./Ultimate.py --spec ../../sv-benchmarks/c/properties/valid-memsafety.prp --file ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for memory safety (deref-memtrack) Using default analysis Version 6b4ec56b Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/config/AutomizerMemDerefMemtrack.xml -i ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-6b4ec56 [2022-11-20 11:27:37,974 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-20 11:27:37,977 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-20 11:27:38,022 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-20 11:27:38,022 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-20 11:27:38,026 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-20 11:27:38,028 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-20 11:27:38,032 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-20 11:27:38,034 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-20 11:27:38,039 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-20 11:27:38,041 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-20 11:27:38,043 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-20 11:27:38,044 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-20 11:27:38,046 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-20 11:27:38,048 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-20 11:27:38,050 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-20 11:27:38,052 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-20 11:27:38,053 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-20 11:27:38,059 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-20 11:27:38,067 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-20 11:27:38,069 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-20 11:27:38,071 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-20 11:27:38,072 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-20 11:27:38,074 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-20 11:27:38,086 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-20 11:27:38,087 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-20 11:27:38,087 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-20 11:27:38,089 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-20 11:27:38,090 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-20 11:27:38,091 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-20 11:27:38,091 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-20 11:27:38,092 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-20 11:27:38,094 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-20 11:27:38,095 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-20 11:27:38,096 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-20 11:27:38,097 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-20 11:27:38,097 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-20 11:27:38,098 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-20 11:27:38,098 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-20 11:27:38,099 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-20 11:27:38,100 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-20 11:27:38,101 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Default.epf [2022-11-20 11:27:38,143 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-20 11:27:38,143 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-20 11:27:38,144 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-20 11:27:38,144 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-20 11:27:38,145 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-20 11:27:38,145 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-20 11:27:38,146 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-20 11:27:38,146 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-20 11:27:38,146 INFO L138 SettingsManager]: * Use SBE=true [2022-11-20 11:27:38,147 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-20 11:27:38,148 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-20 11:27:38,148 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-11-20 11:27:38,148 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-20 11:27:38,148 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-20 11:27:38,149 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-20 11:27:38,149 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-11-20 11:27:38,149 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-11-20 11:27:38,149 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-11-20 11:27:38,150 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-20 11:27:38,150 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-11-20 11:27:38,150 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-20 11:27:38,150 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-20 11:27:38,151 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-20 11:27:38,151 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-20 11:27:38,151 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-20 11:27:38,151 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-20 11:27:38,152 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-20 11:27:38,152 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-20 11:27:38,152 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-11-20 11:27:38,152 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-11-20 11:27:38,152 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2022-11-20 11:27:38,460 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-20 11:27:38,485 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-20 11:27:38,489 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-20 11:27:38,491 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-20 11:27:38,492 INFO L275 PluginConnector]: CDTParser initialized [2022-11-20 11:27:38,493 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-20 11:27:41,638 INFO L500 CDTParser]: Created temporary CDT project at NULL [2022-11-20 11:27:41,910 INFO L351 CDTParser]: Found 1 translation units. [2022-11-20 11:27:41,910 INFO L172 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-20 11:27:41,930 INFO L394 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data/11764c126/277bd03e17304897b888017002d602d4/FLAG6d26a37fd [2022-11-20 11:27:41,945 INFO L402 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data/11764c126/277bd03e17304897b888017002d602d4 [2022-11-20 11:27:41,948 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-20 11:27:41,950 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-20 11:27:41,951 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-20 11:27:41,952 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-20 11:27:41,956 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-20 11:27:41,956 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 11:27:41" (1/1) ... [2022-11-20 11:27:41,958 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7aba00be and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:41, skipping insertion in model container [2022-11-20 11:27:41,958 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 11:27:41" (1/1) ... [2022-11-20 11:27:41,966 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-20 11:27:42,035 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-20 11:27:42,558 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 11:27:42,582 ERROR L326 MainTranslator]: Unsupported Syntax: Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) [2022-11-20 11:27:42,583 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.CACSL2BoogieTranslatorObserver@2bdac99d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:42, skipping insertion in model container [2022-11-20 11:27:42,584 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-20 11:27:42,585 INFO L184 ToolchainWalker]: Toolchain execution was canceled (user or tool) before executing de.uni_freiburg.informatik.ultimate.boogie.procedureinliner [2022-11-20 11:27:42,587 INFO L158 Benchmark]: Toolchain (without parser) took 635.79ms. Allocated memory is still 148.9MB. Free memory was 103.8MB in the beginning and 90.0MB in the end (delta: 13.7MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. [2022-11-20 11:27:42,587 INFO L158 Benchmark]: CDTParser took 0.31ms. Allocated memory is still 148.9MB. Free memory is still 95.0MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-20 11:27:42,588 INFO L158 Benchmark]: CACSL2BoogieTranslator took 633.17ms. Allocated memory is still 148.9MB. Free memory was 103.3MB in the beginning and 90.0MB in the end (delta: 13.3MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. [2022-11-20 11:27:42,591 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.31ms. Allocated memory is still 148.9MB. Free memory is still 95.0MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 633.17ms. Allocated memory is still 148.9MB. Free memory was 103.3MB in the beginning and 90.0MB in the end (delta: 13.3MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - UnsupportedSyntaxResult [Line: 576]: Unsupported Syntax Found a cast between two array/pointer types of different sizes while using memory model HoenickeLindenmann_Original (while Not using bitvector translation) RESULT: Ultimate could not prove your program: Toolchain returned no result. Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Dosgi.configuration.area=/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data/config -Xmx15G -Xms4m -jar /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data -tc /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/config/AutomizerMemDerefMemtrack.xml -i ../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i -s /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 --- Real Ultimate output --- [0.001s][warning][os,container] Duplicate cpuset controllers detected. Picking /sys/fs/cgroup/cpuset, skipping /sys/fs/cgroup/cpuset. This is Ultimate 0.2.2-dev-6b4ec56 [2022-11-20 11:27:44,872 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-11-20 11:27:44,874 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-11-20 11:27:44,903 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-11-20 11:27:44,903 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-11-20 11:27:44,905 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-11-20 11:27:44,906 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-11-20 11:27:44,917 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-11-20 11:27:44,919 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-11-20 11:27:44,926 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-11-20 11:27:44,927 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-11-20 11:27:44,929 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-11-20 11:27:44,930 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-11-20 11:27:44,936 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-11-20 11:27:44,940 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-11-20 11:27:44,945 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-11-20 11:27:44,947 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-11-20 11:27:44,947 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-11-20 11:27:44,950 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-11-20 11:27:44,955 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-11-20 11:27:44,956 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-11-20 11:27:44,962 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-11-20 11:27:44,963 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-11-20 11:27:44,965 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-11-20 11:27:44,971 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-11-20 11:27:44,976 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-11-20 11:27:44,976 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-11-20 11:27:44,978 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-11-20 11:27:44,979 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-11-20 11:27:44,980 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-11-20 11:27:44,981 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-11-20 11:27:44,983 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-11-20 11:27:44,985 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-11-20 11:27:44,986 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-11-20 11:27:44,987 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-11-20 11:27:45,014 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-11-20 11:27:45,015 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-11-20 11:27:45,015 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-11-20 11:27:45,015 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-11-20 11:27:45,016 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-11-20 11:27:45,017 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-11-20 11:27:45,018 INFO L101 SettingsManager]: Beginning loading settings from /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/config/svcomp-DerefFreeMemtrack-32bit-Automizer_Bitvector.epf [2022-11-20 11:27:45,059 INFO L113 SettingsManager]: Loading preferences was successful [2022-11-20 11:27:45,060 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-11-20 11:27:45,061 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-11-20 11:27:45,062 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-11-20 11:27:45,063 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-11-20 11:27:45,063 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-11-20 11:27:45,064 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-11-20 11:27:45,064 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-11-20 11:27:45,065 INFO L138 SettingsManager]: * Use SBE=true [2022-11-20 11:27:45,065 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-11-20 11:27:45,066 INFO L138 SettingsManager]: * sizeof long=4 [2022-11-20 11:27:45,067 INFO L138 SettingsManager]: * Check unreachability of error function in SV-COMP mode=false [2022-11-20 11:27:45,067 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-11-20 11:27:45,067 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-11-20 11:27:45,068 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-11-20 11:27:45,068 INFO L138 SettingsManager]: * Check for the main procedure if all allocated memory was freed=true [2022-11-20 11:27:45,068 INFO L138 SettingsManager]: * Bitprecise bitfields=true [2022-11-20 11:27:45,069 INFO L138 SettingsManager]: * SV-COMP memtrack compatibility mode=true [2022-11-20 11:27:45,069 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-11-20 11:27:45,069 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-11-20 11:27:45,070 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-11-20 11:27:45,070 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-11-20 11:27:45,070 INFO L138 SettingsManager]: * sizeof long double=12 [2022-11-20 11:27:45,071 INFO L138 SettingsManager]: * Use constant arrays=true [2022-11-20 11:27:45,071 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-11-20 11:27:45,071 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-11-20 11:27:45,071 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-11-20 11:27:45,072 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-20 11:27:45,072 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-11-20 11:27:45,072 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-11-20 11:27:45,073 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-11-20 11:27:45,073 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-11-20 11:27:45,073 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-11-20 11:27:45,074 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G valid-free) ) CHECK( init(main()), LTL(G valid-deref) ) CHECK( init(main()), LTL(G valid-memtrack) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1df58a12292e53aa25870e709e17978d63a0e61d4dd56fb439981d66ecb6b925 [2022-11-20 11:27:45,534 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-11-20 11:27:45,566 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-11-20 11:27:45,569 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-11-20 11:27:45,570 INFO L271 PluginConnector]: Initializing CDTParser... [2022-11-20 11:27:45,571 INFO L275 PluginConnector]: CDTParser initialized [2022-11-20 11:27:45,572 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/../../sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-20 11:27:48,639 INFO L500 CDTParser]: Created temporary CDT project at NULL [2022-11-20 11:27:48,929 INFO L351 CDTParser]: Found 1 translation units. [2022-11-20 11:27:48,930 INFO L172 CDTParser]: Scanning /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/sv-benchmarks/c/ldv-memsafety/memleaks_test18_3.i [2022-11-20 11:27:48,945 INFO L394 CDTParser]: About to delete temporary CDT project at /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data/c52b378c1/7a4cbdaee0c447488e0c15ce5ba7fb52/FLAGcb70ec571 [2022-11-20 11:27:48,969 INFO L402 CDTParser]: Successfully deleted /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/data/c52b378c1/7a4cbdaee0c447488e0c15ce5ba7fb52 [2022-11-20 11:27:48,974 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-11-20 11:27:48,984 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-11-20 11:27:48,985 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-11-20 11:27:48,985 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-11-20 11:27:48,989 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-11-20 11:27:48,989 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 11:27:48" (1/1) ... [2022-11-20 11:27:48,991 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@5c3187b1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:48, skipping insertion in model container [2022-11-20 11:27:48,991 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.11 11:27:48" (1/1) ... [2022-11-20 11:27:49,002 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-11-20 11:27:49,059 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-20 11:27:49,486 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 11:27:49,505 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-11-20 11:27:49,513 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-11-20 11:27:49,554 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 11:27:49,561 INFO L203 MainTranslator]: Completed pre-run [2022-11-20 11:27:49,640 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-11-20 11:27:49,742 INFO L208 MainTranslator]: Completed translation [2022-11-20 11:27:49,742 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49 WrapperNode [2022-11-20 11:27:49,743 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-11-20 11:27:49,744 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-11-20 11:27:49,745 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-11-20 11:27:49,745 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-11-20 11:27:49,753 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,788 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,821 INFO L138 Inliner]: procedures = 165, calls = 70, calls flagged for inlining = 21, calls inlined = 3, statements flattened = 31 [2022-11-20 11:27:49,822 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-11-20 11:27:49,823 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-11-20 11:27:49,823 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-11-20 11:27:49,823 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-11-20 11:27:49,833 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,834 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,847 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,848 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,860 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,868 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,874 INFO L185 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,878 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,883 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-11-20 11:27:49,884 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-11-20 11:27:49,891 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-11-20 11:27:49,891 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-11-20 11:27:49,892 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (1/1) ... [2022-11-20 11:27:49,900 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-11-20 11:27:49,915 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/z3 [2022-11-20 11:27:49,935 INFO L229 MonitoredProcess]: Starting monitored process 1 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-11-20 11:27:49,954 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-11-20 11:27:49,995 INFO L130 BoogieDeclarations]: Found specification of procedure ldv_malloc [2022-11-20 11:27:49,995 INFO L138 BoogieDeclarations]: Found implementation of procedure ldv_malloc [2022-11-20 11:27:49,995 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocOnHeap [2022-11-20 11:27:49,995 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-11-20 11:27:49,996 INFO L130 BoogieDeclarations]: Found specification of procedure write~$Pointer$ [2022-11-20 11:27:49,996 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~$Pointer$ [2022-11-20 11:27:49,996 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-11-20 11:27:49,996 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-11-20 11:27:50,212 INFO L235 CfgBuilder]: Building ICFG [2022-11-20 11:27:50,228 INFO L261 CfgBuilder]: Building CFG for each procedure with an implementation [2022-11-20 11:27:50,388 INFO L276 CfgBuilder]: Performing block encoding [2022-11-20 11:27:50,394 INFO L295 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-11-20 11:27:50,398 INFO L300 CfgBuilder]: Removed 1 assume(true) statements. [2022-11-20 11:27:50,408 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 11:27:50 BoogieIcfgContainer [2022-11-20 11:27:50,408 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-11-20 11:27:50,410 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-11-20 11:27:50,412 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-11-20 11:27:50,415 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-11-20 11:27:50,415 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.11 11:27:48" (1/3) ... [2022-11-20 11:27:50,418 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@18f80f1e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.11 11:27:50, skipping insertion in model container [2022-11-20 11:27:50,418 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.11 11:27:49" (2/3) ... [2022-11-20 11:27:50,419 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@18f80f1e and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.11 11:27:50, skipping insertion in model container [2022-11-20 11:27:50,419 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 11:27:50" (3/3) ... [2022-11-20 11:27:50,421 INFO L112 eAbstractionObserver]: Analyzing ICFG memleaks_test18_3.i [2022-11-20 11:27:50,441 INFO L203 ceAbstractionStarter]: Automizer settings: Hoare:false NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-11-20 11:27:50,442 INFO L162 ceAbstractionStarter]: Applying trace abstraction to program that has 3 error locations. [2022-11-20 11:27:50,518 INFO L356 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-11-20 11:27:50,526 INFO L357 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=false, mAutomataTypeConcurrency=FINITE_AUTOMATA, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=All, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@1049dbe8, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2022-11-20 11:27:50,545 INFO L358 AbstractCegarLoop]: Starting to check reachability of 3 error locations. [2022-11-20 11:27:50,550 INFO L276 IsEmpty]: Start isEmpty. Operand has 21 states, 14 states have (on average 1.5) internal successors, (21), 17 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 11:27:50,558 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-11-20 11:27:50,559 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:27:50,561 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:27:50,561 INFO L420 AbstractCegarLoop]: === Iteration 1 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:27:50,569 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:27:50,569 INFO L85 PathProgramCache]: Analyzing trace with hash -74700687, now seen corresponding path program 1 times [2022-11-20 11:27:50,584 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:27:50,584 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [333178541] [2022-11-20 11:27:50,585 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:27:50,585 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:50,586 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:27:50,595 INFO L229 MonitoredProcess]: Starting monitored process 2 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:27:50,638 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-11-20 11:27:50,728 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:27:50,733 INFO L263 TraceCheckSpWp]: Trace formula consists of 42 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-20 11:27:50,738 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:27:50,844 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-20 11:27:50,844 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-20 11:27:50,845 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:27:50,845 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [333178541] [2022-11-20 11:27:50,846 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [333178541] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 11:27:50,846 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 11:27:50,846 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-20 11:27:50,848 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [710590671] [2022-11-20 11:27:50,849 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 11:27:50,853 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-20 11:27:50,853 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:27:50,886 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-20 11:27:50,887 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-20 11:27:50,889 INFO L87 Difference]: Start difference. First operand has 21 states, 14 states have (on average 1.5) internal successors, (21), 17 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Second operand has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-20 11:27:50,977 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:27:50,978 INFO L93 Difference]: Finished difference Result 37 states and 43 transitions. [2022-11-20 11:27:50,980 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-20 11:27:50,981 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-11-20 11:27:50,982 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:27:50,989 INFO L225 Difference]: With dead ends: 37 [2022-11-20 11:27:50,989 INFO L226 Difference]: Without dead ends: 33 [2022-11-20 11:27:50,991 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-20 11:27:50,995 INFO L413 NwaCegarLoop]: 24 mSDtfsCounter, 12 mSDsluCounter, 59 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 14 SdHoareTripleChecker+Valid, 83 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 11:27:50,996 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [14 Valid, 83 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 11:27:51,015 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 33 states. [2022-11-20 11:27:51,033 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 33 to 23. [2022-11-20 11:27:51,034 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 23 states, 16 states have (on average 1.3125) internal successors, (21), 18 states have internal predecessors, (21), 2 states have call successors, (2), 1 states have call predecessors, (2), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2022-11-20 11:27:51,036 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 23 states to 23 states and 27 transitions. [2022-11-20 11:27:51,037 INFO L78 Accepts]: Start accepts. Automaton has 23 states and 27 transitions. Word has length 11 [2022-11-20 11:27:51,037 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:27:51,038 INFO L495 AbstractCegarLoop]: Abstraction has 23 states and 27 transitions. [2022-11-20 11:27:51,038 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 1.8) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-20 11:27:51,038 INFO L276 IsEmpty]: Start isEmpty. Operand 23 states and 27 transitions. [2022-11-20 11:27:51,040 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 12 [2022-11-20 11:27:51,040 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:27:51,040 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:27:51,057 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-11-20 11:27:51,252 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:51,253 INFO L420 AbstractCegarLoop]: === Iteration 2 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:27:51,253 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:27:51,253 INFO L85 PathProgramCache]: Analyzing trace with hash 812802994, now seen corresponding path program 1 times [2022-11-20 11:27:51,254 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:27:51,254 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2145879641] [2022-11-20 11:27:51,254 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:27:51,254 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:51,255 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:27:51,256 INFO L229 MonitoredProcess]: Starting monitored process 3 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:27:51,260 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-11-20 11:27:51,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:27:51,311 INFO L263 TraceCheckSpWp]: Trace formula consists of 36 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-20 11:27:51,313 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:27:51,348 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-20 11:27:51,348 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-20 11:27:51,349 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:27:51,349 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2145879641] [2022-11-20 11:27:51,349 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2145879641] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 11:27:51,349 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 11:27:51,350 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-11-20 11:27:51,350 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [343065766] [2022-11-20 11:27:51,350 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 11:27:51,352 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-20 11:27:51,352 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:27:51,354 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-20 11:27:51,354 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-20 11:27:51,355 INFO L87 Difference]: Start difference. First operand 23 states and 27 transitions. Second operand has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-20 11:27:51,450 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:27:51,450 INFO L93 Difference]: Finished difference Result 32 states and 38 transitions. [2022-11-20 11:27:51,451 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-20 11:27:51,451 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 11 [2022-11-20 11:27:51,452 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:27:51,452 INFO L225 Difference]: With dead ends: 32 [2022-11-20 11:27:51,453 INFO L226 Difference]: Without dead ends: 30 [2022-11-20 11:27:51,453 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 10 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-11-20 11:27:51,455 INFO L413 NwaCegarLoop]: 32 mSDtfsCounter, 8 mSDsluCounter, 34 mSDsCounter, 0 mSdLazyCounter, 26 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 66 SdHoareTripleChecker+Invalid, 28 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 26 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 11:27:51,455 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 66 Invalid, 28 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 26 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 11:27:51,456 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 30 states. [2022-11-20 11:27:51,460 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 30 to 28. [2022-11-20 11:27:51,461 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 28 states, 20 states have (on average 1.3) internal successors, (26), 22 states have internal predecessors, (26), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2022-11-20 11:27:51,462 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 28 states to 28 states and 35 transitions. [2022-11-20 11:27:51,462 INFO L78 Accepts]: Start accepts. Automaton has 28 states and 35 transitions. Word has length 11 [2022-11-20 11:27:51,462 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:27:51,463 INFO L495 AbstractCegarLoop]: Abstraction has 28 states and 35 transitions. [2022-11-20 11:27:51,463 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 3 states have (on average 3.0) internal successors, (9), 4 states have internal predecessors, (9), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-20 11:27:51,463 INFO L276 IsEmpty]: Start isEmpty. Operand 28 states and 35 transitions. [2022-11-20 11:27:51,464 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 13 [2022-11-20 11:27:51,464 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:27:51,464 INFO L195 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:27:51,483 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-11-20 11:27:51,675 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:51,675 INFO L420 AbstractCegarLoop]: === Iteration 3 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:27:51,676 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:27:51,676 INFO L85 PathProgramCache]: Analyzing trace with hash 1979292102, now seen corresponding path program 1 times [2022-11-20 11:27:51,676 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:27:51,677 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [292767886] [2022-11-20 11:27:51,677 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:27:51,677 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:51,677 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:27:51,681 INFO L229 MonitoredProcess]: Starting monitored process 4 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:27:51,682 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-11-20 11:27:51,784 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:27:51,800 INFO L263 TraceCheckSpWp]: Trace formula consists of 42 conjuncts, 3 conjunts are in the unsatisfiable core [2022-11-20 11:27:51,801 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:27:51,887 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-20 11:27:51,887 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-20 11:27:51,888 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:27:51,888 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [292767886] [2022-11-20 11:27:51,888 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [292767886] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 11:27:51,888 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 11:27:51,889 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-11-20 11:27:51,889 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1625673398] [2022-11-20 11:27:51,889 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 11:27:51,890 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-11-20 11:27:51,890 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:27:51,890 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-11-20 11:27:51,891 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2022-11-20 11:27:51,891 INFO L87 Difference]: Start difference. First operand 28 states and 35 transitions. Second operand has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-20 11:27:51,960 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:27:51,960 INFO L93 Difference]: Finished difference Result 40 states and 53 transitions. [2022-11-20 11:27:51,961 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-11-20 11:27:51,961 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 12 [2022-11-20 11:27:51,961 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:27:51,962 INFO L225 Difference]: With dead ends: 40 [2022-11-20 11:27:51,962 INFO L226 Difference]: Without dead ends: 40 [2022-11-20 11:27:51,963 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=6, Invalid=6, Unknown=0, NotChecked=0, Total=12 [2022-11-20 11:27:51,964 INFO L413 NwaCegarLoop]: 17 mSDtfsCounter, 17 mSDsluCounter, 16 mSDsCounter, 0 mSdLazyCounter, 15 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 33 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 15 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 11:27:51,965 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 33 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 15 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 11:27:51,966 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2022-11-20 11:27:51,970 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 29. [2022-11-20 11:27:51,970 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 29 states, 21 states have (on average 1.2857142857142858) internal successors, (27), 23 states have internal predecessors, (27), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (6), 4 states have call predecessors, (6), 3 states have call successors, (6) [2022-11-20 11:27:51,971 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 29 states to 29 states and 36 transitions. [2022-11-20 11:27:51,971 INFO L78 Accepts]: Start accepts. Automaton has 29 states and 36 transitions. Word has length 12 [2022-11-20 11:27:51,971 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:27:51,972 INFO L495 AbstractCegarLoop]: Abstraction has 29 states and 36 transitions. [2022-11-20 11:27:51,972 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 2.5) internal successors, (10), 4 states have internal predecessors, (10), 1 states have call successors, (1), 1 states have call predecessors, (1), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-11-20 11:27:51,972 INFO L276 IsEmpty]: Start isEmpty. Operand 29 states and 36 transitions. [2022-11-20 11:27:51,973 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-20 11:27:51,973 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:27:51,973 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:27:51,985 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-11-20 11:27:52,184 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:52,185 INFO L420 AbstractCegarLoop]: === Iteration 4 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:27:52,185 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:27:52,185 INFO L85 PathProgramCache]: Analyzing trace with hash -938120081, now seen corresponding path program 1 times [2022-11-20 11:27:52,186 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:27:52,186 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1736679949] [2022-11-20 11:27:52,186 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:27:52,186 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:52,187 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:27:52,193 INFO L229 MonitoredProcess]: Starting monitored process 5 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:27:52,195 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-11-20 11:27:52,258 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:27:52,260 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 9 conjunts are in the unsatisfiable core [2022-11-20 11:27:52,263 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:27:52,299 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:27:52,382 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_10 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_10))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:27:52,435 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:27:52,436 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:27:52,450 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-20 11:27:52,450 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:27:52,682 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 2 proven. 