40:29,783 INFO L85 PathProgramCache]: Analyzing trace with hash -1800849809, now seen corresponding path program 7 times [2022-11-18 20:40:29,783 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:40:29,784 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1684871394] [2022-11-18 20:40:29,784 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-18 20:40:29,784 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:29,784 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:40:29,785 INFO L229 MonitoredProcess]: Starting monitored process 37 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:40:29,786 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (37)] Waiting until timeout for monitored process [2022-11-18 20:40:30,076 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:40:30,096 INFO L263 TraceCheckSpWp]: Trace formula consists of 306 conjuncts, 76 conjunts are in the unsatisfiable core [2022-11-18 20:40:30,100 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:30,121 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:30,128 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:30,311 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1478 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1478) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:30,330 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:30,330 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:30,345 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:30,346 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:30,469 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1479 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1479) |c_#length|)))) is different from true [2022-11-18 20:40:30,485 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:30,485 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:30,496 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:30,497 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:30,631 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1480 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1480))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:30,647 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:30,648 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:30,662 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:30,662 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:30,808 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1481 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1481) |c_#length|)))) is different from true [2022-11-18 20:40:30,828 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:30,829 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:30,842 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:30,843 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:31,001 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1482 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1482) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:31,019 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:31,019 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:31,034 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:31,034 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:31,187 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1483 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1483))))) is different from true [2022-11-18 20:40:31,204 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:31,204 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:31,219 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:31,219 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:31,380 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1484 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1484))))) is different from true [2022-11-18 20:40:31,407 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:31,408 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:31,419 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:31,419 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:31,581 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1485 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1485) |c_#length|)))) is different from true [2022-11-18 20:40:31,599 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:31,600 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:31,612 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:31,612 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:31,675 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 8 proven. 141 refuted. 0 times theorem prover too weak. 56 trivial. 72 not checked. [2022-11-18 20:40:31,675 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:34,268 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:40:34,268 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1684871394] [2022-11-18 20:40:34,268 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1684871394] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:34,268 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1490918125] [2022-11-18 20:40:34,268 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-18 20:40:34,268 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:40:34,269 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:40:34,269 INFO L229 MonitoredProcess]: Starting monitored process 38 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:40:34,271 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (38)] Waiting until timeout for monitored process [2022-11-18 20:40:34,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:40:34,909 INFO L263 TraceCheckSpWp]: Trace formula consists of 306 conjuncts, 76 conjunts are in the unsatisfiable core [2022-11-18 20:40:34,914 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:34,922 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:34,929 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:35,003 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1551 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1551))))) is different from true [2022-11-18 20:40:35,027 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,029 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,039 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,039 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,106 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1552 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1552) |c_#length|)))) is different from true [2022-11-18 20:40:35,122 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,122 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,135 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,136 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,201 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1553 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1553))))) is different from true [2022-11-18 20:40:35,216 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,216 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,241 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,241 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,309 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1554) |c_#length|)))) is different from true [2022-11-18 20:40:35,325 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,326 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,339 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,340 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,408 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1555 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1555) |c_#length|)))) is different from true [2022-11-18 20:40:35,433 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,434 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,447 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,448 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,512 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1556) |c_#length|)))) is different from true [2022-11-18 20:40:35,526 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,527 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,537 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,537 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,606 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1557 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1557) |c_#length|)))) is different from true [2022-11-18 20:40:35,624 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,625 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,635 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,635 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,705 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1558 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1558) |c_#length|)))) is different from true [2022-11-18 20:40:35,723 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:35,723 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:35,737 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:35,737 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:35,749 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 8 proven. 141 refuted. 0 times theorem prover too weak. 56 trivial. 72 not checked. [2022-11-18 20:40:35,749 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:38,079 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1490918125] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:38,079 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:40:38,079 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 38 [2022-11-18 20:40:38,079 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [617843304] [2022-11-18 20:40:38,079 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:40:38,079 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 39 states [2022-11-18 20:40:38,079 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:40:38,080 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 39 interpolants. [2022-11-18 20:40:38,080 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=111, Invalid=537, Unknown=16, NotChecked=976, Total=1640 [2022-11-18 20:40:38,080 INFO L87 Difference]: Start difference. First operand 66 states and 88 transitions. Second operand has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) [2022-11-18 20:40:40,435 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:40:40,435 INFO L93 Difference]: Finished difference Result 82 states and 103 transitions. [2022-11-18 20:40:40,436 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 23 states. [2022-11-18 20:40:40,436 INFO L78 Accepts]: Start accepts. Automaton has has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) Word has length 80 [2022-11-18 20:40:40,437 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:40:40,437 INFO L225 Difference]: With dead ends: 82 [2022-11-18 20:40:40,437 INFO L226 Difference]: Without dead ends: 82 [2022-11-18 20:40:40,438 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 166 GetRequests, 124 SyntacticMatches, 1 SemanticMatches, 41 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 61 ImplicationChecksByTransitivity, 6.2s TimeCoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-18 20:40:40,438 INFO L413 NwaCegarLoop]: 35 mSDtfsCounter, 30 mSDsluCounter, 358 mSDsCounter, 0 mSdLazyCounter, 931 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 30 SdHoareTripleChecker+Valid, 393 SdHoareTripleChecker+Invalid, 2188 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 931 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1234 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-11-18 20:40:40,439 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [30 Valid, 393 Invalid, 2188 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 931 Invalid, 0 Unknown, 1234 Unchecked, 1.6s Time] [2022-11-18 20:40:40,439 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2022-11-18 20:40:40,441 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 66. [2022-11-18 20:40:40,442 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0784313725490196) internal successors, (55), 53 states have internal predecessors, (55), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-18 20:40:40,442 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 87 transitions. [2022-11-18 20:40:40,443 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 87 transitions. Word has length 80 [2022-11-18 20:40:40,443 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:40:40,443 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 87 transitions. [2022-11-18 20:40:40,443 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) [2022-11-18 20:40:40,444 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 87 transitions. [2022-11-18 20:40:40,444 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 90 [2022-11-18 20:40:40,444 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:40:40,444 INFO L195 NwaCegarLoop]: trace histogram [10, 10, 10, 9, 9, 9, 9, 8, 8, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:40:40,450 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (38)] Ended with exit code 0 [2022-11-18 20:40:40,660 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (37)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:40,850 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 38 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,37 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:40,851 INFO L420 AbstractCegarLoop]: === Iteration 23 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:40:40,851 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:40:40,851 INFO L85 PathProgramCache]: Analyzing trace with hash 2110498800, now seen corresponding path program 8 times [2022-11-18 20:40:40,851 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:40:40,851 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1405038772] [2022-11-18 20:40:40,851 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:40:40,851 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:40,852 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:40:40,852 INFO L229 MonitoredProcess]: Starting monitored process 39 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:40:40,854 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (39)] Waiting until timeout for monitored process [2022-11-18 20:40:41,256 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:40:41,256 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:40:41,271 INFO L263 TraceCheckSpWp]: Trace formula consists of 341 conjuncts, 84 conjunts are in the unsatisfiable core [2022-11-18 20:40:41,276 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:41,295 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:41,302 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:41,460 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1632 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1632) |c_#length|)))) is different from true [2022-11-18 20:40:41,476 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:41,477 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:41,492 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:41,492 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:41,639 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1633 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1633))))) is different from true [2022-11-18 20:40:41,656 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:41,657 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:41,668 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:41,669 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:41,821 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1634 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1634) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:41,840 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:41,840 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:41,852 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:41,852 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:42,004 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1635 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1635) |c_#length|)))) is different from true [2022-11-18 20:40:42,023 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:42,023 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:42,043 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:42,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:42,192 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1636 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1636) |c_#length|)))) is different from true [2022-11-18 20:40:42,210 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:42,218 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:42,235 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:42,235 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:42,395 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1637 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1637))))) is different from true [2022-11-18 20:40:42,412 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:42,413 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:42,441 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:42,442 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:42,609 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1638 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1638))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:42,633 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:42,634 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:42,645 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:42,645 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:42,819 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1639 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1639) |c_#length|)))) is different from true [2022-11-18 20:40:42,834 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:42,835 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:42,850 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:42,850 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:43,026 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1640 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1640))))) is different from true [2022-11-18 20:40:43,047 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:43,049 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:43,066 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:43,066 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:43,132 INFO L134 CoverageAnalysis]: Checked inductivity of 352 backedges. 9 proven. 181 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-18 20:40:43,132 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:47,728 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:40:47,729 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1405038772] [2022-11-18 20:40:47,729 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1405038772] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:47,729 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1250935472] [2022-11-18 20:40:47,729 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:40:47,729 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:40:47,729 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:40:47,730 INFO L229 MonitoredProcess]: Starting monitored process 40 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:40:47,732 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (40)] Waiting until timeout for monitored process [2022-11-18 20:40:48,309 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:40:48,310 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:40:48,335 INFO L263 TraceCheckSpWp]: Trace formula consists of 341 conjuncts, 85 conjunts are in the unsatisfiable core [2022-11-18 20:40:48,339 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:48,348 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:48,357 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:48,438 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1714 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1714))))) is different from true [2022-11-18 20:40:48,456 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:48,456 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:48,468 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:48,468 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:48,540 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1715 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1715) |c_#length|)))) is different from true [2022-11-18 20:40:48,565 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:48,566 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:48,580 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:48,581 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:48,671 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1716 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1716))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:48,695 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:48,696 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:48,713 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:48,714 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:48,790 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1717 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1717) |c_#length|)))) is different from true [2022-11-18 20:40:48,808 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:48,809 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:48,820 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:48,820 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:48,897 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1718 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1718) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:48,918 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:48,918 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:48,933 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:48,934 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:49,006 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1719 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1719))))) is different from true [2022-11-18 20:40:49,031 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:49,031 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:49,043 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:49,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:49,119 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1720 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1720) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:40:49,135 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:49,135 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:49,146 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:49,147 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:49,229 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1721 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1721) |c_#length|)))) is different from true [2022-11-18 20:40:49,246 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:49,246 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:49,261 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:49,261 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:49,344 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1722 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1722) |c_#length|)))) is different from true [2022-11-18 20:40:49,366 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:49,367 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:49,385 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:49,385 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:49,400 INFO L134 CoverageAnalysis]: Checked inductivity of 352 backedges. 9 proven. 