2 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-20 11:27:52,683 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:27:52,683 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1736679949] [2022-11-20 11:27:52,683 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1736679949] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-20 11:27:52,683 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:27:52,683 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 5] total 7 [2022-11-20 11:27:52,684 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [993351932] [2022-11-20 11:27:52,684 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:27:52,684 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-20 11:27:52,684 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:27:52,685 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-20 11:27:52,685 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=31, Unknown=1, NotChecked=10, Total=56 [2022-11-20 11:27:52,685 INFO L87 Difference]: Start difference. First operand 29 states and 36 transitions. Second operand has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-20 11:27:52,838 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:27:52,838 INFO L93 Difference]: Finished difference Result 36 states and 46 transitions. [2022-11-20 11:27:52,839 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-11-20 11:27:52,839 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-11-20 11:27:52,839 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:27:52,840 INFO L225 Difference]: With dead ends: 36 [2022-11-20 11:27:52,840 INFO L226 Difference]: Without dead ends: 36 [2022-11-20 11:27:52,841 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 33 GetRequests, 24 SyntacticMatches, 2 SemanticMatches, 7 ConstructedPredicates, 1 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=18, Invalid=41, Unknown=1, NotChecked=12, Total=72 [2022-11-20 11:27:52,842 INFO L413 NwaCegarLoop]: 18 mSDtfsCounter, 8 mSDsluCounter, 36 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 8 SdHoareTripleChecker+Valid, 54 SdHoareTripleChecker+Invalid, 100 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 42 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 11:27:52,842 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [8 Valid, 54 Invalid, 100 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 55 Invalid, 0 Unknown, 42 Unchecked, 0.1s Time] [2022-11-20 11:27:52,843 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 36 states. [2022-11-20 11:27:52,847 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 36 to 35. [2022-11-20 11:27:52,847 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 35 states, 26 states have (on average 1.3076923076923077) internal successors, (34), 27 states have internal predecessors, (34), 4 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (8), 6 states have call predecessors, (8), 4 states have call successors, (8) [2022-11-20 11:27:52,848 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 35 states to 35 states and 46 transitions. [2022-11-20 11:27:52,848 INFO L78 Accepts]: Start accepts. Automaton has 35 states and 46 transitions. Word has length 17 [2022-11-20 11:27:52,849 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:27:52,849 INFO L495 AbstractCegarLoop]: Abstraction has 35 states and 46 transitions. [2022-11-20 11:27:52,849 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 7 states have (on average 2.2857142857142856) internal successors, (16), 7 states have internal predecessors, (16), 2 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-20 11:27:52,849 INFO L276 IsEmpty]: Start isEmpty. Operand 35 states and 46 transitions. [2022-11-20 11:27:52,850 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-20 11:27:52,850 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:27:52,850 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:27:52,870 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-11-20 11:27:53,062 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:53,062 INFO L420 AbstractCegarLoop]: === Iteration 5 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:27:53,063 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:27:53,063 INFO L85 PathProgramCache]: Analyzing trace with hash -938120080, now seen corresponding path program 1 times [2022-11-20 11:27:53,063 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:27:53,064 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1931788007] [2022-11-20 11:27:53,064 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:27:53,064 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:53,064 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:27:53,065 INFO L229 MonitoredProcess]: Starting monitored process 6 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:27:53,072 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-11-20 11:27:53,136 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:27:53,139 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 20 conjunts are in the unsatisfiable core [2022-11-20 11:27:53,143 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:27:53,184 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:27:53,203 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:27:53,415 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_21 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_21) |c_#length|)))) is different from true [2022-11-20 11:27:53,453 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:27:53,481 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:27:53,497 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:27:53,498 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:27:53,533 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-20 11:27:53,533 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:27:56,113 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:27:56,113 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1931788007] [2022-11-20 11:27:56,114 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1931788007] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:27:56,114 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [511620272] [2022-11-20 11:27:56,114 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:27:56,114 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:27:56,114 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:27:56,124 INFO L229 MonitoredProcess]: Starting monitored process 7 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:27:56,156 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (7)] Waiting until timeout for monitored process [2022-11-20 11:27:56,267 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:27:56,270 INFO L263 TraceCheckSpWp]: Trace formula consists of 61 conjuncts, 20 conjunts are in the unsatisfiable core [2022-11-20 11:27:56,275 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:27:56,300 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:27:56,312 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:27:56,412 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_31 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_31) |c_#length|)))) is different from true [2022-11-20 11:27:56,450 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:27:56,452 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:27:56,465 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:27:56,465 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:27:56,483 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 1 proven. 1 refuted. 0 times theorem prover too weak. 0 trivial. 2 not checked. [2022-11-20 11:27:56,483 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:27:58,817 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [511620272] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:27:58,817 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:27:58,817 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [9, 9] total 10 [2022-11-20 11:27:58,818 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [865517126] [2022-11-20 11:27:58,818 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:27:58,818 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 11 states [2022-11-20 11:27:58,818 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:27:58,819 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 11 interpolants. [2022-11-20 11:27:58,819 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=89, Unknown=2, NotChecked=38, Total=156 [2022-11-20 11:27:58,819 INFO L87 Difference]: Start difference. First operand 35 states and 46 transitions. Second operand has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-20 11:27:59,255 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:27:59,255 INFO L93 Difference]: Finished difference Result 43 states and 54 transitions. [2022-11-20 11:27:59,256 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-11-20 11:27:59,257 INFO L78 Accepts]: Start accepts. Automaton has has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 17 [2022-11-20 11:27:59,257 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:27:59,258 INFO L225 Difference]: With dead ends: 43 [2022-11-20 11:27:59,258 INFO L226 Difference]: Without dead ends: 43 [2022-11-20 11:27:59,259 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 40 GetRequests, 26 SyntacticMatches, 1 SemanticMatches, 13 ConstructedPredicates, 2 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 4.8s TimeCoverageRelationStatistics Valid=35, Invalid=127, Unknown=2, NotChecked=46, Total=210 [2022-11-20 11:27:59,260 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 17 mSDsluCounter, 76 mSDsCounter, 0 mSdLazyCounter, 145 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 99 SdHoareTripleChecker+Invalid, 217 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 145 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 66 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-20 11:27:59,260 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 99 Invalid, 217 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 145 Invalid, 0 Unknown, 66 Unchecked, 0.3s Time] [2022-11-20 11:27:59,261 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 43 states. [2022-11-20 11:27:59,267 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 43 to 38. [2022-11-20 11:27:59,267 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 38 states, 28 states have (on average 1.2857142857142858) internal successors, (36), 29 states have internal predecessors, (36), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (10), 7 states have call predecessors, (10), 5 states have call successors, (10) [2022-11-20 11:27:59,268 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 38 states to 38 states and 51 transitions. [2022-11-20 11:27:59,268 INFO L78 Accepts]: Start accepts. Automaton has 38 states and 51 transitions. Word has length 17 [2022-11-20 11:27:59,269 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:27:59,269 INFO L495 AbstractCegarLoop]: Abstraction has 38 states and 51 transitions. [2022-11-20 11:27:59,269 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 11 states, 9 states have (on average 1.6666666666666667) internal successors, (15), 10 states have internal predecessors, (15), 2 states have call successors, (2), 2 states have call predecessors, (2), 3 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-11-20 11:27:59,270 INFO L276 IsEmpty]: Start isEmpty. Operand 38 states and 51 transitions. [2022-11-20 11:27:59,270 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 18 [2022-11-20 11:27:59,271 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:27:59,271 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:27:59,282 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-11-20 11:27:59,484 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (7)] Forceful destruction successful, exit code 0 [2022-11-20 11:27:59,682 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,7 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:27:59,683 INFO L420 AbstractCegarLoop]: === Iteration 6 === Targeting ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:27:59,684 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:27:59,684 INFO L85 PathProgramCache]: Analyzing trace with hash -1231523088, now seen corresponding path program 1 times [2022-11-20 11:27:59,684 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:27:59,684 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [702540766] [2022-11-20 11:27:59,684 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:27:59,685 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:27:59,685 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:27:59,686 INFO L229 MonitoredProcess]: Starting monitored process 8 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:27:59,691 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-11-20 11:27:59,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:27:59,741 INFO L263 TraceCheckSpWp]: Trace formula consists of 55 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-20 11:27:59,742 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:27:59,800 INFO L134 CoverageAnalysis]: Checked inductivity of 4 backedges. 4 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-11-20 11:27:59,801 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-11-20 11:27:59,801 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:27:59,801 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [702540766] [2022-11-20 11:27:59,801 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [702540766] provided 1 perfect and 0 imperfect interpolant sequences [2022-11-20 11:27:59,802 INFO L184 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-11-20 11:27:59,802 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-11-20 11:27:59,802 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1043967427] [2022-11-20 11:27:59,802 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-11-20 11:27:59,803 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-11-20 11:27:59,803 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:27:59,803 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-11-20 11:27:59,803 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-20 11:27:59,804 INFO L87 Difference]: Start difference. First operand 38 states and 51 transitions. Second operand has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 11:27:59,842 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:27:59,842 INFO L93 Difference]: Finished difference Result 26 states and 30 transitions. [2022-11-20 11:27:59,843 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-11-20 11:27:59,844 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 17 [2022-11-20 11:27:59,844 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:27:59,844 INFO L225 Difference]: With dead ends: 26 [2022-11-20 11:27:59,844 INFO L226 Difference]: Without dead ends: 24 [2022-11-20 11:27:59,845 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-11-20 11:27:59,846 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 0 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 79 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-11-20 11:27:59,846 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 79 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-11-20 11:27:59,847 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 24 states. [2022-11-20 11:27:59,849 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 24 to 24. [2022-11-20 11:27:59,849 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 24 states, 17 states have (on average 1.1764705882352942) internal successors, (20), 19 states have internal predecessors, (20), 3 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-20 11:27:59,850 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 24 states to 24 states and 28 transitions. [2022-11-20 11:27:59,850 INFO L78 Accepts]: Start accepts. Automaton has 24 states and 28 transitions. Word has length 17 [2022-11-20 11:27:59,851 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:27:59,851 INFO L495 AbstractCegarLoop]: Abstraction has 24 states and 28 transitions. [2022-11-20 11:27:59,851 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 2.6) internal successors, (13), 4 states have internal predecessors, (13), 2 states have call successors, (2), 2 states have call predecessors, (2), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-11-20 11:27:59,851 INFO L276 IsEmpty]: Start isEmpty. Operand 24 states and 28 transitions. [2022-11-20 11:27:59,852 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 22 [2022-11-20 11:27:59,852 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:27:59,852 INFO L195 NwaCegarLoop]: trace histogram [2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:27:59,876 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:00,077 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:00,077 INFO L420 AbstractCegarLoop]: === Iteration 7 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:00,078 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:00,078 INFO L85 PathProgramCache]: Analyzing trace with hash -1382319161, now seen corresponding path program 1 times [2022-11-20 11:28:00,078 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:00,078 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [188730237] [2022-11-20 11:28:00,079 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:28:00,079 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:00,079 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:00,080 INFO L229 MonitoredProcess]: Starting monitored process 9 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:00,118 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-11-20 11:28:00,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:28:00,155 INFO L263 TraceCheckSpWp]: Trace formula consists of 77 conjuncts, 4 conjunts are in the unsatisfiable core [2022-11-20 11:28:00,159 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:00,263 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-20 11:28:00,263 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:00,359 INFO L134 CoverageAnalysis]: Checked inductivity of 5 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 4 trivial. 0 not checked. [2022-11-20 11:28:00,359 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:00,359 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [188730237] [2022-11-20 11:28:00,359 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [188730237] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-20 11:28:00,359 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:00,359 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [5, 5] total 8 [2022-11-20 11:28:00,359 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [298687288] [2022-11-20 11:28:00,360 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:00,360 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-11-20 11:28:00,360 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:00,361 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-11-20 11:28:00,361 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-11-20 11:28:00,361 INFO L87 Difference]: Start difference. First operand 24 states and 28 transitions. Second operand has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-20 11:28:00,514 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:00,514 INFO L93 Difference]: Finished difference Result 38 states and 46 transitions. [2022-11-20 11:28:00,514 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-11-20 11:28:00,514 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) Word has length 21 [2022-11-20 11:28:00,515 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:00,515 INFO L225 Difference]: With dead ends: 38 [2022-11-20 11:28:00,515 INFO L226 Difference]: Without dead ends: 38 [2022-11-20 11:28:00,516 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=38, Invalid=52, Unknown=0, NotChecked=0, Total=90 [2022-11-20 11:28:00,517 INFO L413 NwaCegarLoop]: 20 mSDtfsCounter, 60 mSDsluCounter, 29 mSDsCounter, 0 mSdLazyCounter, 37 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 61 SdHoareTripleChecker+Valid, 49 SdHoareTripleChecker+Invalid, 50 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 37 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:00,517 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [61 Valid, 49 Invalid, 50 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 37 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-11-20 11:28:00,518 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 38 states. [2022-11-20 11:28:00,521 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 38 to 36. [2022-11-20 11:28:00,522 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1851851851851851) internal successors, (32), 29 states have internal predecessors, (32), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-20 11:28:00,532 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 46 transitions. [2022-11-20 11:28:00,532 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 46 transitions. Word has length 21 [2022-11-20 11:28:00,533 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:00,533 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 46 transitions. [2022-11-20 11:28:00,533 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 2.75) internal successors, (22), 8 states have internal predecessors, (22), 4 states have call successors, (4), 1 states have call predecessors, (4), 1 states have return successors, (4), 4 states have call predecessors, (4), 4 states have call successors, (4) [2022-11-20 11:28:00,533 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 46 transitions. [2022-11-20 11:28:00,534 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-11-20 11:28:00,534 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:00,534 INFO L195 NwaCegarLoop]: trace histogram [3, 3, 3, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:00,547 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (9)] Ended with exit code 0 [2022-11-20 11:28:00,743 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:00,743 INFO L420 AbstractCegarLoop]: === Iteration 8 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:00,744 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:00,744 INFO L85 PathProgramCache]: Analyzing trace with hash -704273649, now seen corresponding path program 1 times [2022-11-20 11:28:00,744 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:00,744 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1362395780] [2022-11-20 11:28:00,744 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:28:00,745 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:00,745 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:00,745 INFO L229 MonitoredProcess]: Starting monitored process 10 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:00,750 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-11-20 11:28:00,848 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:28:00,852 INFO L263 TraceCheckSpWp]: Trace formula consists of 96 conjuncts, 28 conjunts are in the unsatisfiable core [2022-11-20 11:28:00,856 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:00,881 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:00,888 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:01,070 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_61 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_61))))) is different from true [2022-11-20 11:28:01,098 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:01,099 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:01,117 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:01,117 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:01,264 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_62 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_62) |c_#length|)))) is different from true [2022-11-20 11:28:01,290 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:01,292 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:01,306 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:01,306 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:01,358 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 2 trivial. 6 not checked. [2022-11-20 11:28:01,358 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:04,166 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:04,166 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1362395780] [2022-11-20 11:28:04,166 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1362395780] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:04,166 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1232525582] [2022-11-20 11:28:04,166 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:28:04,166 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:04,167 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:28:04,167 INFO L229 MonitoredProcess]: Starting monitored process 11 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:28:04,169 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (11)] Waiting until timeout for monitored process [2022-11-20 11:28:04,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:28:04,331 INFO L263 TraceCheckSpWp]: Trace formula consists of 96 conjuncts, 28 conjunts are in the unsatisfiable core [2022-11-20 11:28:04,334 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:04,351 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:04,359 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:04,460 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_80 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_80) |c_#length|)))) is different from true [2022-11-20 11:28:04,489 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:04,490 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:04,511 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:04,511 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:04,595 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_81 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_81))))) is different from true [2022-11-20 11:28:04,621 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:04,622 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:04,640 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:04,640 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:04,657 INFO L134 CoverageAnalysis]: Checked inductivity of 16 backedges. 2 proven. 6 refuted. 0 times theorem prover too weak. 2 trivial. 6 not checked. [2022-11-20 11:28:04,657 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:06,924 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1232525582] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:06,924 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:06,924 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [12, 12] total 14 [2022-11-20 11:28:06,925 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2028698978] [2022-11-20 11:28:06,925 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:06,925 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-11-20 11:28:06,925 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:06,926 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-11-20 11:28:06,926 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=39, Invalid=129, Unknown=4, NotChecked=100, Total=272 [2022-11-20 11:28:06,926 INFO L87 Difference]: Start difference. First operand 36 states and 46 transitions. Second operand has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-20 11:28:07,378 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:07,378 INFO L93 Difference]: Finished difference Result 40 states and 49 transitions. [2022-11-20 11:28:07,379 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-11-20 11:28:07,379 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) Word has length 26 [2022-11-20 11:28:07,379 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:07,380 INFO L225 Difference]: With dead ends: 40 [2022-11-20 11:28:07,380 INFO L226 Difference]: Without dead ends: 40 [2022-11-20 11:28:07,380 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 58 GetRequests, 40 SyntacticMatches, 1 SemanticMatches, 17 ConstructedPredicates, 4 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 5.1s TimeCoverageRelationStatistics Valid=47, Invalid=175, Unknown=4, NotChecked=116, Total=342 [2022-11-20 11:28:07,381 INFO L413 NwaCegarLoop]: 17 mSDtfsCounter, 13 mSDsluCounter, 73 mSDsCounter, 0 mSdLazyCounter, 154 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 13 SdHoareTripleChecker+Valid, 90 SdHoareTripleChecker+Invalid, 276 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 114 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:07,382 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [13 Valid, 90 Invalid, 276 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 154 Invalid, 0 Unknown, 114 Unchecked, 0.3s Time] [2022-11-20 11:28:07,382 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 40 states. [2022-11-20 11:28:07,386 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 40 to 36. [2022-11-20 11:28:07,387 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1481481481481481) internal successors, (31), 29 states have internal predecessors, (31), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-20 11:28:07,388 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 45 transitions. [2022-11-20 11:28:07,388 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 45 transitions. Word has length 26 [2022-11-20 11:28:07,388 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:07,388 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 45 transitions. [2022-11-20 11:28:07,389 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 13 states have (on average 1.7692307692307692) internal successors, (23), 14 states have internal predecessors, (23), 3 states have call successors, (3), 2 states have call predecessors, (3), 5 states have return successors, (5), 3 states have call predecessors, (5), 3 states have call successors, (5) [2022-11-20 11:28:07,389 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 45 transitions. [2022-11-20 11:28:07,390 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-11-20 11:28:07,390 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:07,390 INFO L195 NwaCegarLoop]: trace histogram [4, 4, 4, 3, 3, 3, 3, 2, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:07,401 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (11)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:07,600 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (10)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:07,793 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,10 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:07,794 INFO L420 AbstractCegarLoop]: === Iteration 9 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:07,794 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:07,794 INFO L85 PathProgramCache]: Analyzing trace with hash -1383108784, now seen corresponding path program 2 times [2022-11-20 11:28:07,794 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:07,794 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [488824209] [2022-11-20 11:28:07,795 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:28:07,795 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:07,795 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:07,796 INFO L229 MonitoredProcess]: Starting monitored process 12 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:07,797 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (12)] Waiting until timeout for monitored process [2022-11-20 11:28:07,919 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:28:07,920 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:07,925 INFO L263 TraceCheckSpWp]: Trace formula consists of 131 conjuncts, 36 conjunts are in the unsatisfiable core [2022-11-20 11:28:07,931 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:07,962 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:07,968 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:08,145 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_107 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_107) |c_#length|)))) is different from true [2022-11-20 11:28:08,171 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:08,172 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:08,186 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:08,186 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:08,358 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_108 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_108) |c_#length|)))) is different from true [2022-11-20 11:28:08,411 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:08,416 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:08,429 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:08,429 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:08,601 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_109 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_109))))) is different from true [2022-11-20 11:28:08,627 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:08,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:08,643 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:08,644 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:08,699 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 6 trivial. 12 not checked. [2022-11-20 11:28:08,699 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:11,290 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:11,291 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [488824209] [2022-11-20 11:28:11,291 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [488824209] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:11,291 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [810500201] [2022-11-20 11:28:11,291 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:28:11,291 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:11,291 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:28:11,292 INFO L229 MonitoredProcess]: Starting monitored process 13 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:28:11,294 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (13)] Waiting until timeout for monitored process [2022-11-20 11:28:11,480 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:28:11,480 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:11,484 INFO L263 TraceCheckSpWp]: Trace formula consists of 131 conjuncts, 36 conjunts are in the unsatisfiable core [2022-11-20 11:28:11,487 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:11,513 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:11,526 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:11,628 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_135 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_135) |c_#length|)))) is different from true [2022-11-20 11:28:11,656 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:11,658 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:11,670 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:11,671 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:11,775 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_136 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_136))))) is different from true [2022-11-20 11:28:11,796 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:11,797 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:11,818 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:11,819 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:11,921 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_137 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_137) |c_#length|)))) is different from true [2022-11-20 11:28:11,956 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:11,958 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:11,975 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:11,976 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:11,995 INFO L134 CoverageAnalysis]: Checked inductivity of 37 backedges. 3 proven. 16 refuted. 0 times theorem prover too weak. 6 trivial. 12 not checked. [2022-11-20 11:28:11,995 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:12,357 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [810500201] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:12,357 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:12,358 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [15, 15] total 18 [2022-11-20 11:28:12,358 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [319836566] [2022-11-20 11:28:12,358 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:12,359 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 19 states [2022-11-20 11:28:12,359 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:12,359 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 19 interpolants. [2022-11-20 11:28:12,360 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=51, Invalid=177, Unknown=6, NotChecked=186, Total=420 [2022-11-20 11:28:12,360 INFO L87 Difference]: Start difference. First operand 36 states and 45 transitions. Second operand has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-20 11:28:13,173 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:13,173 INFO L93 Difference]: Finished difference Result 42 states and 50 transitions. [2022-11-20 11:28:13,175 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-20 11:28:13,175 INFO L78 Accepts]: Start accepts. Automaton has has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) Word has length 35 [2022-11-20 11:28:13,175 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:13,176 INFO L225 Difference]: With dead ends: 42 [2022-11-20 11:28:13,176 INFO L226 Difference]: Without dead ends: 42 [2022-11-20 11:28:13,177 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 76 GetRequests, 54 SyntacticMatches, 1 SemanticMatches, 21 ConstructedPredicates, 6 IntricatePredicates, 0 DeprecatedPredicates, 9 ImplicationChecksByTransitivity, 3.2s TimeCoverageRelationStatistics Valid=59, Invalid=231, Unknown=6, NotChecked=210, Total=506 [2022-11-20 11:28:13,178 INFO L413 NwaCegarLoop]: 20 mSDtfsCounter, 15 mSDsluCounter, 110 mSDsCounter, 0 mSdLazyCounter, 251 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 130 SdHoareTripleChecker+Invalid, 468 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 251 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 207 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:13,178 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [15 Valid, 130 Invalid, 468 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 251 Invalid, 0 Unknown, 207 Unchecked, 0.5s Time] [2022-11-20 11:28:13,179 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 42 states. [2022-11-20 11:28:13,183 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 42 to 36. [2022-11-20 11:28:13,183 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 36 states, 27 states have (on average 1.1111111111111112) internal successors, (30), 29 states have internal predecessors, (30), 5 states have call successors, (5), 1 states have call predecessors, (5), 2 states have return successors, (9), 5 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-20 11:28:13,184 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 36 states to 36 states and 44 transitions. [2022-11-20 11:28:13,184 INFO L78 Accepts]: Start accepts. Automaton has 36 states and 44 transitions. Word has length 35 [2022-11-20 11:28:13,185 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:13,185 INFO L495 AbstractCegarLoop]: Abstraction has 36 states and 44 transitions. [2022-11-20 11:28:13,185 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 19 states, 17 states have (on average 1.8235294117647058) internal successors, (31), 18 states have internal predecessors, (31), 4 states have call successors, (4), 2 states have call predecessors, (4), 7 states have return successors, (7), 4 states have call predecessors, (7), 4 states have call successors, (7) [2022-11-20 11:28:13,186 INFO L276 IsEmpty]: Start isEmpty. Operand 36 states and 44 transitions. [2022-11-20 11:28:13,187 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2022-11-20 11:28:13,187 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:13,187 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 3, 3, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:13,200 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (12)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:13,401 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (13)] Ended with exit code 0 [2022-11-20 11:28:13,599 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,13 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:13,599 INFO L420 AbstractCegarLoop]: === Iteration 10 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:13,599 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:13,599 INFO L85 PathProgramCache]: Analyzing trace with hash -856630225, now seen corresponding path program 3 times [2022-11-20 11:28:13,600 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:13,600 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2080856940] [2022-11-20 11:28:13,600 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:28:13,600 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:13,600 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:13,602 INFO L229 MonitoredProcess]: Starting monitored process 14 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:13,604 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (14)] Waiting until timeout for monitored process [2022-11-20 11:28:13,831 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2022-11-20 11:28:13,832 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:13,839 INFO L263 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 44 conjunts are in the unsatisfiable core [2022-11-20 11:28:13,843 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:13,872 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:13,881 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:14,078 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_171 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_171) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:28:14,102 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:14,103 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:14,117 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:14,117 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:14,275 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_172 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_172))))) is different from true [2022-11-20 11:28:14,302 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:14,305 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:14,322 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:14,322 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:14,464 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_173 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_173))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:28:14,489 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:14,490 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:14,528 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:14,529 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:14,678 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_174 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_174) |c_#length|)))) is different from true [2022-11-20 11:28:14,698 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:14,699 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:14,716 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:14,716 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:14,768 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 31 refuted. 0 times theorem prover too weak. 12 trivial. 20 not checked. [2022-11-20 11:28:14,769 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:19,208 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:19,208 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2080856940] [2022-11-20 11:28:19,208 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2080856940] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:19,208 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [177034706] [2022-11-20 11:28:19,208 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:28:19,208 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:19,209 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:28:19,211 INFO L229 MonitoredProcess]: Starting monitored process 15 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:28:19,213 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (15)] Waiting until timeout for monitored process [2022-11-20 11:28:19,532 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 5 check-sat command(s) [2022-11-20 11:28:19,533 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:19,538 INFO L263 TraceCheckSpWp]: Trace formula consists of 166 conjuncts, 53 conjunts are in the unsatisfiable core [2022-11-20 11:28:19,543 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:19,556 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:19,565 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:19,778 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:19,778 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:19,789 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:20,131 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:28:20,132 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:28:20,164 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:20,164 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:20,515 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:28:20,516 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:28:20,547 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:20,548 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:20,772 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_214 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_214))))) is different from true [2022-11-20 11:28:20,798 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:20,800 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:20,820 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:20,821 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:20,842 INFO L134 CoverageAnalysis]: Checked inductivity of 67 backedges. 4 proven. 37 refuted. 0 times theorem prover too weak. 18 trivial. 8 not checked. [2022-11-20 11:28:20,842 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:23,329 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [177034706] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:23,329 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:23,329 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [18, 19] total 26 [2022-11-20 11:28:23,329 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1434683354] [2022-11-20 11:28:23,329 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:23,330 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 27 states [2022-11-20 11:28:23,330 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:23,330 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2022-11-20 11:28:23,331 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=83, Invalid=483, Unknown=6, NotChecked=240, Total=812 [2022-11-20 11:28:23,331 INFO L87 Difference]: Start difference. First operand 36 states and 44 transitions. Second operand has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-20 11:28:24,971 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:24,971 INFO L93 Difference]: Finished difference Result 57 states and 71 transitions. [2022-11-20 11:28:24,972 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-20 11:28:24,972 INFO L78 Accepts]: Start accepts. Automaton has has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) Word has length 44 [2022-11-20 11:28:24,973 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:24,974 INFO L225 Difference]: With dead ends: 57 [2022-11-20 11:28:24,974 INFO L226 Difference]: Without dead ends: 57 [2022-11-20 11:28:24,975 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 97 GetRequests, 62 SyntacticMatches, 3 SemanticMatches, 32 ConstructedPredicates, 5 IntricatePredicates, 0 DeprecatedPredicates, 132 ImplicationChecksByTransitivity, 7.9s TimeCoverageRelationStatistics Valid=113, Invalid=713, Unknown=6, NotChecked=290, Total=1122 [2022-11-20 11:28:24,976 INFO L413 NwaCegarLoop]: 21 mSDtfsCounter, 24 mSDsluCounter, 173 mSDsCounter, 0 mSdLazyCounter, 650 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 194 SdHoareTripleChecker+Invalid, 998 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 650 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 329 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:24,976 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 194 Invalid, 998 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 650 Invalid, 0 Unknown, 329 Unchecked, 1.2s Time] [2022-11-20 11:28:24,977 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 57 states. [2022-11-20 11:28:24,981 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 57 to 39. [2022-11-20 11:28:24,982 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 39 states, 29 states have (on average 1.103448275862069) internal successors, (32), 31 states have internal predecessors, (32), 6 states have call successors, (6), 1 states have call predecessors, (6), 2 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-20 11:28:24,983 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 39 states to 39 states and 49 transitions. [2022-11-20 11:28:24,983 INFO L78 Accepts]: Start accepts. Automaton has 39 states and 49 transitions. Word has length 44 [2022-11-20 11:28:24,984 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:24,984 INFO L495 AbstractCegarLoop]: Abstraction has 39 states and 49 transitions. [2022-11-20 11:28:24,984 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 27 states, 25 states have (on average 1.64) internal successors, (41), 23 states have internal predecessors, (41), 5 states have call successors, (5), 2 states have call predecessors, (5), 7 states have return successors, (9), 8 states have call predecessors, (9), 5 states have call successors, (9) [2022-11-20 11:28:24,985 INFO L276 IsEmpty]: Start isEmpty. Operand 39 states and 49 transitions. [2022-11-20 11:28:24,986 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-11-20 11:28:24,986 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:24,986 INFO L195 NwaCegarLoop]: trace histogram [5, 5, 5, 4, 4, 4, 4, 4, 4, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:25,011 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (14)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:25,202 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (15)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:25,399 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 14 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,15 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:25,399 INFO L420 AbstractCegarLoop]: === Iteration 11 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:25,400 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:25,400 INFO L85 PathProgramCache]: Analyzing trace with hash -206900218, now seen corresponding path program 2 times [2022-11-20 11:28:25,400 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:25,401 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1508572904] [2022-11-20 11:28:25,401 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:28:25,401 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:25,401 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:25,402 INFO L229 MonitoredProcess]: Starting monitored process 16 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:25,403 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (16)] Waiting until timeout for monitored process [2022-11-20 11:28:25,531 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:28:25,532 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:25,539 INFO L263 TraceCheckSpWp]: Trace formula consists of 182 conjuncts, 7 conjunts are in the unsatisfiable core [2022-11-20 11:28:25,540 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:25,772 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-11-20 11:28:25,772 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:26,128 INFO L134 CoverageAnalysis]: Checked inductivity of 74 backedges. 0 proven. 34 refuted. 0 times theorem prover too weak. 40 trivial. 0 not checked. [2022-11-20 11:28:26,128 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:26,128 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1508572904] [2022-11-20 11:28:26,129 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1508572904] provided 0 perfect and 2 imperfect interpolant sequences [2022-11-20 11:28:26,129 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:26,129 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [8, 8] total 14 [2022-11-20 11:28:26,129 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [482476059] [2022-11-20 11:28:26,129 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:26,130 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-11-20 11:28:26,130 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:26,130 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-11-20 11:28:26,130 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=61, Invalid=121, Unknown=0, NotChecked=0, Total=182 [2022-11-20 11:28:26,131 INFO L87 Difference]: Start difference. First operand 39 states and 49 transitions. Second operand has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2022-11-20 11:28:26,757 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:26,757 INFO L93 Difference]: Finished difference Result 71 states and 91 transitions. [2022-11-20 11:28:26,758 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-11-20 11:28:26,758 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) Word has length 48 [2022-11-20 11:28:26,758 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:26,759 INFO L225 Difference]: With dead ends: 71 [2022-11-20 11:28:26,759 INFO L226 Difference]: Without dead ends: 71 [2022-11-20 11:28:26,760 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 99 GetRequests, 82 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.5s TimeCoverageRelationStatistics Valid=131, Invalid=211, Unknown=0, NotChecked=0, Total=342 [2022-11-20 11:28:26,761 INFO L413 NwaCegarLoop]: 32 mSDtfsCounter, 104 mSDsluCounter, 120 mSDsCounter, 0 mSdLazyCounter, 169 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 105 SdHoareTripleChecker+Valid, 152 SdHoareTripleChecker+Invalid, 198 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 169 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:26,761 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [105 Valid, 152 Invalid, 198 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 169 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-11-20 11:28:26,762 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 71 states. [2022-11-20 11:28:26,769 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 71 to 66. [2022-11-20 11:28:26,769 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1568627450980393) internal successors, (59), 53 states have internal predecessors, (59), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-20 11:28:26,771 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 91 transitions. [2022-11-20 11:28:26,771 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 91 transitions. Word has length 48 [2022-11-20 11:28:26,771 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:26,771 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 91 transitions. [2022-11-20 11:28:26,772 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 3.2857142857142856) internal successors, (46), 14 states have internal predecessors, (46), 10 states have call successors, (10), 1 states have call predecessors, (10), 1 states have return successors, (10), 10 states have call predecessors, (10), 10 states have call successors, (10) [2022-11-20 11:28:26,772 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 91 transitions. [2022-11-20 11:28:26,773 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2022-11-20 11:28:26,773 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:26,774 INFO L195 NwaCegarLoop]: trace histogram [6, 6, 6, 5, 5, 5, 5, 4, 4, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:26,786 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (16)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:26,986 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 16 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:26,986 INFO L420 AbstractCegarLoop]: === Iteration 12 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:26,987 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:26,987 INFO L85 PathProgramCache]: Analyzing trace with hash 845314608, now seen corresponding path program 4 times [2022-11-20 11:28:26,987 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:26,988 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1063774783] [2022-11-20 11:28:26,988 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:28:26,988 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:26,988 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:26,989 INFO L229 MonitoredProcess]: Starting monitored process 17 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:26,990 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (17)] Waiting until timeout for monitored process [2022-11-20 11:28:27,154 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:28:27,154 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:27,162 INFO L263 TraceCheckSpWp]: Trace formula consists of 201 conjuncts, 52 conjunts are in the unsatisfiable core [2022-11-20 11:28:27,167 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:27,199 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:27,208 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:27,416 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_290 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_290) |c_#length|)))) is different from true [2022-11-20 11:28:27,440 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:27,441 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:27,459 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:27,460 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:27,641 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_291 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_291) |c_#length|)))) is different from true [2022-11-20 11:28:27,665 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:27,666 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:27,683 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:27,683 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:27,852 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_292 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_292) |c_#length|)))) is different from true [2022-11-20 11:28:27,876 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:27,877 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:27,893 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:27,893 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:28,059 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_293 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_293) |c_#length|)))) is different from true [2022-11-20 11:28:28,079 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:28,080 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:28,099 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:28,099 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:28,288 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_294 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_294) |c_#length|)))) is different from true [2022-11-20 11:28:28,336 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:28,337 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:28,356 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:28,357 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:28,412 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 20 trivial. 30 not checked. [2022-11-20 11:28:28,412 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:28,923 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:28,923 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1063774783] [2022-11-20 11:28:28,924 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1063774783] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:28,924 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1005397578] [2022-11-20 11:28:28,924 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:28:28,924 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:28,924 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:28:28,925 INFO L229 MonitoredProcess]: Starting monitored process 18 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:28:28,927 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (18)] Waiting until timeout for monitored process [2022-11-20 11:28:29,224 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:28:29,225 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:29,230 INFO L263 TraceCheckSpWp]: Trace formula consists of 201 conjuncts, 52 conjunts are in the unsatisfiable core [2022-11-20 11:28:29,236 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:29,248 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:29,258 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:29,365 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_336 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_336))))) is different from true [2022-11-20 11:28:29,389 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:29,391 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:29,413 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:29,413 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:29,511 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_337 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_337))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:28:29,539 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:29,541 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:29,559 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:29,560 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:29,661 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_338 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_338) |c_#length|)))) is different from true [2022-11-20 11:28:29,693 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:29,694 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:29,712 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:29,713 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:29,803 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_339 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_339) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:28:29,826 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:29,827 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:29,846 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:29,847 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:29,942 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_340 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_340) |c_#length|)))) is different from true [2022-11-20 11:28:29,965 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:29,966 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:29,986 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:29,987 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:30,007 INFO L134 CoverageAnalysis]: Checked inductivity of 106 backedges. 5 proven. 51 refuted. 0 times theorem prover too weak. 20 trivial. 