181 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-18 20:40:49,400 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:40:51,905 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1250935472] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:40:51,905 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:40:51,906 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [33, 33] total 42 [2022-11-18 20:40:51,906 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [649258117] [2022-11-18 20:40:51,906 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:40:51,906 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 43 states [2022-11-18 20:40:51,906 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:40:51,907 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 43 interpolants. [2022-11-18 20:40:51,907 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=123, Invalid=633, Unknown=18, NotChecked=1206, Total=1980 [2022-11-18 20:40:51,908 INFO L87 Difference]: Start difference. First operand 66 states and 87 transitions. Second operand has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) [2022-11-18 20:40:54,807 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:40:54,807 INFO L93 Difference]: Finished difference Result 84 states and 104 transitions. [2022-11-18 20:40:54,807 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-18 20:40:54,808 INFO L78 Accepts]: Start accepts. Automaton has has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) Word has length 89 [2022-11-18 20:40:54,808 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:40:54,809 INFO L225 Difference]: With dead ends: 84 [2022-11-18 20:40:54,809 INFO L226 Difference]: Without dead ends: 84 [2022-11-18 20:40:54,810 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 184 GetRequests, 138 SyntacticMatches, 1 SemanticMatches, 45 ConstructedPredicates, 18 IntricatePredicates, 0 DeprecatedPredicates, 77 ImplicationChecksByTransitivity, 8.6s TimeCoverageRelationStatistics Valid=131, Invalid=735, Unknown=18, NotChecked=1278, Total=2162 [2022-11-18 20:40:54,810 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 34 mSDsluCounter, 437 mSDsCounter, 0 mSdLazyCounter, 1154 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 34 SdHoareTripleChecker+Valid, 475 SdHoareTripleChecker+Invalid, 2624 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 1154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1445 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-11-18 20:40:54,811 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [34 Valid, 475 Invalid, 2624 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 1154 Invalid, 0 Unknown, 1445 Unchecked, 2.0s Time] [2022-11-18 20:40:54,811 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 84 states. [2022-11-18 20:40:54,813 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 84 to 66. [2022-11-18 20:40:54,814 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0588235294117647) internal successors, (54), 53 states have internal predecessors, (54), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-18 20:40:54,814 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 86 transitions. [2022-11-18 20:40:54,815 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 86 transitions. Word has length 89 [2022-11-18 20:40:54,815 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:40:54,815 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 86 transitions. [2022-11-18 20:40:54,815 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) [2022-11-18 20:40:54,816 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 86 transitions. [2022-11-18 20:40:54,816 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:40:54,816 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:40:54,817 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 11, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:40:54,826 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (40)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:55,034 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (39)] Forceful destruction successful, exit code 0 [2022-11-18 20:40:55,222 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 40 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,39 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:55,223 INFO L420 AbstractCegarLoop]: === Iteration 24 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:40:55,223 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:40:55,223 INFO L85 PathProgramCache]: Analyzing trace with hash 1054496655, now seen corresponding path program 9 times [2022-11-18 20:40:55,223 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:40:55,223 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [296101628] [2022-11-18 20:40:55,223 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:40:55,223 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:40:55,223 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:40:55,224 INFO L229 MonitoredProcess]: Starting monitored process 41 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:40:55,229 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (41)] Waiting until timeout for monitored process [2022-11-18 20:40:55,878 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-18 20:40:55,878 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:40:55,893 INFO L263 TraceCheckSpWp]: Trace formula consists of 376 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-18 20:40:55,898 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:40:55,919 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:40:55,928 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:40:56,110 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1804 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1804))))) is different from true [2022-11-18 20:40:56,125 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:56,126 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:56,142 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:56,142 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:56,281 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1805 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1805) |c_#length|)))) is different from true [2022-11-18 20:40:56,297 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:56,298 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:56,313 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:56,313 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:56,462 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1806 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1806) |c_#length|)))) is different from true [2022-11-18 20:40:56,484 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:56,484 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:56,496 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:56,496 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:56,645 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1807 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1807))))) is different from true [2022-11-18 20:40:56,668 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:56,668 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:56,680 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:56,680 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:56,839 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1808 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1808) |c_#length|)))) is different from true [2022-11-18 20:40:56,857 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:56,857 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:56,869 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:56,869 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:57,038 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1809 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1809) |c_#length|)))) is different from true [2022-11-18 20:40:57,055 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:57,056 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:57,073 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:57,073 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:57,246 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1810 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1810))))) is different from true [2022-11-18 20:40:57,263 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:57,264 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:57,276 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:57,276 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:57,476 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1811 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1811) |c_#length|)))) is different from true [2022-11-18 20:40:57,497 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:57,498 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:57,512 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:57,512 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:57,722 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1812 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1812) |c_#length|)))) is different from true [2022-11-18 20:40:57,742 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:57,743 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:57,758 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:57,758 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:57,952 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1813 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1813) |c_#length|)))) is different from true [2022-11-18 20:40:57,971 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:40:57,972 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:40:57,984 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:40:57,984 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:40:58,061 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 226 refuted. 0 times theorem prover too weak. 90 trivial. 110 not checked. [2022-11-18 20:40:58,061 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:41:00,899 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:41:00,899 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [296101628] [2022-11-18 20:41:00,899 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [296101628] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:41:00,899 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1871396975] [2022-11-18 20:41:00,899 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:41:00,899 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:41:00,899 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:41:00,900 INFO L229 MonitoredProcess]: Starting monitored process 42 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:41:00,903 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (42)] Waiting until timeout for monitored process [2022-11-18 20:41:02,220 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-18 20:41:02,220 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:41:02,256 INFO L263 TraceCheckSpWp]: Trace formula consists of 376 conjuncts, 110 conjunts are in the unsatisfiable core [2022-11-18 20:41:02,262 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:41:02,272 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:41:02,280 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:41:02,368 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1895 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1895))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1896 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1896) |c_#length|)))) is different from true [2022-11-18 20:41:02,389 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:02,390 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:02,422 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:41:02,422 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:41:02,640 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:41:02,640 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:41:02,664 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:02,665 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:02,868 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2022-11-18 20:41:03,123 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2022-11-18 20:41:03,127 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2022-11-18 20:41:11,443 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:41:11,443 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:41:11,478 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:11,478 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:11,798 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2022-11-18 20:41:11,865 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1903 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1903) |c_#length|)))) is different from true [2022-11-18 20:41:11,882 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:11,883 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:11,898 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:11,899 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:11,973 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1904 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1904))))) is different from true [2022-11-18 20:41:11,993 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:11,994 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:12,005 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:12,006 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:12,249 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-18 20:41:12,277 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:41:12,277 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:41:12,832 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-18 20:41:12,832 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-18 20:41:13,674 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:13,675 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:13,712 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:41:13,712 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-18 20:41:14,044 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1910 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1910))))) is different from true [2022-11-18 20:41:14,066 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:14,066 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:14,096 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:14,096 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:14,178 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1911 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1911))))) is different from true [2022-11-18 20:41:14,194 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:14,194 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:14,206 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:14,207 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:14,226 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 24 proven. 264 refuted. 12 times theorem prover too weak. 46 trivial. 90 not checked. [2022-11-18 20:41:14,226 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:41:14,689 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1871396975] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:41:14,689 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:41:14,689 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [36, 45] total 62 [2022-11-18 20:41:14,689 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [912758969] [2022-11-18 20:41:14,690 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:41:14,690 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 63 states [2022-11-18 20:41:14,690 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:41:14,691 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 63 interpolants. [2022-11-18 20:41:14,692 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=204, Invalid=2193, Unknown=19, NotChecked=1744, Total=4160 [2022-11-18 20:41:14,693 INFO L87 Difference]: Start difference. First operand 66 states and 86 transitions. Second operand has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) [2022-11-18 20:41:36,255 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:41:36,256 INFO L93 Difference]: Finished difference Result 145 states and 184 transitions. [2022-11-18 20:41:36,257 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 44 states. [2022-11-18 20:41:36,257 INFO L78 Accepts]: Start accepts. Automaton has has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) Word has length 98 [2022-11-18 20:41:36,257 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:41:36,258 INFO L225 Difference]: With dead ends: 145 [2022-11-18 20:41:36,258 INFO L226 Difference]: Without dead ends: 145 [2022-11-18 20:41:36,259 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 214 GetRequests, 135 SyntacticMatches, 3 SemanticMatches, 76 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 801 ImplicationChecksByTransitivity, 32.9s TimeCoverageRelationStatistics Valid=299, Invalid=3524, Unknown=23, NotChecked=2160, Total=6006 [2022-11-18 20:41:36,260 INFO L413 NwaCegarLoop]: 40 mSDtfsCounter, 47 mSDsluCounter, 632 mSDsCounter, 0 mSdLazyCounter, 1735 mSolverCounterSat, 39 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 47 SdHoareTripleChecker+Valid, 672 SdHoareTripleChecker+Invalid, 3670 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 39 IncrementalHoareTripleChecker+Valid, 1735 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1896 IncrementalHoareTripleChecker+Unchecked, 3.0s IncrementalHoareTripleChecker+Time [2022-11-18 20:41:36,260 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [47 Valid, 672 Invalid, 3670 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [39 Valid, 1735 Invalid, 0 Unknown, 1896 Unchecked, 3.0s Time] [2022-11-18 20:41:36,261 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 145 states. [2022-11-18 20:41:36,265 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 145 to 124. [2022-11-18 20:41:36,265 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 97 states have (on average 1.041237113402062) internal successors, (101), 99 states have internal predecessors, (101), 21 states have call successors, (21), 2 states have call predecessors, (21), 4 states have return successors, (41), 22 states have call predecessors, (41), 21 states have call successors, (41) [2022-11-18 20:41:36,266 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 163 transitions. [2022-11-18 20:41:36,266 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 163 transitions. Word has length 98 [2022-11-18 20:41:36,267 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:41:36,267 INFO L495 AbstractCegarLoop]: Abstraction has 124 states and 163 transitions. [2022-11-18 20:41:36,267 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) [2022-11-18 20:41:36,267 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 163 transitions. [2022-11-18 20:41:36,268 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:41:36,268 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:41:36,269 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:41:36,281 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (41)] Forceful destruction successful, exit code 0 [2022-11-18 20:41:36,480 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (42)] Forceful destruction successful, exit code 0 [2022-11-18 20:41:36,674 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 41 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,42 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt [2022-11-18 20:41:36,675 INFO L420 AbstractCegarLoop]: === Iteration 25 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:41:36,675 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:41:36,675 INFO L85 PathProgramCache]: Analyzing trace with hash -1995706160, now seen corresponding path program 8 times [2022-11-18 20:41:36,675 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:41:36,676 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [426472670] [2022-11-18 20:41:36,676 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:41:36,676 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:41:36,676 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:41:36,677 INFO L229 MonitoredProcess]: Starting monitored process 43 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:41:36,679 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (43)] Waiting until timeout for monitored process [2022-11-18 20:41:37,087 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:41:37,087 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:41:37,100 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 89 conjunts are in the unsatisfiable core [2022-11-18 20:41:37,110 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:41:37,136 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:41:37,145 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:41:37,321 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1991 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1991))))) is different from true [2022-11-18 20:41:37,345 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:37,346 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:37,362 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:37,362 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:37,525 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1992 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1992) |c_#length|)))) is different from true [2022-11-18 20:41:37,548 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:37,548 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:37,568 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:37,568 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:37,723 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1993 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1993) |c_#length|)))) is different from true [2022-11-18 20:41:37,757 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:37,758 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:37,773 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:37,773 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:37,948 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1994 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1994) |c_#length|)))) is different from true [2022-11-18 20:41:37,965 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:37,966 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:37,978 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:37,978 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:38,152 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1995 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1995))))) is different from true [2022-11-18 20:41:38,172 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:38,173 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:38,190 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:38,191 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:38,361 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1996 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1996))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:41:38,379 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:38,379 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:38,396 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:38,396 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:38,582 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1997 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1997) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:41:38,598 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:38,599 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:38,611 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:38,612 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:38,943 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1998 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1998))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:41:38,962 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:38,963 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:38,974 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:38,974 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:39,169 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1999 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1999))))) is different from true [2022-11-18 20:41:39,186 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:39,187 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:39,209 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:39,210 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:39,286 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 228 refuted. 