30 not checked. [2022-11-20 11:28:30,007 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:30,427 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1005397578] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:30,428 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:30,428 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [21, 21] total 26 [2022-11-20 11:28:30,428 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [157558100] [2022-11-20 11:28:30,428 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:30,429 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 27 states [2022-11-20 11:28:30,429 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:30,429 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 27 interpolants. [2022-11-20 11:28:30,430 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=75, Invalid=297, Unknown=10, NotChecked=430, Total=812 [2022-11-20 11:28:30,430 INFO L87 Difference]: Start difference. First operand 66 states and 91 transitions. Second operand has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-20 11:28:31,967 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:31,967 INFO L93 Difference]: Finished difference Result 76 states and 100 transitions. [2022-11-20 11:28:31,968 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 17 states. [2022-11-20 11:28:31,968 INFO L78 Accepts]: Start accepts. Automaton has has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) Word has length 53 [2022-11-20 11:28:31,969 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:31,970 INFO L225 Difference]: With dead ends: 76 [2022-11-20 11:28:31,971 INFO L226 Difference]: Without dead ends: 76 [2022-11-20 11:28:31,971 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 112 GetRequests, 82 SyntacticMatches, 1 SemanticMatches, 29 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 1.5s TimeCoverageRelationStatistics Valid=83, Invalid=367, Unknown=10, NotChecked=470, Total=930 [2022-11-20 11:28:31,972 INFO L413 NwaCegarLoop]: 26 mSDtfsCounter, 21 mSDsluCounter, 221 mSDsCounter, 0 mSdLazyCounter, 549 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 247 SdHoareTripleChecker+Invalid, 1057 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 549 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 495 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:31,972 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [21 Valid, 247 Invalid, 1057 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 549 Invalid, 0 Unknown, 495 Unchecked, 1.1s Time] [2022-11-20 11:28:31,973 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2022-11-20 11:28:31,979 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 66. [2022-11-20 11:28:31,979 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1372549019607843) internal successors, (58), 53 states have internal predecessors, (58), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-20 11:28:31,980 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 90 transitions. [2022-11-20 11:28:31,981 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 90 transitions. Word has length 53 [2022-11-20 11:28:31,981 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:31,981 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 90 transitions. [2022-11-20 11:28:31,982 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 27 states, 25 states have (on average 1.88) internal successors, (47), 26 states have internal predecessors, (47), 6 states have call successors, (6), 2 states have call predecessors, (6), 11 states have return successors, (11), 6 states have call predecessors, (11), 6 states have call successors, (11) [2022-11-20 11:28:31,982 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 90 transitions. [2022-11-20 11:28:31,983 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-20 11:28:31,983 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:31,984 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 7, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:31,993 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (18)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:32,196 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (17)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:32,387 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 18 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,17 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:32,388 INFO L420 AbstractCegarLoop]: === Iteration 13 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:32,388 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:32,388 INFO L85 PathProgramCache]: Analyzing trace with hash -1540616881, now seen corresponding path program 5 times [2022-11-20 11:28:32,389 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:32,389 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1062335991] [2022-11-20 11:28:32,389 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:28:32,389 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:32,389 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:32,390 INFO L229 MonitoredProcess]: Starting monitored process 19 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:32,399 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (19)] Waiting until timeout for monitored process [2022-11-20 11:28:32,695 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2022-11-20 11:28:32,695 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:32,705 INFO L263 TraceCheckSpWp]: Trace formula consists of 236 conjuncts, 64 conjunts are in the unsatisfiable core [2022-11-20 11:28:32,709 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:32,730 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:32,932 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:28:32,932 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:28:33,340 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_391 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_391) |c_#length|)))) is different from true [2022-11-20 11:28:33,366 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:33,394 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:28:33,394 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-20 11:28:33,416 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:33,416 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:33,699 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_392 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_392) |c_#length|)))) is different from true [2022-11-20 11:28:33,720 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:33,721 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:33,732 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:33,732 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:33,895 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_393 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_393))))) is different from true [2022-11-20 11:28:33,913 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:33,919 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:33,939 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:33,939 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:34,129 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_394 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_394) |c_#length|)))) is different from true [2022-11-20 11:28:34,164 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:34,165 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:34,184 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:34,184 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:34,367 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_395 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_395))))) is different from true [2022-11-20 11:28:34,386 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:34,387 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:34,405 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:34,405 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:34,473 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 20 trivial. 40 not checked. [2022-11-20 11:28:34,473 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:37,198 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:37,198 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1062335991] [2022-11-20 11:28:37,198 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1062335991] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:37,198 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [101664397] [2022-11-20 11:28:37,198 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:28:37,198 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:37,198 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:28:37,199 INFO L229 MonitoredProcess]: Starting monitored process 20 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:28:37,202 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (20)] Waiting until timeout for monitored process [2022-11-20 11:28:37,650 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 7 check-sat command(s) [2022-11-20 11:28:37,650 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:37,677 INFO L263 TraceCheckSpWp]: Trace formula consists of 236 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-20 11:28:37,690 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:37,703 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:37,800 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:28:37,801 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:28:37,958 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_446 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_446) |c_#length|)))) is different from true [2022-11-20 11:28:37,993 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:38,023 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:28:38,024 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-20 11:28:38,045 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:38,046 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:38,199 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_447 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_447) |c_#length|)) (exists ((v_ArrVal_448 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_448))))) is different from true [2022-11-20 11:28:38,230 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:38,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:38,283 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:28:38,284 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:28:38,395 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_450 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_450))) (exists ((v_ArrVal_449 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_449) |c_#length|)))) is different from true [2022-11-20 11:28:38,453 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:28:38,454 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:28:38,466 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:38,563 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_451 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_451))))) is different from true [2022-11-20 11:28:38,586 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:38,587 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:38,601 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:38,601 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:38,698 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_452 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_452))))) is different from true [2022-11-20 11:28:38,726 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:38,727 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:38,739 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:38,739 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:38,754 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 12 proven. 82 refuted. 0 times theorem prover too weak. 20 trivial. 40 not checked. [2022-11-20 11:28:38,755 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:42,347 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [101664397] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:42,347 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:42,348 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [29, 27] total 34 [2022-11-20 11:28:42,348 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1288335088] [2022-11-20 11:28:42,348 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:42,355 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 35 states [2022-11-20 11:28:42,356 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:42,356 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 35 interpolants. [2022-11-20 11:28:42,357 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=99, Invalid=632, Unknown=11, NotChecked=590, Total=1332 [2022-11-20 11:28:42,357 INFO L87 Difference]: Start difference. First operand 66 states and 90 transitions. Second operand has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-20 11:28:44,391 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:44,391 INFO L93 Difference]: Finished difference Result 98 states and 132 transitions. [2022-11-20 11:28:44,392 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-11-20 11:28:44,392 INFO L78 Accepts]: Start accepts. Automaton has has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-20 11:28:44,393 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:44,394 INFO L225 Difference]: With dead ends: 98 [2022-11-20 11:28:44,394 INFO L226 Difference]: Without dead ends: 98 [2022-11-20 11:28:44,394 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 131 GetRequests, 92 SyntacticMatches, 1 SemanticMatches, 38 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 79 ImplicationChecksByTransitivity, 7.7s TimeCoverageRelationStatistics Valid=116, Invalid=783, Unknown=11, NotChecked=650, Total=1560 [2022-11-20 11:28:44,395 INFO L413 NwaCegarLoop]: 25 mSDtfsCounter, 23 mSDsluCounter, 232 mSDsCounter, 0 mSdLazyCounter, 654 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 23 SdHoareTripleChecker+Valid, 257 SdHoareTripleChecker+Invalid, 1376 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 654 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 702 IncrementalHoareTripleChecker+Unchecked, 1.3s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:44,395 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [23 Valid, 257 Invalid, 1376 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 654 Invalid, 0 Unknown, 702 Unchecked, 1.3s Time] [2022-11-20 11:28:44,396 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 98 states. [2022-11-20 11:28:44,413 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 98 to 93. [2022-11-20 11:28:44,414 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 93 states, 73 states have (on average 1.095890410958904) internal successors, (80), 74 states have internal predecessors, (80), 16 states have call successors, (16), 1 states have call predecessors, (16), 2 states have return successors, (31), 17 states have call predecessors, (31), 16 states have call successors, (31) [2022-11-20 11:28:44,415 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 93 states to 93 states and 127 transitions. [2022-11-20 11:28:44,420 INFO L78 Accepts]: Start accepts. Automaton has 93 states and 127 transitions. Word has length 62 [2022-11-20 11:28:44,420 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:44,420 INFO L495 AbstractCegarLoop]: Abstraction has 93 states and 127 transitions. [2022-11-20 11:28:44,421 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 35 states, 33 states have (on average 1.7575757575757576) internal successors, (58), 32 states have internal predecessors, (58), 7 states have call successors, (7), 3 states have call predecessors, (7), 12 states have return successors, (12), 9 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-20 11:28:44,421 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 127 transitions. [2022-11-20 11:28:44,423 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-20 11:28:44,428 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:44,429 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 6, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:44,441 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (20)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:44,655 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (19)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:44,842 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 20 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,19 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:44,842 INFO L420 AbstractCegarLoop]: === Iteration 14 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:44,843 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:44,843 INFO L85 PathProgramCache]: Analyzing trace with hash 818690128, now seen corresponding path program 1 times [2022-11-20 11:28:44,843 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:44,843 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1889750038] [2022-11-20 11:28:44,844 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:28:44,844 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:44,844 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:44,846 INFO L229 MonitoredProcess]: Starting monitored process 21 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:44,892 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (21)] Waiting until timeout for monitored process [2022-11-20 11:28:45,130 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:28:45,143 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-20 11:28:45,148 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:45,173 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:45,182 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:45,416 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_500 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_500) |c_#length|)))) is different from true [2022-11-20 11:28:45,440 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:45,441 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:45,461 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:45,462 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:45,760 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_501 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_501) |c_#length|)))) is different from true [2022-11-20 11:28:45,783 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:45,784 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:45,802 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:45,802 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:45,970 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_502 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_502) |c_#length|)))) is different from true [2022-11-20 11:28:45,990 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:45,991 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:46,008 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:46,008 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:46,174 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_503 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_503) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:28:46,198 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:46,201 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:46,216 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:46,216 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:46,376 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_504 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_504))))) is different from true [2022-11-20 11:28:46,403 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:46,404 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:46,422 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:46,422 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:46,483 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-20 11:28:46,483 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:47,146 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:47,146 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1889750038] [2022-11-20 11:28:47,147 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1889750038] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:47,147 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [346293067] [2022-11-20 11:28:47,147 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-11-20 11:28:47,147 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:47,147 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:28:47,148 INFO L229 MonitoredProcess]: Starting monitored process 22 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:28:47,150 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (22)] Waiting until timeout for monitored process [2022-11-20 11:28:47,560 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:28:47,581 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-20 11:28:47,585 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:47,594 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:47,602 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:47,701 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_552 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_552))))) is different from true [2022-11-20 11:28:47,723 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:47,724 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:47,743 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:47,743 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:47,921 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_553 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_553) |c_#length|)))) is different from true [2022-11-20 11:28:47,948 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:47,949 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:47,968 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:47,969 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:48,059 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_554) |c_#length|)))) is different from true [2022-11-20 11:28:48,084 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:48,086 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:48,101 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:48,101 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:48,189 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_555 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_555) |c_#length|)))) is different from true [2022-11-20 11:28:48,217 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:48,218 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:48,235 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:48,236 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:48,321 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_556) |c_#length|)))) is different from true [2022-11-20 11:28:48,346 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:48,347 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:48,359 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:48,359 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:48,375 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-20 11:28:48,375 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:50,338 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [346293067] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:50,338 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:50,338 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [22, 22] total 27 [2022-11-20 11:28:50,339 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1220585984] [2022-11-20 11:28:50,339 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:50,339 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 28 states [2022-11-20 11:28:50,340 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:50,340 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2022-11-20 11:28:50,340 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=79, Invalid=331, Unknown=10, NotChecked=450, Total=870 [2022-11-20 11:28:50,340 INFO L87 Difference]: Start difference. First operand 93 states and 127 transitions. Second operand has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-20 11:28:51,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:28:51,893 INFO L93 Difference]: Finished difference Result 124 states and 166 transitions. [2022-11-20 11:28:51,894 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-11-20 11:28:51,894 INFO L78 Accepts]: Start accepts. Automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-20 11:28:51,894 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:28:51,896 INFO L225 Difference]: With dead ends: 124 [2022-11-20 11:28:51,896 INFO L226 Difference]: Without dead ends: 124 [2022-11-20 11:28:51,896 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 99 SyntacticMatches, 1 SemanticMatches, 30 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 3.4s TimeCoverageRelationStatistics Valid=87, Invalid=405, Unknown=10, NotChecked=490, Total=992 [2022-11-20 11:28:51,897 INFO L413 NwaCegarLoop]: 28 mSDtfsCounter, 20 mSDsluCounter, 197 mSDsCounter, 0 mSdLazyCounter, 510 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.9s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 225 SdHoareTripleChecker+Invalid, 1105 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 510 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 578 IncrementalHoareTripleChecker+Unchecked, 1.0s IncrementalHoareTripleChecker+Time [2022-11-20 11:28:51,898 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 225 Invalid, 1105 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 510 Invalid, 0 Unknown, 578 Unchecked, 1.0s Time] [2022-11-20 11:28:51,898 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 124 states. [2022-11-20 11:28:51,906 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 124 to 93. [2022-11-20 11:28:51,906 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 93 states, 73 states have (on average 1.095890410958904) internal successors, (80), 74 states have internal predecessors, (80), 16 states have call successors, (16), 1 states have call predecessors, (16), 2 states have return successors, (31), 17 states have call predecessors, (31), 16 states have call successors, (31) [2022-11-20 11:28:51,908 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 93 states to 93 states and 127 transitions. [2022-11-20 11:28:51,908 INFO L78 Accepts]: Start accepts. Automaton has 93 states and 127 transitions. Word has length 62 [2022-11-20 11:28:51,909 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:28:51,909 INFO L495 AbstractCegarLoop]: Abstraction has 93 states and 127 transitions. [2022-11-20 11:28:51,909 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-20 11:28:51,909 INFO L276 IsEmpty]: Start isEmpty. Operand 93 states and 127 transitions. [2022-11-20 11:28:51,911 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2022-11-20 11:28:51,911 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:28:51,911 INFO L195 NwaCegarLoop]: trace histogram [7, 7, 6, 6, 6, 6, 6, 5, 5, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:28:51,927 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (22)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:52,143 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (21)] Forceful destruction successful, exit code 0 [2022-11-20 11:28:52,316 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 22 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,21 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:52,316 INFO L420 AbstractCegarLoop]: === Iteration 15 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:28:52,317 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:28:52,317 INFO L85 PathProgramCache]: Analyzing trace with hash -1781157010, now seen corresponding path program 2 times [2022-11-20 11:28:52,317 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:28:52,317 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [494923393] [2022-11-20 11:28:52,317 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:28:52,318 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:28:52,318 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:28:52,319 INFO L229 MonitoredProcess]: Starting monitored process 23 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:28:52,325 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (23)] Waiting until timeout for monitored process [2022-11-20 11:28:52,545 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:28:52,545 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:52,555 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-20 11:28:52,559 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:52,581 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:52,592 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:52,900 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_604 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_604) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:28:52,923 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:52,924 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:52,941 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:52,941 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:53,094 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_605 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_605))))) is different from true [2022-11-20 11:28:53,118 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:53,119 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:53,136 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:53,136 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:53,305 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_606 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_606) |c_#length|)))) is different from true [2022-11-20 11:28:53,324 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:53,325 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:53,338 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:53,339 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:53,547 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_607 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_607))))) is different from true [2022-11-20 11:28:53,575 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:53,576 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:53,592 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:53,593 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:53,773 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_608 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_608))))) is different from true [2022-11-20 11:28:53,792 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:53,793 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:53,821 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:53,822 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:53,887 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-20 11:28:53,887 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:56,553 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:28:56,553 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [494923393] [2022-11-20 11:28:56,554 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [494923393] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:56,554 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [824487043] [2022-11-20 11:28:56,554 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:28:56,554 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:28:56,554 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:28:56,555 INFO L229 MonitoredProcess]: Starting monitored process 24 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:28:56,557 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (24)] Waiting until timeout for monitored process [2022-11-20 11:28:57,093 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:28:57,093 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:28:57,103 INFO L263 TraceCheckSpWp]: Trace formula consists of 230 conjuncts, 57 conjunts are in the unsatisfiable core [2022-11-20 11:28:57,108 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:28:57,120 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:28:57,128 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:28:57,323 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_656 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_656) |c_#length|)))) is different from true [2022-11-20 11:28:57,344 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:57,345 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:57,357 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:57,358 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:57,449 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_657 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_657))))) is different from true [2022-11-20 11:28:57,480 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:57,481 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:57,496 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:57,497 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:57,575 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_658 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_658))))) is different from true [2022-11-20 11:28:57,591 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:57,592 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:57,606 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:57,607 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:57,689 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_659 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_659) |c_#length|)))) is different from true [2022-11-20 11:28:57,715 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:57,716 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:57,740 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:57,740 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:57,815 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_660 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_660) |c_#length|)))) is different from true [2022-11-20 11:28:57,832 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:28:57,834 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:28:57,846 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:28:57,846 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:28:57,864 INFO L134 CoverageAnalysis]: Checked inductivity of 154 backedges. 6 proven. 78 refuted. 0 times theorem prover too weak. 30 trivial. 40 not checked. [2022-11-20 11:28:57,864 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:28:58,443 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [824487043] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:28:58,444 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:28:58,444 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [22, 22] total 27 [2022-11-20 11:28:58,444 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [57248933] [2022-11-20 11:28:58,444 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:28:58,445 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 28 states [2022-11-20 11:28:58,445 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:28:58,445 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 28 interpolants. [2022-11-20 11:28:58,446 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=79, Invalid=330, Unknown=11, NotChecked=450, Total=870 [2022-11-20 11:28:58,446 INFO L87 Difference]: Start difference. First operand 93 states and 127 transitions. Second operand has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-20 11:29:00,051 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:29:00,051 INFO L93 Difference]: Finished difference Result 132 states and 173 transitions. [2022-11-20 11:29:00,052 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2022-11-20 11:29:00,052 INFO L78 Accepts]: Start accepts. Automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) Word has length 62 [2022-11-20 11:29:00,053 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:29:00,054 INFO L225 Difference]: With dead ends: 132 [2022-11-20 11:29:00,054 INFO L226 Difference]: Without dead ends: 132 [2022-11-20 11:29:00,055 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 130 GetRequests, 99 SyntacticMatches, 1 SemanticMatches, 30 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 23 ImplicationChecksByTransitivity, 4.0s TimeCoverageRelationStatistics Valid=87, Invalid=404, Unknown=11, NotChecked=490, Total=992 [2022-11-20 11:29:00,056 INFO L413 NwaCegarLoop]: 31 mSDtfsCounter, 18 mSDsluCounter, 230 mSDsCounter, 0 mSdLazyCounter, 568 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 261 SdHoareTripleChecker+Invalid, 976 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 568 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 392 IncrementalHoareTripleChecker+Unchecked, 1.1s IncrementalHoareTripleChecker+Time [2022-11-20 11:29:00,056 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [18 Valid, 261 Invalid, 976 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 568 Invalid, 0 Unknown, 392 Unchecked, 1.1s Time] [2022-11-20 11:29:00,057 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 132 states. [2022-11-20 11:29:00,063 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 132 to 66. [2022-11-20 11:29:00,064 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.1176470588235294) internal successors, (57), 53 states have internal predecessors, (57), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-20 11:29:00,065 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 89 transitions. [2022-11-20 11:29:00,065 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 89 transitions. Word has length 62 [2022-11-20 11:29:00,066 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:29:00,066 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 89 transitions. [2022-11-20 11:29:00,066 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 28 states, 26 states have (on average 2.0384615384615383) internal successors, (53), 27 states have internal predecessors, (53), 7 states have call successors, (7), 2 states have call predecessors, (7), 12 states have return successors, (12), 7 states have call predecessors, (12), 7 states have call successors, (12) [2022-11-20 11:29:00,067 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 89 transitions. [2022-11-20 11:29:00,068 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-20 11:29:00,068 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:29:00,068 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 8, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:29:00,074 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (24)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:00,283 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (23)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:00,473 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 24 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,23 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:00,474 INFO L420 AbstractCegarLoop]: === Iteration 16 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:29:00,474 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:29:00,474 INFO L85 PathProgramCache]: Analyzing trace with hash -446919408, now seen corresponding path program 6 times [2022-11-20 11:29:00,475 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:29:00,475 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [575896838] [2022-11-20 11:29:00,475 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-20 11:29:00,475 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:00,475 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:29:00,476 INFO L229 MonitoredProcess]: Starting monitored process 25 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:29:00,477 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (25)] Waiting until timeout for monitored process [2022-11-20 11:29:00,881 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-20 11:29:00,881 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:00,892 INFO L263 TraceCheckSpWp]: Trace formula consists of 271 conjuncts, 68 conjunts are in the unsatisfiable core [2022-11-20 11:29:00,897 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:00,917 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:00,925 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:29:01,114 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_718 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_718) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_719 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_719) |c_#valid|)))) is different from true [2022-11-20 11:29:01,173 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:29:01,173 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:29:01,184 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:01,310 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_720 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_720))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:29:01,338 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:01,339 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:01,356 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:01,357 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:01,509 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_721 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_721))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:29:01,531 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:01,532 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:01,557 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:01,558 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:01,764 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-20 11:29:01,797 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:01,797 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:02,170 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_723 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_723) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:29:02,201 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:02,232 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:29:02,233 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-20 11:29:02,257 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:02,258 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:02,512 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_724 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_724))))) is different from true [2022-11-20 11:29:02,532 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:02,533 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:02,545 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:02,546 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:02,747 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_725 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_725) |c_#length|)))) is different from true [2022-11-20 11:29:02,779 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:02,780 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:02,805 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:02,805 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:02,890 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 11 proven. 114 refuted. 0 times theorem prover too weak. 30 trivial. 56 not checked. [2022-11-20 11:29:02,890 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:09,571 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:29:09,571 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [575896838] [2022-11-20 11:29:09,571 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [575896838] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:09,571 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [221492890] [2022-11-20 11:29:09,571 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-20 11:29:09,572 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:29:09,572 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:29:09,573 INFO L229 MonitoredProcess]: Starting monitored process 26 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:29:09,575 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (26)] Waiting until timeout for monitored process [2022-11-20 11:29:10,971 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-20 11:29:10,972 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:10,983 INFO L263 TraceCheckSpWp]: Trace formula consists of 271 conjuncts, 81 conjunts are in the unsatisfiable core [2022-11-20 11:29:10,989 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:11,000 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:11,011 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:29:11,278 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:11,279 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:11,326 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:29:11,327 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:29:11,844 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_787 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_787))) (exists ((v_ArrVal_786 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_786) |c_#length|)))) is different from true [2022-11-20 11:29:11,880 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:11,881 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:11,942 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-20 11:29:11,943 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-20 11:29:12,349 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:12,350 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:12,421 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-20 11:29:12,421 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-20 11:29:13,211 INFO L321 Elim1Store]: treesize reduction 12, result has 42.9 percent of original size [2022-11-20 11:29:13,211 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 22 [2022-11-20 11:29:13,221 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:13,749 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:13,749 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:13,773 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:13,774 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:14,085 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_795 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_795))))) is different from true [2022-11-20 11:29:14,109 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:14,110 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:14,127 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:14,127 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:14,233 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_796 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_796) |c_#length|)))) is different from true [2022-11-20 11:29:14,257 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:14,258 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:14,273 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:14,273 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:14,297 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 120 refuted. 4 times theorem prover too weak. 44 trivial. 36 not checked. [2022-11-20 11:29:14,298 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:16,843 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [221492890] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:16,843 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:29:16,843 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 31] total 49 [2022-11-20 11:29:16,843 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1487047761] [2022-11-20 11:29:16,843 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:29:16,844 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 50 states [2022-11-20 11:29:16,844 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:29:16,845 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 50 interpolants. [2022-11-20 11:29:16,846 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=183, Invalid=1567, Unknown=12, NotChecked=890, Total=2652 [2022-11-20 11:29:16,846 INFO L87 Difference]: Start difference. First operand 66 states and 89 transitions. Second operand has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-20 11:29:18,515 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:29:18,515 INFO L93 Difference]: Finished difference Result 103 states and 138 transitions. [2022-11-20 11:29:18,516 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-20 11:29:18,516 INFO L78 Accepts]: Start accepts. Automaton has has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) Word has length 71 [2022-11-20 11:29:18,517 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:29:18,517 INFO L225 Difference]: With dead ends: 103 [2022-11-20 11:29:18,518 INFO L226 Difference]: Without dead ends: 103 [2022-11-20 11:29:18,519 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 93 SyntacticMatches, 3 SemanticMatches, 54 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 538 ImplicationChecksByTransitivity, 12.6s TimeCoverageRelationStatistics Valid=208, Invalid=1890, Unknown=12, NotChecked=970, Total=3080 [2022-11-20 11:29:18,519 INFO L413 NwaCegarLoop]: 23 mSDtfsCounter, 19 mSDsluCounter, 250 mSDsCounter, 0 mSdLazyCounter, 437 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.7s Time, 0 mProtectedPredicate, 0 mProtectedAction, 19 SdHoareTripleChecker+Valid, 273 SdHoareTripleChecker+Invalid, 1141 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 437 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 692 IncrementalHoareTripleChecker+Unchecked, 0.8s IncrementalHoareTripleChecker+Time [2022-11-20 11:29:18,519 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [19 Valid, 273 Invalid, 1141 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 437 Invalid, 0 Unknown, 692 Unchecked, 0.8s Time] [2022-11-20 11:29:18,520 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 103 states. [2022-11-20 11:29:18,527 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 103 to 98. [2022-11-20 11:29:18,528 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-20 11:29:18,529 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-20 11:29:18,529 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-20 11:29:18,530 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:29:18,530 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-20 11:29:18,530 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 50 states, 48 states have (on average 1.6666666666666667) internal successors, (80), 44 states have internal predecessors, (80), 12 states have call successors, (12), 3 states have call predecessors, (12), 14 states have return successors, (15), 13 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-20 11:29:18,530 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-20 11:29:18,531 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-20 11:29:18,532 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:29:18,532 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:29:18,548 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (26)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:18,757 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (25)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:18,948 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 26 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,25 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:18,948 INFO L420 AbstractCegarLoop]: === Iteration 17 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:29:18,949 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:29:18,949 INFO L85 PathProgramCache]: Analyzing trace with hash 797845073, now seen corresponding path program 3 times [2022-11-20 11:29:18,949 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:29:18,949 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [878390215] [2022-11-20 11:29:18,949 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:29:18,949 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:18,950 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:29:18,950 INFO L229 MonitoredProcess]: Starting monitored process 27 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:29:18,953 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (27)] Waiting until timeout for monitored process [2022-11-20 11:29:19,272 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 8 check-sat command(s) [2022-11-20 11:29:19,272 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:19,284 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 63 conjunts are in the unsatisfiable core [2022-11-20 11:29:19,288 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:19,310 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:19,318 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:29:19,513 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_852 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_852))))) is different from true [2022-11-20 11:29:19,538 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:19,539 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:19,552 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:19,553 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:19,712 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_853 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_853) |c_#length|)))) is different from true [2022-11-20 11:29:19,738 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:19,740 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:19,754 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:19,754 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:19,913 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_854 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_854) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:29:19,936 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:19,937 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:19,955 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:19,955 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:20,115 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_855 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_855) |c_#length|)))) is different from true [2022-11-20 11:29:20,140 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:20,141 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:20,158 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:20,158 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:20,538 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_856 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_856))))) is different from true [2022-11-20 11:29:20,558 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:20,559 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:20,577 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:20,577 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:20,766 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_857 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_857) |c_#length|)))) is different from true [2022-11-20 11:29:20,785 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:20,786 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:20,803 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:20,804 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:20,876 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 11 proven. 116 refuted. 0 times theorem prover too weak. 30 trivial. 54 not checked. [2022-11-20 11:29:20,877 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:23,528 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:29:23,528 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [878390215] [2022-11-20 11:29:23,528 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [878390215] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:23,528 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1337079716] [2022-11-20 11:29:23,529 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:29:23,529 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:29:23,529 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:29:23,530 INFO L229 MonitoredProcess]: Starting monitored process 28 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:29:23,532 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (28)] Waiting until timeout for monitored process [2022-11-20 11:29:24,203 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 8 check-sat command(s) [2022-11-20 11:29:24,203 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:24,212 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 74 conjunts are in the unsatisfiable core [2022-11-20 11:29:24,221 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:24,231 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:29:24,238 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:24,463 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:24,464 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:24,473 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:24,712 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_915 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_915) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:29:24,734 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:24,735 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:24,755 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:24,756 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:25,022 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:25,022 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:25,663 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-20 11:29:25,664 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-20 11:29:26,669 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_920 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_920) |c_#length|)))) is different from true [2022-11-20 11:29:26,714 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:26,746 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:29:26,746 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-20 11:29:26,764 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:26,764 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:26,867 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_921 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_921))))) is different from true [2022-11-20 11:29:26,893 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:26,894 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:26,914 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:26,915 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:26,934 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 17 proven. 140 refuted. 0 times theorem prover too weak. 18 trivial. 36 not checked. [2022-11-20 11:29:26,935 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:29,426 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1337079716] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:29,427 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:29:29,427 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [27, 33] total 45 [2022-11-20 11:29:29,427 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [996529789] [2022-11-20 11:29:29,427 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:29:29,428 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 46 states [2022-11-20 11:29:29,428 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:29:29,428 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 46 interpolants. [2022-11-20 11:29:29,428 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=146, Invalid=1362, Unknown=10, NotChecked=738, Total=2256 [2022-11-20 11:29:29,429 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-20 11:29:34,735 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:29:34,735 INFO L93 Difference]: Finished difference Result 169 states and 224 transitions. [2022-11-20 11:29:34,739 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 37 states. [2022-11-20 11:29:34,739 INFO L78 Accepts]: Start accepts. Automaton has has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) Word has length 71 [2022-11-20 11:29:34,740 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:29:34,742 INFO L225 Difference]: With dead ends: 169 [2022-11-20 11:29:34,742 INFO L226 Difference]: Without dead ends: 169 [2022-11-20 11:29:34,743 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 173 GetRequests, 99 SyntacticMatches, 2 SemanticMatches, 72 ConstructedPredicates, 9 IntricatePredicates, 0 DeprecatedPredicates, 848 ImplicationChecksByTransitivity, 9.4s TimeCoverageRelationStatistics Valid=344, Invalid=3842, Unknown=10, NotChecked=1206, Total=5402 [2022-11-20 11:29:34,744 INFO L413 NwaCegarLoop]: 34 mSDtfsCounter, 86 mSDsluCounter, 442 mSDsCounter, 0 mSdLazyCounter, 1561 mSolverCounterSat, 51 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 89 SdHoareTripleChecker+Valid, 476 SdHoareTripleChecker+Invalid, 2918 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 51 IncrementalHoareTripleChecker+Valid, 1561 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1306 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-11-20 11:29:34,744 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [89 Valid, 476 Invalid, 2918 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [51 Valid, 1561 Invalid, 0 Unknown, 1306 Unchecked, 2.9s Time] [2022-11-20 11:29:34,745 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 169 states. [2022-11-20 11:29:34,751 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 169 to 113. [2022-11-20 11:29:34,752 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 113 states, 89 states have (on average 1.0674157303370786) internal successors, (95), 90 states have internal predecessors, (95), 20 states have call successors, (20), 1 states have call predecessors, (20), 2 states have return successors, (39), 21 states have call predecessors, (39), 20 states have call successors, (39) [2022-11-20 11:29:34,754 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 113 states to 113 states and 154 transitions. [2022-11-20 11:29:34,754 INFO L78 Accepts]: Start accepts. Automaton has 113 states and 154 transitions. Word has length 71 [2022-11-20 11:29:34,755 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:29:34,755 INFO L495 AbstractCegarLoop]: Abstraction has 113 states and 154 transitions. [2022-11-20 11:29:34,755 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 46 states, 44 states have (on average 1.7727272727272727) internal successors, (78), 42 states have internal predecessors, (78), 12 states have call successors, (12), 3 states have call predecessors, (12), 13 states have return successors, (15), 12 states have call predecessors, (15), 12 states have call successors, (15) [2022-11-20 11:29:34,755 INFO L276 IsEmpty]: Start isEmpty. Operand 113 states and 154 transitions. [2022-11-20 11:29:34,757 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-20 11:29:34,757 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:29:34,757 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 6, 6, 6, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:29:34,764 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (28)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:34,974 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (27)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:35,163 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 28 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,27 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:35,164 INFO L420 AbstractCegarLoop]: === Iteration 18 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:29:35,164 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:29:35,164 INFO L85 PathProgramCache]: Analyzing trace with hash 292286448, now seen corresponding path program 4 times [2022-11-20 11:29:35,164 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:29:35,164 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1622516464] [2022-11-20 11:29:35,165 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:29:35,165 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:35,165 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:29:35,166 INFO L229 MonitoredProcess]: Starting monitored process 29 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:29:35,168 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (29)] Waiting until timeout for monitored process [2022-11-20 11:29:35,402 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:29:35,402 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:35,412 INFO L263 TraceCheckSpWp]: Trace formula consists of 259 conjuncts, 62 conjunts are in the unsatisfiable core [2022-11-20 11:29:35,416 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:35,437 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:35,444 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:29:35,639 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_975 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_975))))) is different from true [2022-11-20 11:29:35,662 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:35,663 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:35,680 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:35,681 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:35,827 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_976 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_976) |c_#length|)))) is different from true [2022-11-20 11:29:35,853 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:35,854 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:35,867 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:35,867 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:36,020 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_977 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_977))))) is different from true [2022-11-20 11:29:36,049 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:36,050 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:36,074 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:36,075 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:36,269 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_978 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_978) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:29:36,311 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:36,312 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:36,330 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:36,331 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:36,796 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_979 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_979) |c_#length|)))) is different from true [2022-11-20 11:29:36,822 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:36,823 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:36,841 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:36,841 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:36,911 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 110 refuted. 0 times theorem prover too weak. 44 trivial. 50 not checked. [2022-11-20 11:29:36,911 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:39,544 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:29:39,544 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1622516464] [2022-11-20 11:29:39,544 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1622516464] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:39,545 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1575097698] [2022-11-20 11:29:39,545 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:29:39,545 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:29:39,545 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:29:39,546 INFO L229 MonitoredProcess]: Starting monitored process 30 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:29:39,548 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (30)] Waiting until timeout for monitored process [2022-11-20 11:29:40,038 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:29:40,038 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:40,045 INFO L263 TraceCheckSpWp]: Trace formula consists of 259 conjuncts, 62 conjunts are in the unsatisfiable core [2022-11-20 11:29:40,051 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:40,064 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:40,075 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:29:40,166 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1033 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1033) |c_#length|)))) is different from true [2022-11-20 11:29:40,191 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:40,192 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:40,205 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:40,206 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:40,288 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1034 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1034))))) is different from true [2022-11-20 11:29:40,306 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:40,307 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:40,320 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:40,320 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:40,407 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1035 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1035) |c_#length|)))) is different from true [2022-11-20 11:29:40,430 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:40,431 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:40,448 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:40,449 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:40,543 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1036 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1036) |c_#length|)))) is different from true [2022-11-20 11:29:40,562 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:40,563 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:40,576 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:40,576 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:40,858 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1037 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1037))))) is different from true [2022-11-20 11:29:40,877 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:40,887 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:40,907 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:40,907 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:40,930 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 110 refuted. 0 times theorem prover too weak. 44 trivial. 