0 times theorem prover too weak. 90 trivial. 108 not checked. [2022-11-18 20:41:39,286 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:41:43,954 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:41:43,955 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [426472670] [2022-11-18 20:41:43,955 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [426472670] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:41:43,955 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1658672280] [2022-11-18 20:41:43,955 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:41:43,955 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:41:43,955 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:41:43,956 INFO L229 MonitoredProcess]: Starting monitored process 44 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:41:43,968 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (44)] Waiting until timeout for monitored process [2022-11-18 20:41:44,628 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:41:44,628 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:41:44,657 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 90 conjunts are in the unsatisfiable core [2022-11-18 20:41:44,664 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:41:44,674 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:41:44,682 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:41:44,769 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2079 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2079))))) is different from true [2022-11-18 20:41:44,790 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:44,790 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:44,806 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:44,806 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:44,894 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2080 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2080) |c_#length|)))) is different from true [2022-11-18 20:41:44,911 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:44,912 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:44,924 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:44,925 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,006 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2081 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2081))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:41:45,026 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:45,026 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:45,043 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:45,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,120 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2082 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2082))))) is different from true [2022-11-18 20:41:45,136 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:45,137 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:45,153 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:45,154 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,234 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2083 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2083))))) is different from true [2022-11-18 20:41:45,254 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:45,254 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:45,271 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:45,271 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,358 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2084 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2084))))) is different from true [2022-11-18 20:41:45,375 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:45,376 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:45,392 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:45,392 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,472 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2085 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2085))))) is different from true [2022-11-18 20:41:45,495 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:45,495 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:45,512 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:45,512 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,674 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2086 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2086))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:41:45,694 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:45,694 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:45,711 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:45,711 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,789 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2087 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2087) |c_#length|)))) is different from true [2022-11-18 20:41:45,814 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:45,815 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:45,831 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:45,831 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:45,848 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 228 refuted. 0 times theorem prover too weak. 90 trivial. 108 not checked. [2022-11-18 20:41:45,849 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:41:46,497 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1658672280] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:41:46,497 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:41:46,497 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 34] total 43 [2022-11-18 20:41:46,497 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [247904904] [2022-11-18 20:41:46,498 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:41:46,498 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 44 states [2022-11-18 20:41:46,498 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:41:46,499 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 44 interpolants. [2022-11-18 20:41:46,499 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=127, Invalid=682, Unknown=19, NotChecked=1242, Total=2070 [2022-11-18 20:41:46,500 INFO L87 Difference]: Start difference. First operand 124 states and 163 transitions. Second operand has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) [2022-11-18 20:41:49,875 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:41:49,875 INFO L93 Difference]: Finished difference Result 175 states and 222 transitions. [2022-11-18 20:41:49,876 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-18 20:41:49,876 INFO L78 Accepts]: Start accepts. Automaton has has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) Word has length 98 [2022-11-18 20:41:49,877 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:41:49,878 INFO L225 Difference]: With dead ends: 175 [2022-11-18 20:41:49,878 INFO L226 Difference]: Without dead ends: 175 [2022-11-18 20:41:49,879 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 155 SyntacticMatches, 1 SemanticMatches, 46 ConstructedPredicates, 18 IntricatePredicates, 0 DeprecatedPredicates, 82 ImplicationChecksByTransitivity, 7.1s TimeCoverageRelationStatistics Valid=135, Invalid=788, Unknown=19, NotChecked=1314, Total=2256 [2022-11-18 20:41:49,880 INFO L413 NwaCegarLoop]: 40 mSDtfsCounter, 32 mSDsluCounter, 502 mSDsCounter, 0 mSdLazyCounter, 1379 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 542 SdHoareTripleChecker+Invalid, 2813 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 1379 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1410 IncrementalHoareTripleChecker+Unchecked, 2.3s IncrementalHoareTripleChecker+Time [2022-11-18 20:41:49,880 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [32 Valid, 542 Invalid, 2813 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 1379 Invalid, 0 Unknown, 1410 Unchecked, 2.3s Time] [2022-11-18 20:41:49,881 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 175 states. [2022-11-18 20:41:49,885 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 175 to 119. [2022-11-18 20:41:49,886 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 119 states, 93 states have (on average 1.043010752688172) internal successors, (97), 95 states have internal predecessors, (97), 20 states have call successors, (20), 2 states have call predecessors, (20), 4 states have return successors, (39), 21 states have call predecessors, (39), 20 states have call successors, (39) [2022-11-18 20:41:49,887 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 119 states to 119 states and 156 transitions. [2022-11-18 20:41:49,887 INFO L78 Accepts]: Start accepts. Automaton has 119 states and 156 transitions. Word has length 98 [2022-11-18 20:41:49,887 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:41:49,888 INFO L495 AbstractCegarLoop]: Abstraction has 119 states and 156 transitions. [2022-11-18 20:41:49,888 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) [2022-11-18 20:41:49,888 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 156 transitions. [2022-11-18 20:41:49,889 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:41:49,889 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:41:49,889 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:41:49,899 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (44)] Forceful destruction successful, exit code 0 [2022-11-18 20:41:50,104 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (43)] Ended with exit code 0 [2022-11-18 20:41:50,294 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 44 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,43 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:41:50,295 INFO L420 AbstractCegarLoop]: === Iteration 26 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:41:50,295 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:41:50,295 INFO L85 PathProgramCache]: Analyzing trace with hash -955607186, now seen corresponding path program 9 times [2022-11-18 20:41:50,296 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:41:50,296 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [165897185] [2022-11-18 20:41:50,296 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:41:50,296 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:41:50,296 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:41:50,297 INFO L229 MonitoredProcess]: Starting monitored process 45 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:41:50,298 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (45)] Waiting until timeout for monitored process [2022-11-18 20:41:50,840 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-18 20:41:50,841 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:41:50,854 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-18 20:41:50,858 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:41:50,880 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:41:50,886 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:41:51,062 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2167 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2167) |c_#length|)))) is different from true [2022-11-18 20:41:51,079 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:51,079 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:51,095 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:51,095 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:51,246 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2168 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2168) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:41:51,261 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:51,262 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:51,275 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:51,276 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:51,426 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2169 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2169) |c_#length|)))) is different from true [2022-11-18 20:41:51,446 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:51,447 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:51,459 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:51,459 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:51,666 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-18 20:41:51,695 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:41:51,695 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:41:52,035 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-18 20:41:52,035 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-18 20:41:52,421 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-18 20:41:52,422 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-18 20:41:53,034 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2173 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2173))))) is different from true [2022-11-18 20:41:53,054 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:53,083 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:41:53,083 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-18 20:41:53,112 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:53,112 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:53,456 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2174 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2174) |c_#length|)))) is different from true [2022-11-18 20:41:53,476 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:53,476 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:53,489 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:53,489 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:53,703 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2175 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2175))))) is different from true [2022-11-18 20:41:53,721 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:41:53,721 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:53,737 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:53,738 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:53,823 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 28 proven. 261 refuted. 0 times theorem prover too weak. 45 trivial. 102 not checked. [2022-11-18 20:41:53,823 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:41:56,547 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:41:56,548 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [165897185] [2022-11-18 20:41:56,548 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [165897185] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:41:56,548 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1682495570] [2022-11-18 20:41:56,548 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:41:56,548 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:41:56,548 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:41:56,549 INFO L229 MonitoredProcess]: Starting monitored process 46 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:41:56,552 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (46)] Waiting until timeout for monitored process [2022-11-18 20:41:57,750 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-18 20:41:57,750 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:41:57,765 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 103 conjunts are in the unsatisfiable core [2022-11-18 20:41:57,772 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:41:57,781 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:41:57,791 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:41:57,877 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2256 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2256))) (exists ((v_ArrVal_2255 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2255) |c_#length|)))) is different from true [2022-11-18 20:41:57,935 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:41:57,935 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:41:57,941 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:58,133 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:41:58,134 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:41:58,142 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:41:58,379 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2022-11-18 20:41:58,670 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2022-11-18 20:41:58,674 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2022-11-18 20:42:06,994 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:06,994 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:07,004 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:07,353 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 4 [2022-11-18 20:42:07,506 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2263 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2263) |c_#length|)))) is different from true [2022-11-18 20:42:07,523 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:07,524 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:07,540 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:07,540 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:07,772 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2264 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2264) |c_#length|)))) is different from true [2022-11-18 20:42:07,798 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:07,799 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:07,818 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:07,818 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:08,130 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:42:08,131 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:42:08,532 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:08,532 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:08,572 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:42:08,572 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-18 20:42:08,931 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2268 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2268))))) is different from true [2022-11-18 20:42:08,955 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:08,956 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:08,976 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:08,977 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:09,074 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2269 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2269))))) is different from true [2022-11-18 20:42:09,094 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:09,095 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:09,107 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:09,108 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:09,128 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 26 proven. 263 refuted. 12 times theorem prover too weak. 45 trivial. 90 not checked. [2022-11-18 20:42:09,128 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:42:13,778 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1682495570] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:42:13,778 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:42:13,778 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 42] total 54 [2022-11-18 20:42:13,778 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [509693507] [2022-11-18 20:42:13,778 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:42:13,779 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 55 states [2022-11-18 20:42:13,779 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:42:13,779 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 55 interpolants. [2022-11-18 20:42:13,780 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=169, Invalid=1844, Unknown=15, NotChecked=1164, Total=3192 [2022-11-18 20:42:13,780 INFO L87 Difference]: Start difference. First operand 119 states and 156 transitions. Second operand has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) [2022-11-18 20:42:33,382 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:42:33,383 INFO L93 Difference]: Finished difference Result 171 states and 222 transitions. [2022-11-18 20:42:33,384 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 40 states. [2022-11-18 20:42:33,384 INFO L78 Accepts]: Start accepts. Automaton has has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) Word has length 98 [2022-11-18 20:42:33,384 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:42:33,388 INFO L225 Difference]: With dead ends: 171 [2022-11-18 20:42:33,388 INFO L226 Difference]: Without dead ends: 171 [2022-11-18 20:42:33,389 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 212 GetRequests, 142 SyntacticMatches, 3 SemanticMatches, 67 ConstructedPredicates, 12 IntricatePredicates, 0 DeprecatedPredicates, 663 ImplicationChecksByTransitivity, 35.2s TimeCoverageRelationStatistics Valid=249, Invalid=2972, Unknown=19, NotChecked=1452, Total=4692 [2022-11-18 20:42:33,390 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 32 mSDsluCounter, 733 mSDsCounter, 0 mSdLazyCounter, 1485 mSolverCounterSat, 26 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 772 SdHoareTripleChecker+Invalid, 3342 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 26 IncrementalHoareTripleChecker+Valid, 1485 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1831 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-11-18 20:42:33,390 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [32 Valid, 772 Invalid, 3342 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [26 Valid, 1485 Invalid, 0 Unknown, 1831 Unchecked, 2.6s Time] [2022-11-18 20:42:33,391 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 171 states. [2022-11-18 20:42:33,402 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 171 to 129. [2022-11-18 20:42:33,403 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 129 states, 101 states have (on average 1.0396039603960396) internal successors, (105), 103 states have internal predecessors, (105), 22 states have call successors, (22), 2 states have call predecessors, (22), 4 states have return successors, (43), 23 states have call predecessors, (43), 22 states have call successors, (43) [2022-11-18 20:42:33,404 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 129 states to 129 states and 170 transitions. [2022-11-18 20:42:33,405 INFO L78 Accepts]: Start accepts. Automaton has 129 states and 170 transitions. Word has length 98 [2022-11-18 20:42:33,405 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:42:33,405 INFO L495 AbstractCegarLoop]: Abstraction has 129 states and 170 transitions. [2022-11-18 20:42:33,405 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) [2022-11-18 20:42:33,406 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 170 transitions. [2022-11-18 20:42:33,406 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:42:33,407 