50 not checked. [2022-11-20 11:29:40,931 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:41,350 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1575097698] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:41,350 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:29:41,350 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [23, 23] total 28 [2022-11-20 11:29:41,351 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1484930414] [2022-11-20 11:29:41,351 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:29:41,351 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 29 states [2022-11-20 11:29:41,351 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:29:41,352 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 29 interpolants. [2022-11-20 11:29:41,352 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=83, Invalid=367, Unknown=10, NotChecked=470, Total=930 [2022-11-20 11:29:41,352 INFO L87 Difference]: Start difference. First operand 113 states and 154 transitions. Second operand has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-20 11:29:43,016 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:29:43,016 INFO L93 Difference]: Finished difference Result 143 states and 190 transitions. [2022-11-20 11:29:43,017 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 19 states. [2022-11-20 11:29:43,017 INFO L78 Accepts]: Start accepts. Automaton has has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) Word has length 71 [2022-11-20 11:29:43,018 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:29:43,019 INFO L225 Difference]: With dead ends: 143 [2022-11-20 11:29:43,019 INFO L226 Difference]: Without dead ends: 143 [2022-11-20 11:29:43,020 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 148 GetRequests, 116 SyntacticMatches, 1 SemanticMatches, 31 ConstructedPredicates, 10 IntricatePredicates, 0 DeprecatedPredicates, 31 ImplicationChecksByTransitivity, 3.8s TimeCoverageRelationStatistics Valid=91, Invalid=445, Unknown=10, NotChecked=510, Total=1056 [2022-11-20 11:29:43,020 INFO L413 NwaCegarLoop]: 30 mSDtfsCounter, 20 mSDsluCounter, 225 mSDsCounter, 0 mSdLazyCounter, 616 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 255 SdHoareTripleChecker+Invalid, 1250 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 616 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 617 IncrementalHoareTripleChecker+Unchecked, 1.2s IncrementalHoareTripleChecker+Time [2022-11-20 11:29:43,021 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 255 Invalid, 1250 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 616 Invalid, 0 Unknown, 617 Unchecked, 1.2s Time] [2022-11-20 11:29:43,022 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 143 states. [2022-11-20 11:29:43,027 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 143 to 103. [2022-11-20 11:29:43,028 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 103 states, 81 states have (on average 1.0740740740740742) internal successors, (87), 82 states have internal predecessors, (87), 18 states have call successors, (18), 1 states have call predecessors, (18), 2 states have return successors, (35), 19 states have call predecessors, (35), 18 states have call successors, (35) [2022-11-20 11:29:43,029 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 103 states to 103 states and 140 transitions. [2022-11-20 11:29:43,029 INFO L78 Accepts]: Start accepts. Automaton has 103 states and 140 transitions. Word has length 71 [2022-11-20 11:29:43,030 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:29:43,030 INFO L495 AbstractCegarLoop]: Abstraction has 103 states and 140 transitions. [2022-11-20 11:29:43,030 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 29 states, 27 states have (on average 2.111111111111111) internal successors, (57), 28 states have internal predecessors, (57), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (13), 8 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-20 11:29:43,031 INFO L276 IsEmpty]: Start isEmpty. Operand 103 states and 140 transitions. [2022-11-20 11:29:43,032 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-20 11:29:43,032 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:29:43,033 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:29:43,038 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (30)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:43,249 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (29)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:43,438 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 30 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,29 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:43,438 INFO L420 AbstractCegarLoop]: === Iteration 19 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:29:43,439 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:29:43,439 INFO L85 PathProgramCache]: Analyzing trace with hash 1837944047, now seen corresponding path program 5 times [2022-11-20 11:29:43,439 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:29:43,439 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [983765446] [2022-11-20 11:29:43,439 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:29:43,439 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:43,439 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:29:43,440 INFO L229 MonitoredProcess]: Starting monitored process 31 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:29:43,448 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (31)] Waiting until timeout for monitored process [2022-11-20 11:29:43,815 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 8 check-sat command(s) [2022-11-20 11:29:43,816 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:43,827 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 69 conjunts are in the unsatisfiable core [2022-11-20 11:29:43,831 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:43,852 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:44,081 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:44,081 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:44,547 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1094 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1094) |c_#length|)))) is different from true [2022-11-20 11:29:44,572 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:44,603 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:29:44,604 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-20 11:29:44,642 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:44,642 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:44,975 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1095 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1095))))) is different from true [2022-11-20 11:29:45,003 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:45,004 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:45,024 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:45,024 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:45,418 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1096 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1096) |c_#length|)))) is different from true [2022-11-20 11:29:45,443 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:45,445 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:45,462 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:45,463 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:45,678 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1097 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1097) |c_#length|)))) is different from true [2022-11-20 11:29:45,697 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:45,698 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:45,711 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:45,711 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:45,935 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1098 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1098) |c_#length|)))) is different from true [2022-11-20 11:29:45,955 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:45,956 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:45,973 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:45,974 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:46,055 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 14 proven. 117 refuted. 0 times theorem prover too weak. 30 trivial. 50 not checked. [2022-11-20 11:29:46,055 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:50,751 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:29:50,751 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [983765446] [2022-11-20 11:29:50,751 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [983765446] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:50,752 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1963271087] [2022-11-20 11:29:50,752 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:29:50,752 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:29:50,752 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:29:50,753 INFO L229 MonitoredProcess]: Starting monitored process 32 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:29:50,756 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (32)] Waiting until timeout for monitored process [2022-11-20 11:29:51,485 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 8 check-sat command(s) [2022-11-20 11:29:51,485 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:51,494 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 74 conjunts are in the unsatisfiable core [2022-11-20 11:29:51,499 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:51,510 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:51,632 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:51,632 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:51,799 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1156 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1156) |c_#length|)) (exists ((v_ArrVal_1155 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1155) |c_#valid|)))) is different from true [2022-11-20 11:29:51,888 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:29:51,889 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:29:51,927 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:29:51,927 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-20 11:29:52,286 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:29:52,287 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:29:52,314 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:52,314 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:52,679 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1159 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1159))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1160 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1160) |c_#length|)))) is different from true [2022-11-20 11:29:52,717 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:52,719 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:52,757 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:29:52,757 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:29:52,855 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1161 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1161) |c_#length|)))) is different from true [2022-11-20 11:29:52,877 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:52,878 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:52,891 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:52,892 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:52,985 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1162 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1162))))) is different from true [2022-11-20 11:29:53,008 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:53,009 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:53,021 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:53,022 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:53,041 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 14 proven. 123 refuted. 0 times theorem prover too weak. 30 trivial. 44 not checked. [2022-11-20 11:29:53,042 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:29:55,615 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1963271087] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:29:55,615 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:29:55,615 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 38 [2022-11-20 11:29:55,616 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1223030091] [2022-11-20 11:29:55,616 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:29:55,616 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 39 states [2022-11-20 11:29:55,617 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:29:55,617 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 39 interpolants. [2022-11-20 11:29:55,618 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=116, Invalid=903, Unknown=9, NotChecked=612, Total=1640 [2022-11-20 11:29:55,618 INFO L87 Difference]: Start difference. First operand 103 states and 140 transitions. Second operand has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-20 11:29:58,048 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:29:58,048 INFO L93 Difference]: Finished difference Result 151 states and 202 transitions. [2022-11-20 11:29:58,049 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-20 11:29:58,049 INFO L78 Accepts]: Start accepts. Automaton has has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) Word has length 71 [2022-11-20 11:29:58,050 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:29:58,051 INFO L225 Difference]: With dead ends: 151 [2022-11-20 11:29:58,051 INFO L226 Difference]: Without dead ends: 151 [2022-11-20 11:29:58,052 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 106 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 9 IntricatePredicates, 0 DeprecatedPredicates, 152 ImplicationChecksByTransitivity, 9.3s TimeCoverageRelationStatistics Valid=141, Invalid=1146, Unknown=9, NotChecked=684, Total=1980 [2022-11-20 11:29:58,052 INFO L413 NwaCegarLoop]: 27 mSDtfsCounter, 27 mSDsluCounter, 252 mSDsCounter, 0 mSdLazyCounter, 772 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 27 SdHoareTripleChecker+Valid, 279 SdHoareTripleChecker+Invalid, 1341 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 772 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 549 IncrementalHoareTripleChecker+Unchecked, 1.6s IncrementalHoareTripleChecker+Time [2022-11-20 11:29:58,052 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [27 Valid, 279 Invalid, 1341 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 772 Invalid, 0 Unknown, 549 Unchecked, 1.6s Time] [2022-11-20 11:29:58,053 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 151 states. [2022-11-20 11:29:58,059 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 151 to 98. [2022-11-20 11:29:58,059 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-20 11:29:58,060 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-20 11:29:58,061 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-20 11:29:58,061 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:29:58,061 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-20 11:29:58,062 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 39 states, 37 states have (on average 1.7837837837837838) internal successors, (66), 35 states have internal predecessors, (66), 8 states have call successors, (8), 3 states have call predecessors, (8), 13 states have return successors, (13), 11 states have call predecessors, (13), 8 states have call successors, (13) [2022-11-20 11:29:58,062 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-20 11:29:58,063 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-20 11:29:58,063 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:29:58,064 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:29:58,086 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (31)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:58,291 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (32)] Forceful destruction successful, exit code 0 [2022-11-20 11:29:58,480 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 31 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,32 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:29:58,480 INFO L420 AbstractCegarLoop]: === Iteration 20 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:29:58,481 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:29:58,481 INFO L85 PathProgramCache]: Analyzing trace with hash -687459537, now seen corresponding path program 6 times [2022-11-20 11:29:58,481 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:29:58,481 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1534887304] [2022-11-20 11:29:58,481 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-20 11:29:58,481 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:29:58,481 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:29:58,482 INFO L229 MonitoredProcess]: Starting monitored process 33 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:29:58,484 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (33)] Waiting until timeout for monitored process [2022-11-20 11:29:58,914 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-20 11:29:58,914 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:29:58,925 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-20 11:29:58,930 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:29:58,950 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:29:58,958 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:29:59,141 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1218 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1218) |c_#length|)))) is different from true [2022-11-20 11:29:59,161 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:59,161 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:59,179 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:59,179 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:59,474 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1219 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1219))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:29:59,495 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:59,496 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:59,513 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:59,513 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:59,677 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1220 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1220) |c_#length|)))) is different from true [2022-11-20 11:29:59,697 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:59,698 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:59,716 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:59,716 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:29:59,889 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1221 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1221) |c_#length|)))) is different from true [2022-11-20 11:29:59,913 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:29:59,914 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:29:59,930 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:29:59,930 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:00,128 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1222 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1222) |c_#length|)))) is different from true [2022-11-20 11:30:00,152 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:00,153 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:00,169 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:00,169 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:00,348 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1223 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1223) |c_#length|)))) is different from true [2022-11-20 11:30:00,372 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:00,373 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:00,395 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:00,395 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:00,473 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-20 11:30:00,473 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:03,122 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:30:03,122 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1534887304] [2022-11-20 11:30:03,122 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1534887304] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:03,122 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [930929157] [2022-11-20 11:30:03,122 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-20 11:30:03,123 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:30:03,123 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:30:03,124 INFO L229 MonitoredProcess]: Starting monitored process 34 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:30:03,126 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (34)] Waiting until timeout for monitored process [2022-11-20 11:30:04,578 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 8 check-sat command(s) [2022-11-20 11:30:04,579 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:30:04,612 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 77 conjunts are in the unsatisfiable core [2022-11-20 11:30:04,617 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:04,638 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:04,649 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:04,907 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:30:04,907 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:30:04,920 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:05,421 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:30:05,421 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:30:05,435 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:05,828 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:30:05,828 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:30:05,852 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:05,852 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:06,238 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:30:06,238 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:30:06,263 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:06,263 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:06,526 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1289 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1289) |c_#length|)))) is different from true [2022-11-20 11:30:06,545 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:06,546 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:06,564 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:06,564 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:06,651 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1290 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1290))))) is different from true [2022-11-20 11:30:06,669 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:06,670 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:06,695 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:06,695 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:06,712 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 124 refuted. 8 times theorem prover too weak. 46 trivial. 26 not checked. [2022-11-20 11:30:06,712 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:07,117 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [930929157] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:07,117 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:30:07,117 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [25, 27] total 37 [2022-11-20 11:30:07,117 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [645508481] [2022-11-20 11:30:07,117 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:30:07,118 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 38 states [2022-11-20 11:30:07,118 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:30:07,118 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 38 interpolants. [2022-11-20 11:30:07,119 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=128, Invalid=887, Unknown=9, NotChecked=536, Total=1560 [2022-11-20 11:30:07,119 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-20 11:30:09,542 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:30:09,542 INFO L93 Difference]: Finished difference Result 170 states and 227 transitions. [2022-11-20 11:30:09,542 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-20 11:30:09,543 INFO L78 Accepts]: Start accepts. Automaton has has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) Word has length 71 [2022-11-20 11:30:09,544 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:30:09,546 INFO L225 Difference]: With dead ends: 170 [2022-11-20 11:30:09,546 INFO L226 Difference]: Without dead ends: 170 [2022-11-20 11:30:09,547 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 150 GetRequests, 105 SyntacticMatches, 3 SemanticMatches, 42 ConstructedPredicates, 8 IntricatePredicates, 0 DeprecatedPredicates, 231 ImplicationChecksByTransitivity, 5.0s TimeCoverageRelationStatistics Valid=152, Invalid=1131, Unknown=9, NotChecked=600, Total=1892 [2022-11-20 11:30:09,548 INFO L413 NwaCegarLoop]: 25 mSDtfsCounter, 37 mSDsluCounter, 205 mSDsCounter, 0 mSdLazyCounter, 946 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 230 SdHoareTripleChecker+Invalid, 1483 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 946 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 508 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-11-20 11:30:09,548 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [37 Valid, 230 Invalid, 1483 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 946 Invalid, 0 Unknown, 508 Unchecked, 1.8s Time] [2022-11-20 11:30:09,549 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 170 states. [2022-11-20 11:30:09,554 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 170 to 98. [2022-11-20 11:30:09,555 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 98 states, 77 states have (on average 1.077922077922078) internal successors, (83), 78 states have internal predecessors, (83), 17 states have call successors, (17), 1 states have call predecessors, (17), 2 states have return successors, (33), 18 states have call predecessors, (33), 17 states have call successors, (33) [2022-11-20 11:30:09,556 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 98 states to 98 states and 133 transitions. [2022-11-20 11:30:09,557 INFO L78 Accepts]: Start accepts. Automaton has 98 states and 133 transitions. Word has length 71 [2022-11-20 11:30:09,557 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:30:09,557 INFO L495 AbstractCegarLoop]: Abstraction has 98 states and 133 transitions. [2022-11-20 11:30:09,558 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 38 states, 36 states have (on average 1.8055555555555556) internal successors, (65), 33 states have internal predecessors, (65), 8 states have call successors, (8), 2 states have call predecessors, (8), 12 states have return successors, (14), 12 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-20 11:30:09,558 INFO L276 IsEmpty]: Start isEmpty. Operand 98 states and 133 transitions. [2022-11-20 11:30:09,559 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 72 [2022-11-20 11:30:09,559 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:30:09,559 INFO L195 NwaCegarLoop]: trace histogram [8, 8, 7, 7, 7, 7, 7, 6, 6, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:30:09,572 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (34)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:09,776 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (33)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:09,966 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 34 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,33 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:30:09,966 INFO L420 AbstractCegarLoop]: === Iteration 21 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:30:09,967 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:30:09,967 INFO L85 PathProgramCache]: Analyzing trace with hash -166569519, now seen corresponding path program 7 times [2022-11-20 11:30:09,967 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:30:09,967 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1552742576] [2022-11-20 11:30:09,967 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-20 11:30:09,967 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:30:09,967 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:30:09,968 INFO L229 MonitoredProcess]: Starting monitored process 35 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:30:09,970 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (35)] Waiting until timeout for monitored process [2022-11-20 11:30:10,247 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:30:10,261 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-20 11:30:10,265 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:10,286 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:10,293 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:10,599 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1346 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1346) |c_#length|)))) is different from true [2022-11-20 11:30:10,628 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:10,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:10,644 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:10,644 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:10,791 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1347 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1347) |c_#length|)))) is different from true [2022-11-20 11:30:10,829 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:10,829 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:10,848 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:10,848 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:11,015 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1348 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1348))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:11,035 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:11,036 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:11,048 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:11,048 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:11,216 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1349 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1349) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:11,237 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:11,238 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:11,255 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:11,255 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:11,428 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1350 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1350))))) is different from true [2022-11-20 11:30:11,468 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:11,469 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:11,489 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:11,489 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:11,707 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1351 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1351) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:11,727 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:11,728 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:11,744 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:11,745 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:11,812 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-20 11:30:11,812 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:14,364 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:30:14,364 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1552742576] [2022-11-20 11:30:14,365 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1552742576] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:14,365 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1062351969] [2022-11-20 11:30:14,365 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-20 11:30:14,365 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:30:14,365 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:30:14,366 INFO L229 MonitoredProcess]: Starting monitored process 36 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:30:14,368 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (36)] Waiting until timeout for monitored process [2022-11-20 11:30:14,855 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:30:14,862 INFO L263 TraceCheckSpWp]: Trace formula consists of 265 conjuncts, 65 conjunts are in the unsatisfiable core [2022-11-20 11:30:14,867 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:14,879 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:14,885 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:15,073 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1407 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1407) |c_#length|)))) is different from true [2022-11-20 11:30:15,099 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:15,099 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:15,113 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:15,114 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:15,199 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1408 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1408))))) is different from true [2022-11-20 11:30:15,222 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:15,223 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:15,235 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:15,236 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:15,322 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1409 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1409))))) is different from true [2022-11-20 11:30:15,345 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:15,346 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:15,364 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:15,364 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:15,447 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1410 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1410) |c_#length|)))) is different from true [2022-11-20 11:30:15,474 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:15,475 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:15,488 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:15,488 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:15,572 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1411 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1411) |c_#length|)))) is different from true [2022-11-20 11:30:15,606 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:15,611 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:15,623 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:15,624 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:15,709 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1412 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1412) |c_#length|)))) is different from true [2022-11-20 11:30:15,728 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:15,729 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:15,746 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:15,746 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:15,764 INFO L134 CoverageAnalysis]: Checked inductivity of 211 backedges. 7 proven. 108 refuted. 0 times theorem prover too weak. 42 trivial. 