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:42:33,407 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:42:33,423 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (46)] Ended with exit code 0 [2022-11-18 20:42:33,625 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (45)] Forceful destruction successful, exit code 0 [2022-11-18 20:42:33,814 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 46 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,45 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:42:33,815 INFO L420 AbstractCegarLoop]: === Iteration 27 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:42:33,815 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:42:33,815 INFO L85 PathProgramCache]: Analyzing trace with hash -1196147315, now seen corresponding path program 10 times [2022-11-18 20:42:33,816 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:42:33,816 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2849484] [2022-11-18 20:42:33,816 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:42:33,816 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:42:33,816 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:42:33,817 INFO L229 MonitoredProcess]: Starting monitored process 47 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:42:33,818 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (47)] Waiting until timeout for monitored process [2022-11-18 20:42:34,192 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:42:34,192 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:42:34,207 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-18 20:42:34,211 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:42:34,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:42:34,240 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:42:34,415 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2347 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2347) |c_#length|)))) is different from true [2022-11-18 20:42:34,435 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:34,436 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:34,452 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:34,452 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:34,617 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2348 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2348) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:42:34,635 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:34,636 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:34,652 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:34,652 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:34,813 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2349 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2349))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:42:34,830 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:34,831 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:34,850 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:34,851 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:35,046 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2350 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2350))))) is different from true [2022-11-18 20:42:35,067 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:35,067 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:35,087 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:35,088 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:35,432 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2351 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2351) |c_#length|)))) is different from true [2022-11-18 20:42:35,450 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:35,450 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:35,469 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:35,469 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:35,838 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2352 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2352) |c_#length|)))) is different from true [2022-11-18 20:42:35,863 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:35,864 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:35,877 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:35,877 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:36,065 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2353 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2353) |c_#length|)))) is different from true [2022-11-18 20:42:36,089 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:36,090 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:36,102 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:36,102 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:36,298 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2354 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2354) |c_#length|)))) is different from true [2022-11-18 20:42:36,320 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:36,321 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:36,333 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:36,333 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:36,413 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-18 20:42:36,413 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:42:37,151 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:42:37,151 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2849484] [2022-11-18 20:42:37,151 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2849484] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:42:37,151 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [760511208] [2022-11-18 20:42:37,151 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:42:37,152 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:42:37,152 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:42:37,152 INFO L229 MonitoredProcess]: Starting monitored process 48 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:42:37,154 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (48)] Waiting until timeout for monitored process [2022-11-18 20:42:37,857 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:42:37,857 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:42:37,867 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-18 20:42:37,872 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:42:37,882 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:42:37,892 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:42:37,976 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2432 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2432))))) is different from true [2022-11-18 20:42:37,996 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:37,996 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,012 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,012 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,098 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2433 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2433) |c_#length|)))) is different from true [2022-11-18 20:42:38,115 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:38,116 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,132 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,132 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,208 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2434 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2434) |c_#length|)))) is different from true [2022-11-18 20:42:38,228 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:38,228 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,240 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,240 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,317 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2435 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2435))))) is different from true [2022-11-18 20:42:38,334 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:38,335 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,347 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,347 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,515 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2436 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2436))))) is different from true [2022-11-18 20:42:38,542 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:38,542 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,558 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,558 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,726 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2437 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2437) |c_#length|)))) is different from true [2022-11-18 20:42:38,744 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:38,744 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,756 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,756 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,836 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2438 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2438) |c_#length|)))) is different from true [2022-11-18 20:42:38,856 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:38,856 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,872 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,872 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,947 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2439 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2439) |c_#length|)))) is different from true [2022-11-18 20:42:38,964 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:38,965 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:38,981 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:38,981 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:38,998 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-18 20:42:38,998 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:42:41,436 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [760511208] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:42:41,436 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:42:41,436 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-18 20:42:41,437 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [435671412] [2022-11-18 20:42:41,437 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:42:41,437 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-18 20:42:41,437 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:42:41,438 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-18 20:42:41,438 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-18 20:42:41,439 INFO L87 Difference]: Start difference. First operand 129 states and 170 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:42:44,296 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:42:44,296 INFO L93 Difference]: Finished difference Result 204 states and 265 transitions. [2022-11-18 20:42:44,297 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-18 20:42:44,298 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-18 20:42:44,298 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:42:44,299 INFO L225 Difference]: With dead ends: 204 [2022-11-18 20:42:44,299 INFO L226 Difference]: Without dead ends: 204 [2022-11-18 20:42:44,300 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 68 ImplicationChecksByTransitivity, 4.7s TimeCoverageRelationStatistics Valid=127, Invalid=733, Unknown=16, NotChecked=1104, Total=1980 [2022-11-18 20:42:44,300 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 29 mSDsluCounter, 438 mSDsCounter, 0 mSdLazyCounter, 1233 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 29 SdHoareTripleChecker+Valid, 477 SdHoareTripleChecker+Invalid, 2601 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 1233 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1345 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-11-18 20:42:44,300 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [29 Valid, 477 Invalid, 2601 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 1233 Invalid, 0 Unknown, 1345 Unchecked, 2.0s Time] [2022-11-18 20:42:44,301 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 204 states. [2022-11-18 20:42:44,306 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 204 to 124. [2022-11-18 20:42:44,306 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 97 states have (on average 1.041237113402062) internal successors, (101), 99 states have internal predecessors, (101), 21 states have call successors, (21), 2 states have call predecessors, (21), 4 states have return successors, (41), 22 states have call predecessors, (41), 21 states have call successors, (41) [2022-11-18 20:42:44,307 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 163 transitions. [2022-11-18 20:42:44,307 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 163 transitions. Word has length 98 [2022-11-18 20:42:44,307 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:42:44,308 INFO L495 AbstractCegarLoop]: Abstraction has 124 states and 163 transitions. [2022-11-18 20:42:44,308 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:42:44,308 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 163 transitions. [2022-11-18 20:42:44,309 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:42:44,309 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:42:44,309 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:42:44,319 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (48)] Ended with exit code 0 [2022-11-18 20:42:44,526 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (47)] Forceful destruction successful, exit code 0 [2022-11-18 20:42:44,716 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 48 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,47 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:42:44,716 INFO L420 AbstractCegarLoop]: === Iteration 28 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:42:44,716 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:42:44,716 INFO L85 PathProgramCache]: Analyzing trace with hash -616016914, now seen corresponding path program 11 times [2022-11-18 20:42:44,717 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:42:44,717 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1167742111] [2022-11-18 20:42:44,717 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:42:44,717 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:42:44,717 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:42:44,718 INFO L229 MonitoredProcess]: Starting monitored process 49 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:42:44,719 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (49)] Waiting until timeout for monitored process [2022-11-18 20:42:45,307 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-18 20:42:45,307 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:42:45,320 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-18 20:42:45,325 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:42:45,343 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:42:45,550 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:42:45,551 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:42:45,962 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2520 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2520) |c_#length|)))) is different from true [2022-11-18 20:42:45,981 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:46,008 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:42:46,008 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-18 20:42:46,028 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:46,028 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:46,455 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2521 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2521) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:42:46,472 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:46,472 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:46,484 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:46,484 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:46,677 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2522 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2522) |c_#length|)))) is different from true [2022-11-18 20:42:46,697 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:46,697 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:46,713 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:46,713 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:46,903 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2523 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2523) |c_#length|)))) is different from true [2022-11-18 20:42:46,929 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:46,929 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:46,941 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:46,941 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:47,142 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2524 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2524) |c_#length|)))) is different from true [2022-11-18 20:42:47,159 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:47,160 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:47,179 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:47,179 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:47,395 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2525 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2525) |c_#length|)))) is different from true [2022-11-18 20:42:47,412 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:47,413 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:47,428 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:47,428 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:47,640 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2526 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2526) |c_#length|)))) is different from true [2022-11-18 20:42:47,659 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:47,660 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:47,671 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:47,672 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:47,891 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2527 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2527) |c_#length|)))) is different from true [2022-11-18 20:42:47,908 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:47,909 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:47,925 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:47,926 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:48,014 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 20 proven. 240 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-18 20:42:48,014 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:42:50,812 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:42:50,812 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1167742111] [2022-11-18 20:42:50,812 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1167742111] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:42:50,813 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [565159218] [2022-11-18 20:42:50,813 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:42:50,813 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:42:50,813 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:42:50,814 INFO L229 MonitoredProcess]: Starting monitored process 50 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:42:50,815 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (50)] Waiting until timeout for monitored process [2022-11-18 20:42:52,201 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-18 20:42:52,201 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:42:52,236 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 98 conjunts are in the unsatisfiable core [2022-11-18 20:42:52,241 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:42:52,253 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:42:52,329 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:42:52,490 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:42:52,490 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:42:53,146 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2610 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2610) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2609 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2609))))) is different from true [2022-11-18 20:42:53,259 INFO L321 Elim1Store]: treesize reduction 44, result has 42.9 percent of original size [2022-11-18 20:42:53,259 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 0 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 5 case distinctions, treesize of input 43 treesize of output 70 [2022-11-18 20:42:53,316 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:42:53,317 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 29 treesize of output 36 [2022-11-18 20:42:54,124 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2612 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2612))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2611 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2611))))) is different from true [2022-11-18 20:42:54,157 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:54,226 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-18 20:42:54,226 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-18 20:42:54,243 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-18 20:42:54,243 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-18 20:42:54,503 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2613 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2613) |c_#valid|)) (exists ((v_ArrVal_2614 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2614) |c_#length|)))) is different from true [2022-11-18 20:42:54,549 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:54,551 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:54,555 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-18 20:42:54,555 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-18 20:42:54,565 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:54,615 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-18 20:42:54,615 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-18 20:42:54,870 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2615 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2615) |c_#length|)))) is different from true [2022-11-18 20:42:54,898 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:54,899 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:54,903 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-18 20:42:54,903 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-18 20:42:54,932 INFO L321 Elim1Store]: treesize reduction 22, result has 29.0 percent of original size [2022-11-18 20:42:54,933 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 0 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 3 case distinctions, treesize of input 20 treesize of output 22 [2022-11-18 20:42:55,411 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2616 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2616))) (exists ((v_ArrVal_2617 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2617))))) is different from true [2022-11-18 20:42:55,434 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:55,461 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-18 20:42:55,461 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-18 20:42:55,501 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:42:55,501 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:42:55,597 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2618 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2618) |c_#length|)) (exists ((v_ArrVal_2619 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2619) |c_#valid|)))) is different from true [2022-11-18 20:42:55,646 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:42:55,646 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:42:55,651 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:55,742 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2620 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2620) |c_#length|)))) is different from true [2022-11-18 20:42:55,769 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:55,769 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:55,789 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:55,789 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:55,878 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2621 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2621) |c_#length|)))) is different from true [2022-11-18 20:42:55,894 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:42:55,895 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:42:55,911 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:42:55,911 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:42:55,928 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 20 proven. 240 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-18 20:42:55,929 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:42:56,458 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [565159218] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:42:56,459 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:42:56,459 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [39, 36] total 60 [2022-11-18 20:42:56,459 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [896208136] [2022-11-18 20:42:56,459 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:42:56,459 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 61 states [2022-11-18 20:42:56,459 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:42:56,460 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 61 interpolants. [2022-11-18 20:42:56,460 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=204, Invalid=2005, Unknown=17, NotChecked=1680, Total=3906 [2022-11-18 20:42:56,460 INFO L87 Difference]: Start difference. First operand 124 states and 163 transitions. Second operand has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) [2022-11-18 20:42:59,360 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:42:59,360 INFO L93 Difference]: Finished difference Result 192 states and 253 transitions. [2022-11-18 20:42:59,361 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-18 20:42:59,361 INFO L78 Accepts]: Start accepts. Automaton has has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) Word has length 98 [2022-11-18 20:42:59,361 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:42:59,362 INFO L225 Difference]: With dead ends: 192 [2022-11-18 20:42:59,362 INFO L226 Difference]: Without dead ends: 192 [2022-11-18 20:42:59,363 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 205 GetRequests, 138 SyntacticMatches, 2 SemanticMatches, 65 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 485 ImplicationChecksByTransitivity, 7.8s TimeCoverageRelationStatistics Valid=232, Invalid=2365, Unknown=17, NotChecked=1808, Total=4422 [2022-11-18 20:42:59,363 INFO L413 NwaCegarLoop]: 33 mSDtfsCounter, 29 mSDsluCounter, 526 mSDsCounter, 0 mSdLazyCounter, 700 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 29 SdHoareTripleChecker+Valid, 559 SdHoareTripleChecker+Invalid, 2081 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 700 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1365 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-18 20:42:59,364 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [29 Valid, 559 Invalid, 2081 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 700 Invalid, 0 Unknown, 1365 Unchecked, 1.2s Time] [2022-11-18 20:42:59,364 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 192 states. [2022-11-18 20:42:59,369 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 192 to 154. [2022-11-18 20:42:59,370 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 154 states, 121 states have (on average 1.0330578512396693) internal successors, (125), 123 states have internal predecessors, (125), 27 states have call successors, (27), 2 states have call predecessors, (27), 4 states have return successors, (53), 28 states have call predecessors, (53), 27 states have call successors, (53) [2022-11-18 20:42:59,371 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 154 states to 154 states and 205 transitions. [2022-11-18 20:42:59,371 INFO L78 Accepts]: Start accepts. Automaton has 154 states and 205 transitions. Word has length 98 [2022-11-18 20:42:59,371 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:42:59,372 INFO L495 AbstractCegarLoop]: Abstraction has 154 states and 205 transitions. [2022-11-18 20:42:59,372 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) [2022-11-18 20:42:59,372 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 205 transitions. [2022-11-18 20:42:59,373 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:42:59,373 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:42:59,373 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:42:59,394 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (49)] Forceful destruction successful, exit code 0 [2022-11-18 20:42:59,594 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (50)] Forceful destruction successful, exit code 0 [2022-11-18 20:42:59,788 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 49 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,50 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt [2022-11-18 20:42:59,788 INFO L420 AbstractCegarLoop]: === Iteration 29 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:42:59,789 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:42:59,789 INFO L85 PathProgramCache]: Analyzing trace with hash 1668846541, now seen corresponding path program 12 times [2022-11-18 20:42:59,789 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:42:59,789 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1866592733] [2022-11-18 20:42:59,789 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-18 20:42:59,789 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:42:59,789 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:42:59,790 INFO L229 MonitoredProcess]: Starting monitored process 51 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:42:59,792 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (51)] Waiting until timeout for monitored process [2022-11-18 20:43:00,420 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 11 check-sat command(s) [2022-11-18 20:43:00,421 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:43:00,434 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 84 conjunts are in the unsatisfiable core [2022-11-18 20:43:00,439 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:00,461 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:00,467 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:00,641 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2699 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2699) |c_#length|)))) is different from true [2022-11-18 20:43:00,668 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:00,669 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:00,685 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:00,686 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:00,825 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2700 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2700) |c_#length|)))) is different from true [2022-11-18 20:43:00,843 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:00,843 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:00,860 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:00,860 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:01,141 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2701 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2701) |c_#length|)))) is different from true [2022-11-18 20:43:01,160 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:01,161 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:01,173 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:01,173 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:01,335 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2702 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2702) |c_#length|)))) is different from true [2022-11-18 20:43:01,361 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:01,362 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:01,374 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:01,374 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:01,536 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2703 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2703))))) is different from true [2022-11-18 20:43:01,553 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:01,553 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:01,565 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:01,565 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:01,938 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2704 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2704) |c_#length|)))) is different from true [2022-11-18 20:43:01,960 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:01,961 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:01,973 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:01,973 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:02,159 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2705 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2705))))) is different from true [2022-11-18 20:43:02,185 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:02,185 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:02,197 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:02,197 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:02,392 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2706 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2706) |c_#length|)))) is different from true [2022-11-18 20:43:02,419 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:02,419 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:02,435 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:02,435 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:02,522 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 16 proven. 244 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-18 20:43:02,523 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:03,254 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:43:03,254 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1866592733] [2022-11-18 20:43:03,254 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1866592733] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:03,254 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1393588486] [2022-11-18 20:43:03,254 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-18 20:43:03,255 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:43:03,255 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:43:03,255 INFO L229 MonitoredProcess]: Starting monitored process 52 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:43:03,258 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (52)] Waiting until timeout for monitored process [2022-11-18 20:43:04,430 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 11 check-sat command(s) [2022-11-18 20:43:04,430 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:43:04,443 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 94 conjunts are in the unsatisfiable core [2022-11-18 20:43:04,448 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:04,457 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:04,474 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:04,670 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:04,670 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:04,684 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:04,941 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2787 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2787))) (exists ((v_ArrVal_2786 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2786))))) is different from true [2022-11-18 20:43:05,007 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:43:05,008 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:43:05,014 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:05,222 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2788 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2788) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2789 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2789) |c_#valid|)))) is different from true [2022-11-18 20:43:05,290 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:43:05,290 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:43:05,296 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:05,387 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2791 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2791) |c_#valid|)) (exists ((v_ArrVal_2790 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2790) |c_#length|)))) is different from true [2022-11-18 20:43:05,411 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:05,411 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:05,439 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:43:05,440 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:43:05,525 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2792 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2792) |c_#length|)))) is different from true [2022-11-18 20:43:05,543 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:05,543 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:05,556 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:05,556 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:05,852 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:43:05,853 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:43:05,922 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:43:05,922 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:43:06,458 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2796 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2796))))) is different from true [2022-11-18 20:43:06,480 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:06,481 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:06,509 INFO L321 Elim1Store]: treesize reduction 12, result has 42.9 percent of original size [2022-11-18 20:43:06,510 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 22 [2022-11-18 20:43:06,590 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2797 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2797))))) is different from true [2022-11-18 20:43:06,617 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:06,627 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:06,643 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:06,643 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:06,667 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 18 proven. 256 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-18 20:43:06,667 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:11,222 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1393588486] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:11,222 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:43:11,222 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 35] total 48 [2022-11-18 20:43:11,226 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2004036034] [2022-11-18 20:43:11,227 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:43:11,227 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 49 states [2022-11-18 20:43:11,227 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:43:11,228 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 49 interpolants. [2022-11-18 20:43:11,229 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=161, Invalid=1213, Unknown=14, NotChecked=1162, Total=2550 [2022-11-18 20:43:11,229 INFO L87 Difference]: Start difference. First operand 154 states and 205 transitions. Second operand has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) [2022-11-18 20:43:14,954 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:43:14,954 INFO L93 Difference]: Finished difference Result 226 states and 299 transitions. [2022-11-18 20:43:14,955 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-18 20:43:14,956 INFO L78 Accepts]: Start accepts. Automaton has has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) Word has length 98 [2022-11-18 20:43:14,956 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:43:14,958 INFO L225 Difference]: With dead ends: 226 [2022-11-18 20:43:14,958 INFO L226 Difference]: Without dead ends: 226 [2022-11-18 20:43:14,958 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 203 GetRequests, 150 SyntacticMatches, 1 SemanticMatches, 52 ConstructedPredicates, 14 IntricatePredicates, 0 DeprecatedPredicates, 259 ImplicationChecksByTransitivity, 7.9s TimeCoverageRelationStatistics Valid=179, Invalid=1423, Unknown=14, NotChecked=1246, Total=2862 [2022-11-18 20:43:14,959 INFO L413 NwaCegarLoop]: 33 mSDtfsCounter, 31 mSDsluCounter, 440 mSDsCounter, 0 mSdLazyCounter, 1579 mSolverCounterSat, 30 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 31 SdHoareTripleChecker+Valid, 473 SdHoareTripleChecker+Invalid, 2780 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 30 IncrementalHoareTripleChecker+Valid, 1579 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1171 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-11-18 20:43:14,959 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [31 Valid, 473 Invalid, 2780 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [30 Valid, 1579 Invalid, 0 Unknown, 1171 Unchecked, 2.6s Time] [2022-11-18 20:43:14,960 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 226 states. [2022-11-18 20:43:14,965 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 226 to 164. [2022-11-18 20:43:14,965 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 164 states, 129 states have (on average 1.0310077519379846) internal successors, (133), 131 states have internal predecessors, (133), 29 states have call successors, (29), 2 states have call predecessors, (29), 4 states have return successors, (57), 30 states have call predecessors, (57), 29 states have call successors, (57) [2022-11-18 20:43:14,966 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 164 states to 164 states and 219 transitions. [2022-11-18 20:43:14,966 INFO L78 Accepts]: Start accepts. Automaton has 164 states and 219 transitions. Word has length 98 [2022-11-18 20:43:14,967 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:43:14,967 INFO L495 AbstractCegarLoop]: Abstraction has 164 states and 219 transitions. [2022-11-18 20:43:14,967 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) [2022-11-18 20:43:14,967 INFO L276 IsEmpty]: Start isEmpty. Operand 164 states and 219 transitions. [2022-11-18 20:43:14,968 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:43:14,969 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:43:14,969 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 8, 3, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:43:14,981 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (52)] Ended with exit code 0 [2022-11-18 20:43:15,187 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (51)] Forceful destruction successful, exit code 0 [2022-11-18 20:43:15,377 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 52 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,51 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:43:15,377 INFO L420 AbstractCegarLoop]: === Iteration 30 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:43:15,378 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:43:15,378 INFO L85 PathProgramCache]: Analyzing trace with hash 1163287916, now seen corresponding path program 13 times [2022-11-18 20:43:15,378 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:43:15,378 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [610946390] [2022-11-18 20:43:15,378 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-18 20:43:15,378 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:43:15,378 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:43:15,379 INFO L229 MonitoredProcess]: Starting monitored process 53 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:43:15,380 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (53)] Waiting until timeout for monitored process [2022-11-18 20:43:15,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:43:15,782 INFO L263 TraceCheckSpWp]: Trace formula consists of 358 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-18 20:43:15,786 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:15,808 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:15,814 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:15,994 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2873 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2873) |c_#length|)))) is different from true [2022-11-18 20:43:16,012 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:16,012 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:16,028 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:16,029 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:16,169 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2874 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2874) |c_#length|)))) is different from true [2022-11-18 20:43:16,186 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:16,187 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:16,203 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:16,203 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:16,483 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2875 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2875) |c_#length|)))) is different from true [2022-11-18 20:43:16,501 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:16,501 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:16,519 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:16,519 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:16,690 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2876 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2876) |c_#length|)))) is different from true [2022-11-18 20:43:16,709 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:16,710 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:16,722 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:16,722 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:16,896 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2877 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2877))))) is different from true [2022-11-18 20:43:16,913 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:16,914 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:16,926 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:16,926 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:17,256 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2878 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2878) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:17,280 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:17,281 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:17,297 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:17,298 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:17,644 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2879 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2879))))) is different from true [2022-11-18 20:43:17,662 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:17,662 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:17,675 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:17,675 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:17,755 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 232 refuted. 