54 not checked. [2022-11-20 11:30:15,764 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:16,127 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1062351969] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:16,127 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:30:16,127 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [25, 25] total 31 [2022-11-20 11:30:16,128 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [834153693] [2022-11-20 11:30:16,128 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:30:16,128 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 32 states [2022-11-20 11:30:16,129 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:30:16,129 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 32 interpolants. [2022-11-20 11:30:16,130 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=91, Invalid=407, Unknown=12, NotChecked=612, Total=1122 [2022-11-20 11:30:16,130 INFO L87 Difference]: Start difference. First operand 98 states and 133 transitions. Second operand has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-20 11:30:18,057 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:30:18,057 INFO L93 Difference]: Finished difference Result 142 states and 186 transitions. [2022-11-20 11:30:18,057 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 20 states. [2022-11-20 11:30:18,058 INFO L78 Accepts]: Start accepts. Automaton has has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) Word has length 71 [2022-11-20 11:30:18,058 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:30:18,059 INFO L225 Difference]: With dead ends: 142 [2022-11-20 11:30:18,059 INFO L226 Difference]: Without dead ends: 142 [2022-11-20 11:30:18,060 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 148 GetRequests, 113 SyntacticMatches, 1 SemanticMatches, 34 ConstructedPredicates, 12 IntricatePredicates, 0 DeprecatedPredicates, 33 ImplicationChecksByTransitivity, 3.8s TimeCoverageRelationStatistics Valid=99, Invalid=489, Unknown=12, NotChecked=660, Total=1260 [2022-11-20 11:30:18,061 INFO L413 NwaCegarLoop]: 34 mSDtfsCounter, 22 mSDsluCounter, 276 mSDsCounter, 0 mSdLazyCounter, 696 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 22 SdHoareTripleChecker+Valid, 310 SdHoareTripleChecker+Invalid, 1404 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 696 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 689 IncrementalHoareTripleChecker+Unchecked, 1.4s IncrementalHoareTripleChecker+Time [2022-11-20 11:30:18,061 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [22 Valid, 310 Invalid, 1404 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 696 Invalid, 0 Unknown, 689 Unchecked, 1.4s Time] [2022-11-20 11:30:18,062 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 142 states. [2022-11-20 11:30:18,066 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 142 to 66. [2022-11-20 11:30:18,066 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0980392156862746) internal successors, (56), 53 states have internal predecessors, (56), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-20 11:30:18,067 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 88 transitions. [2022-11-20 11:30:18,068 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 88 transitions. Word has length 71 [2022-11-20 11:30:18,068 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:30:18,068 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 88 transitions. [2022-11-20 11:30:18,069 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 32 states, 30 states have (on average 2.033333333333333) internal successors, (61), 31 states have internal predecessors, (61), 8 states have call successors, (8), 2 states have call predecessors, (8), 14 states have return successors, (14), 8 states have call predecessors, (14), 8 states have call successors, (14) [2022-11-20 11:30:18,069 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 88 transitions. [2022-11-20 11:30:18,070 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 81 [2022-11-20 11:30:18,070 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:30:18,070 INFO L195 NwaCegarLoop]: trace histogram [9, 9, 9, 8, 8, 8, 8, 7, 7, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:30:18,092 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (35)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:18,290 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (36)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:18,486 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 35 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,36 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:30:18,487 INFO L420 AbstractCegarLoop]: === Iteration 22 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:30:18,487 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:30:18,487 INFO L85 PathProgramCache]: Analyzing trace with hash -1800849809, now seen corresponding path program 7 times [2022-11-20 11:30:18,487 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:30:18,487 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1783086025] [2022-11-20 11:30:18,488 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-20 11:30:18,488 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:30:18,488 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:30:18,489 INFO L229 MonitoredProcess]: Starting monitored process 37 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:30:18,490 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (37)] Waiting until timeout for monitored process [2022-11-20 11:30:18,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:30:18,841 INFO L263 TraceCheckSpWp]: Trace formula consists of 306 conjuncts, 76 conjunts are in the unsatisfiable core [2022-11-20 11:30:18,846 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:18,876 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:18,882 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:19,066 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1478 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1478) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:19,088 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:19,090 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:19,111 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:19,111 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:19,255 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1479 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1479) |c_#length|)))) is different from true [2022-11-20 11:30:19,279 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:19,280 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:19,296 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:19,296 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:19,481 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1480 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1480))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:19,502 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:19,504 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:19,523 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:19,523 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:19,687 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1481 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1481) |c_#length|)))) is different from true [2022-11-20 11:30:19,707 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:19,707 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:19,720 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:19,720 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:19,893 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1482 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1482) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:19,918 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:19,918 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:19,935 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:19,936 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:20,113 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1483 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1483))))) is different from true [2022-11-20 11:30:20,140 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:20,141 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:20,158 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:20,158 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:20,345 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1484 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1484))))) is different from true [2022-11-20 11:30:20,370 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:20,371 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:20,383 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:20,384 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:20,574 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1485 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1485) |c_#length|)))) is different from true [2022-11-20 11:30:20,595 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:20,596 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:20,609 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:20,609 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:20,683 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 8 proven. 141 refuted. 0 times theorem prover too weak. 56 trivial. 72 not checked. [2022-11-20 11:30:20,684 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:23,383 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:30:23,383 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1783086025] [2022-11-20 11:30:23,383 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1783086025] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:23,384 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1135592995] [2022-11-20 11:30:23,384 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-20 11:30:23,384 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:30:23,384 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:30:23,385 INFO L229 MonitoredProcess]: Starting monitored process 38 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:30:23,386 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (38)] Waiting until timeout for monitored process [2022-11-20 11:30:24,037 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:30:24,047 INFO L263 TraceCheckSpWp]: Trace formula consists of 306 conjuncts, 76 conjunts are in the unsatisfiable core [2022-11-20 11:30:24,051 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:24,060 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:24,068 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:24,155 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1551 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1551))))) is different from true [2022-11-20 11:30:24,171 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,172 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,182 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,183 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,251 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1552 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1552) |c_#length|)))) is different from true [2022-11-20 11:30:24,265 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,266 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,279 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,280 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,348 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1553 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1553))))) is different from true [2022-11-20 11:30:24,363 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,364 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,379 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,379 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,463 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1554) |c_#length|)))) is different from true [2022-11-20 11:30:24,480 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,481 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,496 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,496 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,569 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1555 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1555) |c_#length|)))) is different from true [2022-11-20 11:30:24,588 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,589 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,603 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,603 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,671 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1556) |c_#length|)))) is different from true [2022-11-20 11:30:24,689 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,690 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,701 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,701 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,774 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1557 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1557) |c_#length|)))) is different from true [2022-11-20 11:30:24,789 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,789 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,800 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,800 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,886 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1558 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1558) |c_#length|)))) is different from true [2022-11-20 11:30:24,915 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:24,916 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:24,933 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:24,933 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:24,945 INFO L134 CoverageAnalysis]: Checked inductivity of 277 backedges. 8 proven. 141 refuted. 0 times theorem prover too weak. 56 trivial. 72 not checked. [2022-11-20 11:30:24,946 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:28,860 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1135592995] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:28,860 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:30:28,860 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 38 [2022-11-20 11:30:28,860 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [584155936] [2022-11-20 11:30:28,860 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:30:28,861 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 39 states [2022-11-20 11:30:28,861 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:30:28,861 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 39 interpolants. [2022-11-20 11:30:28,862 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=111, Invalid=537, Unknown=16, NotChecked=976, Total=1640 [2022-11-20 11:30:28,863 INFO L87 Difference]: Start difference. First operand 66 states and 88 transitions. Second operand has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) [2022-11-20 11:30:31,558 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:30:31,559 INFO L93 Difference]: Finished difference Result 82 states and 103 transitions. [2022-11-20 11:30:31,560 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 23 states. [2022-11-20 11:30:31,560 INFO L78 Accepts]: Start accepts. Automaton has has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) Word has length 80 [2022-11-20 11:30:31,561 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:30:31,562 INFO L225 Difference]: With dead ends: 82 [2022-11-20 11:30:31,562 INFO L226 Difference]: Without dead ends: 82 [2022-11-20 11:30:31,563 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 166 GetRequests, 124 SyntacticMatches, 1 SemanticMatches, 41 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 59 ImplicationChecksByTransitivity, 8.1s TimeCoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-20 11:30:31,564 INFO L413 NwaCegarLoop]: 35 mSDtfsCounter, 30 mSDsluCounter, 358 mSDsCounter, 0 mSdLazyCounter, 931 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 30 SdHoareTripleChecker+Valid, 393 SdHoareTripleChecker+Invalid, 2188 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 931 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1234 IncrementalHoareTripleChecker+Unchecked, 1.8s IncrementalHoareTripleChecker+Time [2022-11-20 11:30:31,564 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [30 Valid, 393 Invalid, 2188 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 931 Invalid, 0 Unknown, 1234 Unchecked, 1.8s Time] [2022-11-20 11:30:31,565 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2022-11-20 11:30:31,567 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 66. [2022-11-20 11:30:31,568 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0784313725490196) internal successors, (55), 53 states have internal predecessors, (55), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-20 11:30:31,569 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 87 transitions. [2022-11-20 11:30:31,569 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 87 transitions. Word has length 80 [2022-11-20 11:30:31,569 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:30:31,570 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 87 transitions. [2022-11-20 11:30:31,570 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 39 states, 37 states have (on average 1.9189189189189189) internal successors, (71), 38 states have internal predecessors, (71), 9 states have call successors, (9), 2 states have call predecessors, (9), 17 states have return successors, (17), 9 states have call predecessors, (17), 9 states have call successors, (17) [2022-11-20 11:30:31,570 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 87 transitions. [2022-11-20 11:30:31,571 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 90 [2022-11-20 11:30:31,571 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:30:31,572 INFO L195 NwaCegarLoop]: trace histogram [10, 10, 10, 9, 9, 9, 9, 8, 8, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:30:31,579 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (38)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:31,790 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (37)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:31,978 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 38 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,37 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:30:31,979 INFO L420 AbstractCegarLoop]: === Iteration 23 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:30:31,979 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:30:31,979 INFO L85 PathProgramCache]: Analyzing trace with hash 2110498800, now seen corresponding path program 8 times [2022-11-20 11:30:31,979 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:30:31,980 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [459970341] [2022-11-20 11:30:31,980 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:30:31,980 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:30:31,980 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:30:31,981 INFO L229 MonitoredProcess]: Starting monitored process 39 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:30:31,983 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (39)] Waiting until timeout for monitored process [2022-11-20 11:30:32,371 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:30:32,372 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:30:32,386 INFO L263 TraceCheckSpWp]: Trace formula consists of 341 conjuncts, 84 conjunts are in the unsatisfiable core [2022-11-20 11:30:32,391 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:32,412 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:32,421 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:32,606 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1632 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1632) |c_#length|)))) is different from true [2022-11-20 11:30:32,625 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:32,626 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:32,643 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:32,644 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:32,796 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1633 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1633))))) is different from true [2022-11-20 11:30:32,824 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:32,824 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:32,838 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:32,838 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:33,010 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1634 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1634) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:33,032 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:33,033 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:33,046 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:33,047 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:33,220 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1635 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1635) |c_#length|)))) is different from true [2022-11-20 11:30:33,240 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:33,241 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:33,267 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:33,267 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:33,447 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1636 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1636) |c_#length|)))) is different from true [2022-11-20 11:30:33,469 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:33,475 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:33,495 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:33,495 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:33,690 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1637 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1637))))) is different from true [2022-11-20 11:30:33,709 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:33,711 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:33,734 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:33,734 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:33,929 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1638 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1638))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:33,951 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:33,952 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:33,965 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:33,965 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:34,168 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1639 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1639) |c_#length|)))) is different from true [2022-11-20 11:30:34,187 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:34,188 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:34,205 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:34,206 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:34,418 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1640 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1640))))) is different from true [2022-11-20 11:30:34,458 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:34,459 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:34,473 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:34,474 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:34,552 INFO L134 CoverageAnalysis]: Checked inductivity of 352 backedges. 9 proven. 181 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-20 11:30:34,553 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:37,238 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:30:37,238 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [459970341] [2022-11-20 11:30:37,239 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [459970341] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:37,239 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [701565795] [2022-11-20 11:30:37,239 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:30:37,239 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:30:37,239 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:30:37,240 INFO L229 MonitoredProcess]: Starting monitored process 40 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:30:37,241 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (40)] Waiting until timeout for monitored process [2022-11-20 11:30:37,873 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:30:37,873 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:30:37,904 INFO L263 TraceCheckSpWp]: Trace formula consists of 341 conjuncts, 85 conjunts are in the unsatisfiable core [2022-11-20 11:30:37,910 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:37,921 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:37,932 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:38,028 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1714 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1714))))) is different from true [2022-11-20 11:30:38,049 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,050 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,064 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,064 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:38,160 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1715 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1715) |c_#length|)))) is different from true [2022-11-20 11:30:38,178 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,179 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,191 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,192 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:38,280 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1716 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1716))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:38,304 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,305 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,322 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,322 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:38,402 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1717 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1717) |c_#length|)))) is different from true [2022-11-20 11:30:38,421 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,422 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,435 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,435 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:38,524 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1718 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1718) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:38,549 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,549 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,567 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,567 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:38,652 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1719 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1719))))) is different from true [2022-11-20 11:30:38,692 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,693 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,706 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,706 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:38,795 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1720 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1720) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:30:38,814 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,815 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,828 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,829 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:38,918 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1721 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1721) |c_#length|)))) is different from true [2022-11-20 11:30:38,938 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:38,938 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:38,956 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:38,956 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:39,046 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1722 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1722) |c_#length|)))) is different from true [2022-11-20 11:30:39,067 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:39,068 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:39,100 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:39,101 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:39,116 INFO L134 CoverageAnalysis]: Checked inductivity of 352 backedges. 9 proven. 181 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-20 11:30:39,116 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:41,676 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [701565795] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:41,676 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:30:41,677 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [33, 33] total 42 [2022-11-20 11:30:41,677 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1952758116] [2022-11-20 11:30:41,677 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:30:41,677 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 43 states [2022-11-20 11:30:41,678 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:30:41,678 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 43 interpolants. [2022-11-20 11:30:41,686 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=123, Invalid=633, Unknown=18, NotChecked=1206, Total=1980 [2022-11-20 11:30:41,686 INFO L87 Difference]: Start difference. First operand 66 states and 87 transitions. Second operand has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) [2022-11-20 11:30:45,244 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:30:45,245 INFO L93 Difference]: Finished difference Result 84 states and 104 transitions. [2022-11-20 11:30:45,245 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-20 11:30:45,246 INFO L78 Accepts]: Start accepts. Automaton has has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) Word has length 89 [2022-11-20 11:30:45,246 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:30:45,247 INFO L225 Difference]: With dead ends: 84 [2022-11-20 11:30:45,247 INFO L226 Difference]: Without dead ends: 84 [2022-11-20 11:30:45,248 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 184 GetRequests, 138 SyntacticMatches, 1 SemanticMatches, 45 ConstructedPredicates, 18 IntricatePredicates, 0 DeprecatedPredicates, 75 ImplicationChecksByTransitivity, 7.1s TimeCoverageRelationStatistics Valid=131, Invalid=735, Unknown=18, NotChecked=1278, Total=2162 [2022-11-20 11:30:45,250 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 34 mSDsluCounter, 437 mSDsCounter, 0 mSdLazyCounter, 1154 mSolverCounterSat, 25 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 34 SdHoareTripleChecker+Valid, 475 SdHoareTripleChecker+Invalid, 2624 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 25 IncrementalHoareTripleChecker+Valid, 1154 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1445 IncrementalHoareTripleChecker+Unchecked, 2.4s IncrementalHoareTripleChecker+Time [2022-11-20 11:30:45,250 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [34 Valid, 475 Invalid, 2624 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [25 Valid, 1154 Invalid, 0 Unknown, 1445 Unchecked, 2.4s Time] [2022-11-20 11:30:45,251 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 84 states. [2022-11-20 11:30:45,254 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 84 to 66. [2022-11-20 11:30:45,255 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 51 states have (on average 1.0588235294117647) internal successors, (54), 53 states have internal predecessors, (54), 11 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (21), 11 states have call predecessors, (21), 11 states have call successors, (21) [2022-11-20 11:30:45,256 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 86 transitions. [2022-11-20 11:30:45,256 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 86 transitions. Word has length 89 [2022-11-20 11:30:45,256 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:30:45,257 INFO L495 AbstractCegarLoop]: Abstraction has 66 states and 86 transitions. [2022-11-20 11:30:45,257 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 43 states, 41 states have (on average 1.9268292682926829) internal successors, (79), 42 states have internal predecessors, (79), 10 states have call successors, (10), 2 states have call predecessors, (10), 19 states have return successors, (19), 10 states have call predecessors, (19), 10 states have call successors, (19) [2022-11-20 11:30:45,257 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 86 transitions. [2022-11-20 11:30:45,260 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:30:45,260 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:30:45,261 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 11, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:30:45,280 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (39)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:45,485 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (40)] Forceful destruction successful, exit code 0 [2022-11-20 11:30:45,679 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 39 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,40 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:30:45,680 INFO L420 AbstractCegarLoop]: === Iteration 24 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:30:45,680 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:30:45,680 INFO L85 PathProgramCache]: Analyzing trace with hash 1054496655, now seen corresponding path program 9 times [2022-11-20 11:30:45,681 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:30:45,681 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2138515495] [2022-11-20 11:30:45,681 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:30:45,681 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:30:45,681 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:30:45,682 INFO L229 MonitoredProcess]: Starting monitored process 41 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:30:45,686 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (41)] Waiting until timeout for monitored process [2022-11-20 11:30:46,497 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-20 11:30:46,497 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:30:46,515 INFO L263 TraceCheckSpWp]: Trace formula consists of 376 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-20 11:30:46,522 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:46,543 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:46,554 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:46,759 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1804 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1804))))) is different from true [2022-11-20 11:30:46,778 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:46,779 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:46,797 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:46,797 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:46,951 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1805 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1805) |c_#length|)))) is different from true [2022-11-20 11:30:46,971 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:46,972 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:46,990 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:46,990 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:47,161 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1806 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1806) |c_#length|)))) is different from true [2022-11-20 11:30:47,186 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:47,187 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:47,200 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:47,200 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:47,369 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1807 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1807))))) is different from true [2022-11-20 11:30:47,389 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:47,389 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:47,403 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:47,403 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:47,584 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1808 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1808) |c_#length|)))) is different from true [2022-11-20 11:30:47,604 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:47,605 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:47,618 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:47,618 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:47,811 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1809 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1809) |c_#length|)))) is different from true [2022-11-20 11:30:47,837 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:47,838 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:47,856 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:47,856 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:48,053 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1810 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1810))))) is different from true [2022-11-20 11:30:48,073 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:48,074 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:48,087 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:48,087 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:48,304 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1811 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1811) |c_#length|)))) is different from true [2022-11-20 11:30:48,328 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:48,328 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:48,344 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:48,345 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:48,588 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1812 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1812) |c_#length|)))) is different from true [2022-11-20 11:30:48,611 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:48,611 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:48,631 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:48,631 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:48,857 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1813 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1813) |c_#length|)))) is different from true [2022-11-20 11:30:48,879 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:48,879 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:48,893 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:48,893 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:48,980 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 226 refuted. 