0 times theorem prover too weak. 96 trivial. 98 not checked. [2022-11-18 20:43:17,755 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:20,428 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:43:20,428 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [610946390] [2022-11-18 20:43:20,428 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [610946390] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:20,428 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [76416545] [2022-11-18 20:43:20,429 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-18 20:43:20,429 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:43:20,429 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:43:20,430 INFO L229 MonitoredProcess]: Starting monitored process 54 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:43:20,431 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (54)] Waiting until timeout for monitored process [2022-11-18 20:43:21,160 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-18 20:43:21,188 INFO L263 TraceCheckSpWp]: Trace formula consists of 358 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-18 20:43:21,200 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:21,212 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:21,222 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:21,325 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2955 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2955))))) is different from true [2022-11-18 20:43:21,348 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:21,349 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:21,363 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:21,363 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:21,457 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2956 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2956) |c_#length|)))) is different from true [2022-11-18 20:43:21,477 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:21,478 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:21,493 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:21,493 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:21,695 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2957 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2957) |c_#length|)))) is different from true [2022-11-18 20:43:21,716 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:21,716 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:21,742 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:21,742 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:21,830 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2958 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2958) |c_#length|)))) is different from true [2022-11-18 20:43:21,850 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:21,850 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:21,863 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:21,863 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:21,941 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2959 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2959) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:21,958 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:21,959 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:21,971 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:21,971 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:22,144 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2960 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2960))))) is different from true [2022-11-18 20:43:22,168 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:22,168 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:22,181 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:22,181 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:22,362 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2961 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2961))))) is different from true [2022-11-18 20:43:22,380 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:22,381 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:22,393 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:22,394 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:22,414 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 232 refuted. 0 times theorem prover too weak. 96 trivial. 98 not checked. [2022-11-18 20:43:22,414 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:26,853 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [76416545] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:26,854 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:43:26,854 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 37 [2022-11-18 20:43:26,854 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1815832567] [2022-11-18 20:43:26,854 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:43:26,854 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 38 states [2022-11-18 20:43:26,855 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:43:26,855 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 38 interpolants. [2022-11-18 20:43:26,855 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=111, Invalid=580, Unknown=15, NotChecked=854, Total=1560 [2022-11-18 20:43:26,856 INFO L87 Difference]: Start difference. First operand 164 states and 219 transitions. Second operand has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) [2022-11-18 20:43:29,566 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:43:29,566 INFO L93 Difference]: Finished difference Result 227 states and 298 transitions. [2022-11-18 20:43:29,567 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 24 states. [2022-11-18 20:43:29,568 INFO L78 Accepts]: Start accepts. Automaton has has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) Word has length 98 [2022-11-18 20:43:29,568 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:43:29,569 INFO L225 Difference]: With dead ends: 227 [2022-11-18 20:43:29,569 INFO L226 Difference]: Without dead ends: 227 [2022-11-18 20:43:29,569 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 161 SyntacticMatches, 1 SemanticMatches, 40 ConstructedPredicates, 14 IntricatePredicates, 0 DeprecatedPredicates, 58 ImplicationChecksByTransitivity, 8.4s TimeCoverageRelationStatistics Valid=119, Invalid=678, Unknown=15, NotChecked=910, Total=1722 [2022-11-18 20:43:29,570 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 25 mSDsluCounter, 398 mSDsCounter, 0 mSdLazyCounter, 1153 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 25 SdHoareTripleChecker+Valid, 436 SdHoareTripleChecker+Invalid, 2303 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 1153 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1129 IncrementalHoareTripleChecker+Unchecked, 2.0s IncrementalHoareTripleChecker+Time [2022-11-18 20:43:29,570 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [25 Valid, 436 Invalid, 2303 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 1153 Invalid, 0 Unknown, 1129 Unchecked, 2.0s Time] [2022-11-18 20:43:29,571 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 227 states. [2022-11-18 20:43:29,576 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 227 to 139. [2022-11-18 20:43:29,577 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 139 states, 109 states have (on average 1.036697247706422) internal successors, (113), 111 states have internal predecessors, (113), 24 states have call successors, (24), 2 states have call predecessors, (24), 4 states have return successors, (47), 25 states have call predecessors, (47), 24 states have call successors, (47) [2022-11-18 20:43:29,577 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 139 states to 139 states and 184 transitions. [2022-11-18 20:43:29,578 INFO L78 Accepts]: Start accepts. Automaton has 139 states and 184 transitions. Word has length 98 [2022-11-18 20:43:29,578 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:43:29,578 INFO L495 AbstractCegarLoop]: Abstraction has 139 states and 184 transitions. [2022-11-18 20:43:29,578 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) [2022-11-18 20:43:29,578 INFO L276 IsEmpty]: Start isEmpty. Operand 139 states and 184 transitions. [2022-11-18 20:43:29,579 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:43:29,579 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:43:29,580 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:43:29,599 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (53)] Forceful destruction successful, exit code 0 [2022-11-18 20:43:29,800 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (54)] Forceful destruction successful, exit code 0 [2022-11-18 20:43:29,995 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 53 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,54 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt [2022-11-18 20:43:29,995 INFO L420 AbstractCegarLoop]: === Iteration 31 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:43:29,995 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:43:29,996 INFO L85 PathProgramCache]: Analyzing trace with hash 1743290095, now seen corresponding path program 14 times [2022-11-18 20:43:29,996 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:43:29,996 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [307341680] [2022-11-18 20:43:29,996 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:43:29,996 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:43:29,997 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:43:29,997 INFO L229 MonitoredProcess]: Starting monitored process 55 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:43:29,998 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (55)] Waiting until timeout for monitored process [2022-11-18 20:43:30,404 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:43:30,404 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:43:30,417 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-18 20:43:30,429 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:30,453 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:30,462 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:30,645 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3039 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3039) |c_#length|)))) is different from true [2022-11-18 20:43:30,662 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:30,663 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:30,679 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:30,679 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:30,819 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3040 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3040) |c_#length|)))) is different from true [2022-11-18 20:43:30,837 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:30,838 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:30,864 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:30,865 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:31,146 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3041 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3041))))) is different from true [2022-11-18 20:43:31,164 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:31,164 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:31,177 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:31,177 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:31,350 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3042 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3042))))) is different from true [2022-11-18 20:43:31,370 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:31,370 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:31,382 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:31,383 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:31,690 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3043 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3043) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:31,709 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:31,710 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:31,726 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:31,726 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:31,907 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3044 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3044) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:31,925 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:31,926 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:31,942 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:31,942 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:32,139 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3045 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3045))))) is different from true [2022-11-18 20:43:32,159 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:32,160 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:32,176 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:32,176 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:32,372 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3046 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3046) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:32,390 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:32,390 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:32,403 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:32,403 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:32,483 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-18 20:43:32,483 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:38,229 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:43:38,229 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [307341680] [2022-11-18 20:43:38,229 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [307341680] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:38,230 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1776024353] [2022-11-18 20:43:38,230 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-18 20:43:38,230 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:43:38,230 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:43:38,231 INFO L229 MonitoredProcess]: Starting monitored process 56 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:43:38,233 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (56)] Waiting until timeout for monitored process [2022-11-18 20:43:38,953 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-18 20:43:38,953 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:43:38,978 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 87 conjunts are in the unsatisfiable core [2022-11-18 20:43:38,982 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:38,997 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:39,008 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:39,102 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3124 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3124) |c_#length|)))) is different from true [2022-11-18 20:43:39,122 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:39,123 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:39,138 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:39,138 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:39,211 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3125 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3125) |c_#length|)))) is different from true [2022-11-18 20:43:39,231 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:39,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:39,247 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:39,247 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:39,407 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3126 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3126))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:39,433 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:39,433 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:39,449 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:39,449 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:39,524 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3127 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3127) |c_#length|)))) is different from true [2022-11-18 20:43:39,542 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:39,542 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:39,554 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:39,554 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:39,727 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3128 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3128) |c_#length|)))) is different from true [2022-11-18 20:43:39,744 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:39,744 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:39,760 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:39,760 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:39,838 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3129 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3129))))) is different from true [2022-11-18 20:43:39,854 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:39,855 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:39,870 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:39,871 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:39,957 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3130 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3130) |c_#length|)))) is different from true [2022-11-18 20:43:39,976 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:39,977 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:39,988 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:39,989 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:40,068 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3131 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3131) |c_#length|)))) is different from true [2022-11-18 20:43:40,086 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:40,086 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:40,102 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:40,102 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:40,119 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-18 20:43:40,119 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:42,561 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1776024353] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:42,561 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:43:42,561 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-18 20:43:42,561 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1161303967] [2022-11-18 20:43:42,561 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:43:42,562 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-18 20:43:42,562 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:43:42,562 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-18 20:43:42,562 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-18 20:43:42,563 INFO L87 Difference]: Start difference. First operand 139 states and 184 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:43:45,896 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:43:45,896 INFO L93 Difference]: Finished difference Result 219 states and 286 transitions. [2022-11-18 20:43:45,897 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-18 20:43:45,897 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-18 20:43:45,897 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:43:45,898 INFO L225 Difference]: With dead ends: 219 [2022-11-18 20:43:45,899 INFO L226 Difference]: Without dead ends: 219 [2022-11-18 20:43:45,899 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 66 ImplicationChecksByTransitivity, 9.8s TimeCoverageRelationStatistics Valid=127, Invalid=733, Unknown=16, NotChecked=1104, Total=1980 [2022-11-18 20:43:45,900 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 28 mSDsluCounter, 480 mSDsCounter, 0 mSdLazyCounter, 1360 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 519 SdHoareTripleChecker+Invalid, 2400 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 1360 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1019 IncrementalHoareTripleChecker+Unchecked, 2.4s IncrementalHoareTripleChecker+Time [2022-11-18 20:43:45,900 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 519 Invalid, 2400 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 1360 Invalid, 0 Unknown, 1019 Unchecked, 2.4s Time] [2022-11-18 20:43:45,900 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 219 states. [2022-11-18 20:43:45,905 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 219 to 134. [2022-11-18 20:43:45,905 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 134 states, 105 states have (on average 1.0380952380952382) internal successors, (109), 107 states have internal predecessors, (109), 23 states have call successors, (23), 2 states have call predecessors, (23), 4 states have return successors, (45), 24 states have call predecessors, (45), 23 states have call successors, (45) [2022-11-18 20:43:45,906 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 134 states to 134 states and 177 transitions. [2022-11-18 20:43:45,907 INFO L78 Accepts]: Start accepts. Automaton has 134 states and 177 transitions. Word has length 98 [2022-11-18 20:43:45,907 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:43:45,907 INFO L495 AbstractCegarLoop]: Abstraction has 134 states and 177 transitions. [2022-11-18 20:43:45,907 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:43:45,907 INFO L276 IsEmpty]: Start isEmpty. Operand 134 states and 177 transitions. [2022-11-18 20:43:45,908 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:43:45,908 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:43:45,909 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:43:45,916 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (56)] Forceful destruction successful, exit code 0 [2022-11-18 20:43:46,126 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (55)] Forceful destruction successful, exit code 0 [2022-11-18 20:43:46,316 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 56 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,55 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:43:46,316 INFO L420 AbstractCegarLoop]: === Iteration 32 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:43:46,316 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:43:46,316 INFO L85 PathProgramCache]: Analyzing trace with hash -856557043, now seen corresponding path program 15 times [2022-11-18 20:43:46,317 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:43:46,317 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [86531657] [2022-11-18 20:43:46,317 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:43:46,317 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:43:46,317 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:43:46,318 INFO L229 MonitoredProcess]: Starting monitored process 57 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:43:46,319 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (57)] Waiting until timeout for monitored process [2022-11-18 20:43:46,875 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-18 20:43:46,876 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:43:46,888 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-18 20:43:46,893 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:46,913 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:46,919 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:47,094 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3209 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3209))))) is different from true [2022-11-18 20:43:47,116 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:47,116 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:47,129 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:47,129 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:47,268 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3210 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3210))))) is different from true [2022-11-18 20:43:47,289 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:47,289 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:47,301 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:47,302 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:47,626 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3211 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3211))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:47,644 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:47,644 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:47,660 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:47,660 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:47,984 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3212 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3212))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:43:48,002 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:48,003 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:48,015 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:48,016 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:48,203 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3213 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3213))))) is different from true [2022-11-18 20:43:48,222 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:48,223 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:48,235 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:48,235 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:48,434 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3214 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3214) |c_#length|)))) is different from true [2022-11-18 20:43:48,452 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:48,452 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:48,468 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:48,469 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:48,667 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3215 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3215) |c_#length|)))) is different from true [2022-11-18 20:43:48,687 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:48,688 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:48,700 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:48,700 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:48,908 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3216 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3216) |c_#length|)))) is different from true [2022-11-18 20:43:48,927 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:48,928 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:48,940 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:48,940 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:49,020 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 32 proven. 240 refuted. 0 times theorem prover too weak. 60 trivial. 104 not checked. [2022-11-18 20:43:49,020 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:49,698 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:43:49,698 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [86531657] [2022-11-18 20:43:49,698 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [86531657] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:49,698 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1081988321] [2022-11-18 20:43:49,698 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:43:49,699 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:43:49,699 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:43:49,699 INFO L229 MonitoredProcess]: Starting monitored process 58 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:43:49,701 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (58)] Waiting until timeout for monitored process [2022-11-18 20:43:50,959 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-18 20:43:50,959 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:43:50,972 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-18 20:43:50,976 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:43:50,990 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:43:51,000 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:43:51,091 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3295 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3295))) (exists ((v_ArrVal_3294 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3294))))) is different from true [2022-11-18 20:43:51,115 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:51,116 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:51,144 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:43:51,144 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:43:51,356 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:43:51,356 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:43:51,381 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:51,381 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:51,696 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3298 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3298) |c_#length|)))) is different from true [2022-11-18 20:43:51,713 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:51,713 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:51,726 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:51,726 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:51,939 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-18 20:43:51,968 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-18 20:43:51,968 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-18 20:43:52,498 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-18 20:43:52,498 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-18 20:43:53,392 INFO L321 Elim1Store]: treesize reduction 24, result has 48.9 percent of original size [2022-11-18 20:43:53,393 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 17 treesize of output 34 [2022-11-18 20:43:53,433 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:53,433 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:53,736 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3304 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3304))))) is different from true [2022-11-18 20:43:53,755 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:53,756 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:53,768 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:53,768 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:53,854 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3305 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3305))))) is different from true [2022-11-18 20:43:53,870 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:43:53,871 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:43:53,883 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:43:53,883 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:43:53,903 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 36 proven. 278 refuted. 0 times theorem prover too weak. 42 trivial. 80 not checked. [2022-11-18 20:43:53,903 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:43:56,450 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1081988321] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:43:56,450 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:43:56,451 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [35, 39] total 53 [2022-11-18 20:43:56,451 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1180092950] [2022-11-18 20:43:56,451 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:43:56,451 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 54 states [2022-11-18 20:43:56,451 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:43:56,451 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 54 interpolants. [2022-11-18 20:43:56,452 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=171, Invalid=1674, Unknown=13, NotChecked=1222, Total=3080 [2022-11-18 20:43:56,452 INFO L87 Difference]: Start difference. First operand 134 states and 177 transitions. Second operand has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) [2022-11-18 20:44:01,350 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:44:01,350 INFO L93 Difference]: Finished difference Result 228 states and 299 transitions. [2022-11-18 20:44:01,351 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 35 states. [2022-11-18 20:44:01,352 INFO L78 Accepts]: Start accepts. Automaton has has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) Word has length 98 [2022-11-18 20:44:01,352 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:44:01,355 INFO L225 Difference]: With dead ends: 228 [2022-11-18 20:44:01,355 INFO L226 Difference]: Without dead ends: 228 [2022-11-18 20:44:01,357 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 211 GetRequests, 144 SyntacticMatches, 3 SemanticMatches, 64 ConstructedPredicates, 13 IntricatePredicates, 0 DeprecatedPredicates, 517 ImplicationChecksByTransitivity, 7.5s TimeCoverageRelationStatistics Valid=241, Invalid=2554, Unknown=13, NotChecked=1482, Total=4290 [2022-11-18 20:44:01,358 INFO L413 NwaCegarLoop]: 36 mSDtfsCounter, 41 mSDsluCounter, 558 mSDsCounter, 0 mSdLazyCounter, 1663 mSolverCounterSat, 34 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 594 SdHoareTripleChecker+Invalid, 3379 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 34 IncrementalHoareTripleChecker+Valid, 1663 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1682 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-11-18 20:44:01,358 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [41 Valid, 594 Invalid, 3379 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [34 Valid, 1663 Invalid, 0 Unknown, 1682 Unchecked, 2.9s Time] [2022-11-18 20:44:01,360 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 228 states. [2022-11-18 20:44:01,367 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 228 to 129. [2022-11-18 20:44:01,368 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 129 states, 101 states have (on average 1.0396039603960396) internal successors, (105), 103 states have internal predecessors, (105), 22 states have call successors, (22), 2 states have call predecessors, (22), 4 states have return successors, (43), 23 states have call predecessors, (43), 22 states have call successors, (43) [2022-11-18 20:44:01,369 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 129 states to 129 states and 170 transitions. [2022-11-18 20:44:01,369 INFO L78 Accepts]: Start accepts. Automaton has 129 states and 170 transitions. Word has length 98 [2022-11-18 20:44:01,369 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:44:01,370 INFO L495 AbstractCegarLoop]: Abstraction has 129 states and 170 transitions. [2022-11-18 20:44:01,370 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) [2022-11-18 20:44:01,370 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 170 transitions. [2022-11-18 20:44:01,371 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:44:01,371 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:44:01,371 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:44:01,386 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (58)] Forceful destruction successful, exit code 0 [2022-11-18 20:44:01,590 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (57)] Forceful destruction successful, exit code 0 [2022-11-18 20:44:01,780 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 58 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,57 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:44:01,780 INFO L420 AbstractCegarLoop]: === Iteration 33 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:44:01,781 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:44:01,781 INFO L85 PathProgramCache]: Analyzing trace with hash -335667025, now seen corresponding path program 16 times [2022-11-18 20:44:01,781 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:44:01,781 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1196831862] [2022-11-18 20:44:01,781 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:44:01,782 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:44:01,782 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:44:01,783 INFO L229 MonitoredProcess]: Starting monitored process 59 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:44:01,786 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (59)] Waiting until timeout for monitored process [2022-11-18 20:44:02,186 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:44:02,186 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:44:02,199 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-18 20:44:02,203 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:44:02,225 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:44:02,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:44:02,414 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3383 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3383) |c_#length|)))) is different from true [2022-11-18 20:44:02,432 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:02,432 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:02,448 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:02,449 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:02,590 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3384 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3384))))) is different from true [2022-11-18 20:44:02,607 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:02,608 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:02,624 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:02,624 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:03,039 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3385 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3385) |c_#length|)))) is different from true [2022-11-18 20:44:03,068 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:03,069 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:03,085 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:03,085 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:03,293 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3386 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3386))))) is different from true [2022-11-18 20:44:03,313 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:03,314 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:03,329 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:03,329 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:03,532 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3387 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3387) |c_#length|)))) is different from true [2022-11-18 20:44:03,551 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:03,551 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:03,564 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:03,564 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:03,753 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3388 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3388) |c_#length|)))) is different from true [2022-11-18 20:44:03,776 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:03,776 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:03,793 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:03,793 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:03,988 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3389 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3389) |c_#length|)))) is different from true [2022-11-18 20:44:04,007 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:04,008 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:04,021 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:04,021 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:04,223 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3390 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3390) |c_#length|)))) is different from true [2022-11-18 20:44:04,239 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:04,240 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:04,256 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:04,257 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:04,335 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-18 20:44:04,335 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:44:10,931 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:44:10,931 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1196831862] [2022-11-18 20:44:10,931 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1196831862] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:44:10,931 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [976343918] [2022-11-18 20:44:10,931 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-18 20:44:10,932 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:44:10,932 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:44:10,932 INFO L229 MonitoredProcess]: Starting monitored process 60 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:44:10,934 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (60)] Waiting until timeout for monitored process [2022-11-18 20:44:11,732 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-18 20:44:11,733 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:44:11,742 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-18 20:44:11,746 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:44:11,756 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-18 20:44:11,765 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:44:11,853 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3468 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3468))))) is different from true [2022-11-18 20:44:11,873 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:11,873 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:11,890 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:11,890 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:11,965 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3469 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3469) |c_#length|)))) is different from true [2022-11-18 20:44:11,985 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:11,985 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:11,997 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:11,998 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:12,279 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3470 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3470) |c_#length|)))) is different from true [2022-11-18 20:44:12,299 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:12,300 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:12,316 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:12,316 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:12,392 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3471 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3471))))) is different from true [2022-11-18 20:44:12,412 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:12,413 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:12,429 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:12,429 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:12,509 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3472 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3472))))) is different from true [2022-11-18 20:44:12,527 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:12,527 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:12,544 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:12,544 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:12,624 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3473 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3473) |c_#length|)))) is different from true [2022-11-18 20:44:12,644 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:12,645 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:12,657 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:12,658 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:12,746 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3474 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3474))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:44:12,764 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:12,765 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:12,780 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:12,780 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:12,857 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3475 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3475) |c_#length|)))) is different from true [2022-11-18 20:44:12,879 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:12,879 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:12,896 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:12,896 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:12,908 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-18 20:44:12,908 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:44:13,408 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [976343918] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:44:13,408 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:44:13,408 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-18 20:44:13,409 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1841470818] [2022-11-18 20:44:13,409 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:44:13,409 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-18 20:44:13,409 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:44:13,410 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-18 20:44:13,410 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-18 20:44:13,410 INFO L87 Difference]: Start difference. First operand 129 states and 170 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:44:16,589 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:44:16,589 INFO L93 Difference]: Finished difference Result 215 states and 282 transitions. [2022-11-18 20:44:16,590 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-18 20:44:16,591 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-18 20:44:16,591 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:44:16,592 INFO L225 Difference]: With dead ends: 215 [2022-11-18 20:44:16,592 INFO L226 Difference]: Without dead ends: 215 [2022-11-18 20:44:16,593 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 64 ImplicationChecksByTransitivity, 8.6s TimeCoverageRelationStatistics Valid=127, Invalid=733, Unknown=16, NotChecked=1104, Total=1980 [2022-11-18 20:44:16,593 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 28 mSDsluCounter, 501 mSDsCounter, 0 mSdLazyCounter, 1422 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 540 SdHoareTripleChecker+Invalid, 2829 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 1422 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1387 IncrementalHoareTripleChecker+Unchecked, 2.3s IncrementalHoareTripleChecker+Time [2022-11-18 20:44:16,593 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 540 Invalid, 2829 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 1422 Invalid, 0 Unknown, 1387 Unchecked, 2.3s Time] [2022-11-18 20:44:16,594 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 215 states. [2022-11-18 20:44:16,598 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 215 to 124. [2022-11-18 20:44:16,599 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 97 states have (on average 1.041237113402062) internal successors, (101), 99 states have internal predecessors, (101), 21 states have call successors, (21), 2 states have call predecessors, (21), 4 states have return successors, (41), 22 states have call predecessors, (41), 21 states have call successors, (41) [2022-11-18 20:44:16,599 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 163 transitions. [2022-11-18 20:44:16,600 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 163 transitions. Word has length 98 [2022-11-18 20:44:16,600 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:44:16,600 INFO L495 AbstractCegarLoop]: Abstraction has 124 states and 163 transitions. [2022-11-18 20:44:16,600 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:44:16,600 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 163 transitions. [2022-11-18 20:44:16,601 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-18 20:44:16,601 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:44:16,602 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:44:16,611 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (60)] Forceful destruction successful, exit code 0 [2022-11-18 20:44:16,819 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (59)] Forceful destruction successful, exit code 0 [2022-11-18 20:44:17,009 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 60 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,59 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:44:17,009 INFO L420 AbstractCegarLoop]: === Iteration 34 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:44:17,010 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:44:17,010 INFO L85 PathProgramCache]: Analyzing trace with hash 552179341, now seen corresponding path program 17 times [2022-11-18 20:44:17,010 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:44:17,011 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [329928652] [2022-11-18 20:44:17,011 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:44:17,011 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:44:17,011 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:44:17,012 INFO L229 MonitoredProcess]: Starting monitored process 61 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:44:17,013 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (61)] Waiting until timeout for monitored process [2022-11-18 20:44:17,651 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-18 20:44:17,651 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:44:17,664 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-18 20:44:17,668 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:44:17,687 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:44:17,979 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3552 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3552) |c_#length|)))) is different from true [2022-11-18 20:44:18,001 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:18,001 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:18,016 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:18,017 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:18,311 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3553 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3553) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:44:18,335 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:18,335 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:18,347 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:18,347 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:18,508 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3554) |c_#length|)))) is different from true [2022-11-18 20:44:18,524 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:18,525 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:18,540 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:18,540 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:18,706 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3555 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3555))))) is different from true [2022-11-18 20:44:18,723 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:18,723 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:18,739 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:18,739 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:18,910 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3556) |c_#length|)))) is different from true [2022-11-18 20:44:18,932 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:18,933 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:18,945 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:18,945 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:19,130 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3557 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3557) |c_#length|)))) is different from true [2022-11-18 20:44:19,146 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:19,147 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:19,162 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:19,162 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:19,348 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3558 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3558))))) is different from true [2022-11-18 20:44:19,368 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:19,368 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:19,380 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:19,380 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:19,575 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3559 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3559) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:44:19,592 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:19,593 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:19,608 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:19,609 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:19,684 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 30 proven. 230 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-18 20:44:19,684 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:44:22,330 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-18 20:44:22,330 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [329928652] [2022-11-18 20:44:22,330 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [329928652] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:44:22,330 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [560565042] [2022-11-18 20:44:22,331 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-18 20:44:22,331 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-18 20:44:22,331 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 [2022-11-18 20:44:22,332 INFO L229 MonitoredProcess]: Starting monitored process 62 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-18 20:44:22,354 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (62)] Waiting until timeout for monitored process [2022-11-18 20:44:23,585 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-18 20:44:23,585 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-18 20:44:23,613 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 85 conjunts are in the unsatisfiable core [2022-11-18 20:44:23,617 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-18 20:44:23,628 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-18 20:44:23,763 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3636 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3636) |c_#length|)) (exists ((v_ArrVal_3637 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3637))))) is different from true [2022-11-18 20:44:23,786 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:23,786 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:23,817 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:44:23,817 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:44:23,995 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3639 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3639) |c_#valid|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3638 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3638))))) is different from true [2022-11-18 20:44:24,043 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:44:24,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:44:24,048 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:24,138 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3641 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3641) |c_#valid|)) (exists ((v_ArrVal_3640 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3640) |c_#length|)))) is different from true [2022-11-18 20:44:24,194 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:44:24,195 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:44:24,200 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:24,285 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3642 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3642) |c_#length|)))) is different from true [2022-11-18 20:44:24,302 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:24,303 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:24,319 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:24,319 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:24,402 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3643 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3643) |c_#length|)) (exists ((v_ArrVal_3644 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3644) |c_#valid|)))) is different from true [2022-11-18 20:44:24,464 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:44:24,464 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:44:24,472 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:24,559 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3646 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3646) |c_#valid|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3645 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3645) |c_#length|)))) is different from true [2022-11-18 20:44:24,580 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:24,581 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:24,612 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-18 20:44:24,612 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-18 20:44:24,696 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3647 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3647) |c_#length|)))) is different from true [2022-11-18 20:44:24,715 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:24,716 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:24,727 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:24,728 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:24,805 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3648 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3648) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-18 20:44:24,827 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-18 20:44:24,828 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-18 20:44:24,841 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-18 20:44:24,841 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-18 20:44:24,855 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 30 proven. 230 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-18 20:44:24,855 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-18 20:44:27,366 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [560565042] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-18 20:44:27,366 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-18 20:44:27,366 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 29] total 42 [2022-11-18 20:44:27,366 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [79669726] [2022-11-18 20:44:27,366 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-18 20:44:27,367 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 43 states [2022-11-18 20:44:27,367 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-18 20:44:27,367 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 43 interpolants. [2022-11-18 20:44:27,368 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=126, Invalid=734, Unknown=16, NotChecked=1104, Total=1980 [2022-11-18 20:44:27,368 INFO L87 Difference]: Start difference. First operand 124 states and 163 transitions. Second operand has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:44:30,199 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-18 20:44:30,199 INFO L93 Difference]: Finished difference Result 180 states and 237 transitions. [2022-11-18 20:44:30,200 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-18 20:44:30,200 INFO L78 Accepts]: Start accepts. Automaton has has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-18 20:44:30,201 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-18 20:44:30,201 INFO L225 Difference]: With dead ends: 180 [2022-11-18 20:44:30,202 INFO L226 Difference]: Without dead ends: 180 [2022-11-18 20:44:30,202 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 156 SyntacticMatches, 1 SemanticMatches, 45 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 105 ImplicationChecksByTransitivity, 6.9s TimeCoverageRelationStatistics Valid=135, Invalid=843, Unknown=16, NotChecked=1168, Total=2162 [2022-11-18 20:44:30,202 INFO L413 NwaCegarLoop]: 37 mSDtfsCounter, 24 mSDsluCounter, 379 mSDsCounter, 0 mSdLazyCounter, 1171 mSolverCounterSat, 27 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.6s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 416 SdHoareTripleChecker+Invalid, 2410 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 27 IncrementalHoareTripleChecker+Valid, 1171 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1212 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-11-18 20:44:30,203 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 416 Invalid, 2410 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [27 Valid, 1171 Invalid, 0 Unknown, 1212 Unchecked, 1.8s Time] [2022-11-18 20:44:30,203 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 180 states. [2022-11-18 20:44:30,207 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 180 to 78. [2022-11-18 20:44:30,207 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 78 states, 60 states have (on average 1.0666666666666667) internal successors, (64), 62 states have internal predecessors, (64), 13 states have call successors, (13), 2 states have call predecessors, (13), 3 states have return successors, (24), 13 states have call predecessors, (24), 13 states have call successors, (24) [2022-11-18 20:44:30,208 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 78 states to 78 states and 101 transitions. [2022-11-18 20:44:30,208 INFO L78 Accepts]: Start accepts. Automaton has 78 states and 101 transitions. Word has length 98 [2022-11-18 20:44:30,208 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-18 20:44:30,208 INFO L495 AbstractCegarLoop]: Abstraction has 78 states and 101 transitions. [2022-11-18 20:44:30,208 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-18 20:44:30,209 INFO L276 IsEmpty]: Start isEmpty. Operand 78 states and 101 transitions. [2022-11-18 20:44:30,209 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-11-18 20:44:30,209 INFO L187 NwaCegarLoop]: Found error trace [2022-11-18 20:44:30,209 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 11, 10, 10, 10, 10, 10, 10, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-18 20:44:30,222 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt (62)] Ended with exit code 0 [2022-11-18 20:44:30,428 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (61)] Forceful destruction successful, exit code 0 [2022-11-18 20:44:30,618 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 62 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/cvc4 --incremental --print-success --lang smt,61 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:44:30,618 INFO L420 AbstractCegarLoop]: === Iteration 35 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-18 20:44:30,618 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-18 20:44:30,618 INFO L85 PathProgramCache]: Analyzing trace with hash 329760614, now seen corresponding path program 3 times [2022-11-18 20:44:30,619 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-18 20:44:30,619 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1643989872] [2022-11-18 20:44:30,619 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-18 20:44:30,619 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:44:30,619 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat [2022-11-18 20:44:30,620 INFO L229 MonitoredProcess]: Starting monitored process 63 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-18 20:44:30,621 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (63)] Waiting until timeout for monitored process [2022-11-18 20:44:31,398 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-18 20:44:31,399 INFO L229 tOrderPrioritization]: Conjunction of SSA is sat [2022-11-18 20:44:31,399 INFO L356 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-11-18 20:44:31,722 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-11-18 20:44:31,824 INFO L130 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-11-18 20:44:31,824 INFO L359 BasicCegarLoop]: Counterexample is feasible [2022-11-18 20:44:31,825 INFO L805 garLoopResultBuilder]: Registering result UNSAFE for location ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK (2 of 3 remaining) [2022-11-18 20:44:31,827 INFO L805 garLoopResultBuilder]: Registering result UNKNOWN for location ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE (1 of 3 remaining) [2022-11-18 20:44:31,827 INFO L805 garLoopResultBuilder]: Registering result UNKNOWN for location ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE (0 of 3 remaining) [2022-11-18 20:44:31,849 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (63)] Forceful destruction successful, exit code 0 [2022-11-18 20:44:32,044 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 63 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_c485233b-450c-49c2-a416-d8fb162e3cd3/bin/uautomizer-TMbwUNV5ro/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-18 20:44:32,047 INFO L444 BasicCegarLoop]: Path program histogram: [17, 9, 3, 1, 1, 1, 1, 1, 1] [2022-11-18 20:44:32,049 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-18 20:44:32,103 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 18.11 08:44:32 BoogieIcfgContainer [2022-11-18 20:44:32,104 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-18 20:44:32,104 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-18 20:44:32,104 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-18 20:44:32,104 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-18 20:44:32,105 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 18.11 08:37:50" (3/4) ... [2022-11-18 20:44:32,108 INFO L140 WitnessPrinter]: No result that supports witness generation found [2022-11-18 20:44:32,108 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-18 20:44:32,108 INFO L158 Benchmark]: Toolchain (without parser) took 403075.04ms. Allocated memory was 67.1MB in the beginning and 132.1MB in the end (delta: 65.0MB). Free memory was 48.0MB in the beginning and 50.8MB in the end (delta: -2.8MB). Peak memory consumption was 61.6MB. Max. memory is 16.1GB. [2022-11-18 20:44:32,109 INFO L158 Benchmark]: CDTParser took 0.23ms. Allocated memory is still 67.1MB. Free memory is still 48.6MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-18 20:44:32,109 INFO L158 Benchmark]: CACSL2BoogieTranslator took 935.78ms. Allocated memory is still 67.1MB. Free memory was 47.7MB in the beginning and 33.2MB in the end (delta: 14.5MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. [2022-11-18 20:44:32,109 INFO L158 Benchmark]: Boogie Procedure Inliner took 83.83ms. Allocated memory is still 67.1MB. Free memory was 33.0MB in the beginning and 48.3MB in the end (delta: -15.3MB). Peak memory consumption was 5.7MB. Max. memory is 16.1GB. [2022-11-18 20:44:32,109 INFO L158 Benchmark]: Boogie Preprocessor took 42.21ms. Allocated memory is still 67.1MB. Free memory was 48.3MB in the beginning and 46.7MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-11-18 20:44:32,109 INFO L158 Benchmark]: RCFGBuilder took 596.80ms. Allocated memory is still 67.1MB. Free memory was 46.7MB in the beginning and 34.7MB in the end (delta: 12.1MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. [2022-11-18 20:44:32,109 INFO L158 Benchmark]: TraceAbstraction took 401390.17ms. Allocated memory was 67.1MB in the beginning and 132.1MB in the end (delta: 65.0MB). Free memory was 34.1MB in the beginning and 50.8MB in the end (delta: -16.7MB). Peak memory consumption was 48.3MB. Max. memory is 16.1GB. [2022-11-18 20:44:32,110 INFO L158 Benchmark]: Witness Printer took 4.09ms. Allocated memory is still 132.1MB. Free memory is still 50.8MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-18 20:44:32,110 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.23ms. Allocated memory is still 67.1MB. Free memory is still 48.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 935.78ms. Allocated memory is still 67.1MB. Free memory was 47.7MB in the beginning and 33.2MB in the end (delta: 14.5MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 83.83ms. Allocated memory is still 67.1MB. Free memory was 33.0MB in the beginning and 48.3MB in the end (delta: -15.3MB). Peak memory consumption was 5.7MB. Max. memory is 16.1GB. * Boogie Preprocessor took 42.21ms. Allocated memory is still 67.1MB. Free memory was 48.3MB in the beginning and 46.7MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 596.80ms. Allocated memory is still 67.1MB. Free memory was 46.7MB in the beginning and 34.7MB in the end (delta: 12.1MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. * TraceAbstraction took 401390.17ms. Allocated memory was 67.1MB in the beginning and 132.1MB in the end (delta: 65.0MB). Free memory was 34.1MB in the beginning and 50.8MB in the end (delta: -16.7MB). Peak memory consumption was 48.3MB. Max. memory is 16.1GB. * Witness Printer took 4.09ms. Allocated memory is still 132.1MB. Free memory is still 50.8MB. There was no memory consumed. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - UnprovableResult [Line: 772]: Unable to prove that all allocated memory was freed Unable to prove that all allocated memory was freed Reason: overapproximation of memtrack at line 772. Possible FailurePath: [L569] struct ldv_list_head ldv_global_msg_list = { &(ldv_global_msg_list), &(ldv_global_msg_list) }; VAL [ldv_global_msg_list={1:0}] [L773] CALL entry_point() [L761] int len = 10; VAL [ldv_global_msg_list={1:0}, len=10] [L762] CALL, EXPR ldv_malloc(sizeof(struct A18*)*len) VAL [\old(size)=40, ldv_global_msg_list={1:0}] [L526] COND TRUE __VERIFIER_nondet_int() [L527] return malloc(size); [L762] RET, EXPR ldv_malloc(sizeof(struct A18*)*len) VAL [ldv_global_msg_list={1:0}, ldv_malloc(sizeof(struct A18*)*len)={10:0}, len=10] [L762] struct A18 **array = (struct A18 **)ldv_malloc(sizeof(struct A18*)*len); [L763] struct A18 *p; [L764] int i=0; VAL [array={10:0}, i=0, ldv_global_msg_list={1:0}, len=10] [L765] COND FALSE !(!array) VAL [array={10:0}, i=0, ldv_global_msg_list={1:0}, len=10] [L766] COND TRUE i