0 times theorem prover too weak. 90 trivial. 110 not checked. [2022-11-20 11:30:48,981 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:30:55,703 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:30:55,704 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2138515495] [2022-11-20 11:30:55,704 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2138515495] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:30:55,704 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [367060840] [2022-11-20 11:30:55,704 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:30:55,704 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:30:55,704 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:30:55,705 INFO L229 MonitoredProcess]: Starting monitored process 42 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:30:55,707 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (42)] Waiting until timeout for monitored process [2022-11-20 11:30:57,360 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-20 11:30:57,361 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:30:57,405 INFO L263 TraceCheckSpWp]: Trace formula consists of 376 conjuncts, 110 conjunts are in the unsatisfiable core [2022-11-20 11:30:57,413 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:30:57,426 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:30:57,437 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:30:57,558 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1895 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_1895))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1896 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1896) |c_#length|)))) is different from true [2022-11-20 11:30:57,608 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:30:57,609 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:30:57,652 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:30:57,653 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:30:57,898 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:30:57,899 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:30:57,927 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:30:57,927 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:30:58,175 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2022-11-20 11:30:58,481 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2022-11-20 11:30:58,487 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2022-11-20 11:31:06,861 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:31:06,861 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:31:06,899 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:06,899 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:07,281 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 13 treesize of output 4 [2022-11-20 11:31:07,347 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1903 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1903) |c_#length|)))) is different from true [2022-11-20 11:31:07,366 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:07,367 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:07,384 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:07,384 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:07,471 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1904 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1904))))) is different from true [2022-11-20 11:31:07,494 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:07,495 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:07,508 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:07,508 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:07,778 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-20 11:31:07,810 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:31:07,810 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:31:08,455 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-20 11:31:08,455 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-20 11:31:09,422 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:09,423 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:09,460 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:31:09,460 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-20 11:31:09,818 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1910 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1910))))) is different from true [2022-11-20 11:31:09,843 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:09,843 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:09,865 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:09,865 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:09,963 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1911 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1911))))) is different from true [2022-11-20 11:31:09,987 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:09,987 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:10,003 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:10,004 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:10,029 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 24 proven. 264 refuted. 12 times theorem prover too weak. 46 trivial. 90 not checked. [2022-11-20 11:31:10,030 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:31:10,681 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [367060840] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:31:10,681 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:31:10,681 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [36, 45] total 62 [2022-11-20 11:31:10,681 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1158762043] [2022-11-20 11:31:10,681 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:31:10,682 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 63 states [2022-11-20 11:31:10,682 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:31:10,683 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 63 interpolants. [2022-11-20 11:31:10,685 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=204, Invalid=2192, Unknown=20, NotChecked=1744, Total=4160 [2022-11-20 11:31:10,686 INFO L87 Difference]: Start difference. First operand 66 states and 86 transitions. Second operand has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) [2022-11-20 11:31:34,102 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:31:34,103 INFO L93 Difference]: Finished difference Result 145 states and 184 transitions. [2022-11-20 11:31:34,104 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 44 states. [2022-11-20 11:31:34,104 INFO L78 Accepts]: Start accepts. Automaton has has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) Word has length 98 [2022-11-20 11:31:34,105 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:31:34,105 INFO L225 Difference]: With dead ends: 145 [2022-11-20 11:31:34,106 INFO L226 Difference]: Without dead ends: 145 [2022-11-20 11:31:34,107 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 214 GetRequests, 135 SyntacticMatches, 3 SemanticMatches, 76 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 801 ImplicationChecksByTransitivity, 38.5s TimeCoverageRelationStatistics Valid=299, Invalid=3523, Unknown=24, NotChecked=2160, Total=6006 [2022-11-20 11:31:34,108 INFO L413 NwaCegarLoop]: 40 mSDtfsCounter, 47 mSDsluCounter, 632 mSDsCounter, 0 mSdLazyCounter, 1735 mSolverCounterSat, 39 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 47 SdHoareTripleChecker+Valid, 672 SdHoareTripleChecker+Invalid, 3670 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 39 IncrementalHoareTripleChecker+Valid, 1735 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1896 IncrementalHoareTripleChecker+Unchecked, 3.8s IncrementalHoareTripleChecker+Time [2022-11-20 11:31:34,108 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [47 Valid, 672 Invalid, 3670 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [39 Valid, 1735 Invalid, 0 Unknown, 1896 Unchecked, 3.8s Time] [2022-11-20 11:31:34,109 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 145 states. [2022-11-20 11:31:34,114 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 145 to 124. [2022-11-20 11:31:34,115 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 97 states have (on average 1.041237113402062) internal successors, (101), 99 states have internal predecessors, (101), 21 states have call successors, (21), 2 states have call predecessors, (21), 4 states have return successors, (41), 22 states have call predecessors, (41), 21 states have call successors, (41) [2022-11-20 11:31:34,116 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 163 transitions. [2022-11-20 11:31:34,116 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 163 transitions. Word has length 98 [2022-11-20 11:31:34,117 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:31:34,117 INFO L495 AbstractCegarLoop]: Abstraction has 124 states and 163 transitions. [2022-11-20 11:31:34,118 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 63 states, 61 states have (on average 1.7704918032786885) internal successors, (108), 57 states have internal predecessors, (108), 15 states have call successors, (15), 4 states have call predecessors, (15), 20 states have return successors, (21), 17 states have call predecessors, (21), 15 states have call successors, (21) [2022-11-20 11:31:34,118 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 163 transitions. [2022-11-20 11:31:34,119 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:31:34,119 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:31:34,120 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:31:34,131 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (42)] Ended with exit code 0 [2022-11-20 11:31:34,342 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (41)] Forceful destruction successful, exit code 0 [2022-11-20 11:31:34,529 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 42 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,41 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:31:34,530 INFO L420 AbstractCegarLoop]: === Iteration 25 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:31:34,530 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:31:34,530 INFO L85 PathProgramCache]: Analyzing trace with hash -1995706160, now seen corresponding path program 8 times [2022-11-20 11:31:34,531 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:31:34,531 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [627367429] [2022-11-20 11:31:34,531 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:31:34,531 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:31:34,531 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:31:34,532 INFO L229 MonitoredProcess]: Starting monitored process 43 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:31:34,535 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (43)] Waiting until timeout for monitored process [2022-11-20 11:31:35,034 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:31:35,034 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:31:35,052 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 89 conjunts are in the unsatisfiable core [2022-11-20 11:31:35,062 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:31:35,093 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:31:35,105 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:31:35,357 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1991 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1991))))) is different from true [2022-11-20 11:31:35,389 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:35,390 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:35,414 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:35,414 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:35,619 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1992 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1992) |c_#length|)))) is different from true [2022-11-20 11:31:35,648 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:35,650 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:35,673 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:35,674 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:35,863 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1993 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1993) |c_#length|)))) is different from true [2022-11-20 11:31:35,893 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:35,894 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:35,913 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:35,914 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:36,133 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1994 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1994) |c_#length|)))) is different from true [2022-11-20 11:31:36,153 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:36,154 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:36,169 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:36,170 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:36,379 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1995 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1995))))) is different from true [2022-11-20 11:31:36,400 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:36,410 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:36,430 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:36,430 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:36,652 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1996 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1996))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:31:36,674 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:36,675 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:36,695 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:36,696 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:36,917 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1997 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1997) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:31:36,938 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:36,939 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:36,954 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:36,954 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:37,384 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_1998 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1998))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:31:37,422 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:37,423 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:37,438 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:37,439 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:37,685 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_1999 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_1999))))) is different from true [2022-11-20 11:31:37,705 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:37,705 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:37,726 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:37,726 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:37,824 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 228 refuted. 0 times theorem prover too weak. 90 trivial. 108 not checked. [2022-11-20 11:31:37,824 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:31:40,608 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:31:40,609 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [627367429] [2022-11-20 11:31:40,609 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [627367429] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:31:40,609 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [139271286] [2022-11-20 11:31:40,609 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:31:40,609 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:31:40,609 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:31:40,610 INFO L229 MonitoredProcess]: Starting monitored process 44 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:31:40,612 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (44)] Waiting until timeout for monitored process [2022-11-20 11:31:41,440 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:31:41,440 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:31:41,477 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 90 conjunts are in the unsatisfiable core [2022-11-20 11:31:41,487 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:31:41,502 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:31:41,527 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:31:41,659 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2079 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2079))))) is different from true [2022-11-20 11:31:41,690 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:41,691 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:41,717 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:41,717 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:41,822 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2080 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2080) |c_#length|)))) is different from true [2022-11-20 11:31:41,844 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:41,845 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:41,859 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:41,860 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:41,959 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2081 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2081))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:31:41,984 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:41,985 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:42,005 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:42,006 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:42,100 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2082 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2082))))) is different from true [2022-11-20 11:31:42,120 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:42,121 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:42,152 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:42,152 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:42,247 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2083 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2083))))) is different from true [2022-11-20 11:31:42,275 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:42,276 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:42,300 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:42,301 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:42,398 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2084 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2084))))) is different from true [2022-11-20 11:31:42,417 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:42,418 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:42,438 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:42,438 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:42,534 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2085 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2085))))) is different from true [2022-11-20 11:31:42,560 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:42,563 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:42,583 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:42,583 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:42,795 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2086 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2086))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:31:42,819 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:42,820 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:42,840 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:42,840 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:42,935 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2087 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2087) |c_#length|)))) is different from true [2022-11-20 11:31:42,955 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:42,956 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:42,975 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:42,976 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:42,996 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 228 refuted. 0 times theorem prover too weak. 90 trivial. 108 not checked. [2022-11-20 11:31:42,996 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:31:43,673 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [139271286] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:31:43,673 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:31:43,673 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 34] total 43 [2022-11-20 11:31:43,673 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2042069729] [2022-11-20 11:31:43,673 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:31:43,674 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 44 states [2022-11-20 11:31:43,674 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:31:43,674 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 44 interpolants. [2022-11-20 11:31:43,675 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=127, Invalid=683, Unknown=18, NotChecked=1242, Total=2070 [2022-11-20 11:31:43,676 INFO L87 Difference]: Start difference. First operand 124 states and 163 transitions. Second operand has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) [2022-11-20 11:31:47,865 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:31:47,865 INFO L93 Difference]: Finished difference Result 175 states and 222 transitions. [2022-11-20 11:31:47,867 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 26 states. [2022-11-20 11:31:47,867 INFO L78 Accepts]: Start accepts. Automaton has has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) Word has length 98 [2022-11-20 11:31:47,867 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:31:47,868 INFO L225 Difference]: With dead ends: 175 [2022-11-20 11:31:47,868 INFO L226 Difference]: Without dead ends: 175 [2022-11-20 11:31:47,869 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 155 SyntacticMatches, 1 SemanticMatches, 46 ConstructedPredicates, 18 IntricatePredicates, 0 DeprecatedPredicates, 82 ImplicationChecksByTransitivity, 5.7s TimeCoverageRelationStatistics Valid=135, Invalid=789, Unknown=18, NotChecked=1314, Total=2256 [2022-11-20 11:31:47,869 INFO L413 NwaCegarLoop]: 40 mSDtfsCounter, 32 mSDsluCounter, 502 mSDsCounter, 0 mSdLazyCounter, 1379 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 542 SdHoareTripleChecker+Invalid, 2813 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 1379 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1410 IncrementalHoareTripleChecker+Unchecked, 2.9s IncrementalHoareTripleChecker+Time [2022-11-20 11:31:47,869 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [32 Valid, 542 Invalid, 2813 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 1379 Invalid, 0 Unknown, 1410 Unchecked, 2.9s Time] [2022-11-20 11:31:47,870 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 175 states. [2022-11-20 11:31:47,875 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 175 to 119. [2022-11-20 11:31:47,876 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 119 states, 93 states have (on average 1.043010752688172) internal successors, (97), 95 states have internal predecessors, (97), 20 states have call successors, (20), 2 states have call predecessors, (20), 4 states have return successors, (39), 21 states have call predecessors, (39), 20 states have call successors, (39) [2022-11-20 11:31:47,877 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 119 states to 119 states and 156 transitions. [2022-11-20 11:31:47,877 INFO L78 Accepts]: Start accepts. Automaton has 119 states and 156 transitions. Word has length 98 [2022-11-20 11:31:47,878 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:31:47,878 INFO L495 AbstractCegarLoop]: Abstraction has 119 states and 156 transitions. [2022-11-20 11:31:47,879 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 44 states, 42 states have (on average 2.0238095238095237) internal successors, (85), 43 states have internal predecessors, (85), 11 states have call successors, (11), 2 states have call predecessors, (11), 20 states have return successors, (20), 11 states have call predecessors, (20), 11 states have call successors, (20) [2022-11-20 11:31:47,879 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 156 transitions. [2022-11-20 11:31:47,880 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:31:47,880 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:31:47,881 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:31:47,906 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (43)] Forceful destruction successful, exit code 0 [2022-11-20 11:31:48,105 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (44)] Forceful destruction successful, exit code 0 [2022-11-20 11:31:48,299 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 43 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,44 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:31:48,299 INFO L420 AbstractCegarLoop]: === Iteration 26 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:31:48,299 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:31:48,300 INFO L85 PathProgramCache]: Analyzing trace with hash -955607186, now seen corresponding path program 9 times [2022-11-20 11:31:48,300 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:31:48,300 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [587675940] [2022-11-20 11:31:48,300 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:31:48,300 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:31:48,300 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:31:48,301 INFO L229 MonitoredProcess]: Starting monitored process 45 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:31:48,307 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (45)] Waiting until timeout for monitored process [2022-11-20 11:31:48,999 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-20 11:31:48,999 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:31:49,016 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-20 11:31:49,021 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:31:49,046 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:31:49,054 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:31:49,272 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2167 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2167) |c_#length|)))) is different from true [2022-11-20 11:31:49,294 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:49,294 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:49,314 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:49,314 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:49,489 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2168 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2168) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:31:49,512 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:49,513 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:49,529 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:49,529 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:49,712 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2169 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2169) |c_#length|)))) is different from true [2022-11-20 11:31:49,735 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:49,736 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:49,751 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:49,752 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:50,021 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-20 11:31:50,056 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:31:50,056 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:31:50,472 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-20 11:31:50,472 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-20 11:31:50,883 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-20 11:31:50,883 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-20 11:31:51,637 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2173 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2173))))) is different from true [2022-11-20 11:31:51,661 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:51,697 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:31:51,698 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-20 11:31:51,732 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:51,732 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:52,155 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2174 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2174) |c_#length|)))) is different from true [2022-11-20 11:31:52,180 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:52,182 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:52,198 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:52,198 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:52,469 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2175 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2175))))) is different from true [2022-11-20 11:31:52,490 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:31:52,491 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:52,511 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:52,511 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:52,620 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 28 proven. 261 refuted. 0 times theorem prover too weak. 45 trivial. 102 not checked. [2022-11-20 11:31:52,621 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:31:54,998 WARN L837 $PredicateComparison]: unable to prove that (let ((.cse1 (bvmul (_ bv4 32) |c_ULTIMATE.start_entry_point_~i~0#1|))) (let ((.cse0 (bvadd (_ bv4 32) .cse1 |c_ULTIMATE.start_entry_point_~array~0#1.offset|))) (and (forall ((|v_ldv_malloc_#res.base_144| (_ BitVec 32))) (or (forall ((v_ArrVal_2178 (_ BitVec 32))) (bvule .cse0 (select (store |c_#length| |v_ldv_malloc_#res.base_144| v_ArrVal_2178) |c_ULTIMATE.start_entry_point_~array~0#1.base|))) (not (= (select |c_#valid| |v_ldv_malloc_#res.base_144|) (_ bv0 1))))) (or (bvule (bvadd .cse1 |c_ULTIMATE.start_entry_point_~array~0#1.offset|) .cse0) (forall ((|v_ldv_malloc_#res.base_144| (_ BitVec 32))) (not (= (select |c_#valid| |v_ldv_malloc_#res.base_144|) (_ bv0 1)))))))) is different from false [2022-11-20 11:31:55,009 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:31:55,010 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [587675940] [2022-11-20 11:31:55,010 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [587675940] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:31:55,010 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [592026169] [2022-11-20 11:31:55,010 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:31:55,010 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:31:55,010 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:31:55,011 INFO L229 MonitoredProcess]: Starting monitored process 46 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:31:55,013 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (46)] Waiting until timeout for monitored process [2022-11-20 11:31:56,618 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-20 11:31:56,618 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:31:56,635 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 103 conjunts are in the unsatisfiable core [2022-11-20 11:31:56,642 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:31:56,654 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:31:56,666 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:31:56,776 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2256 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2256))) (exists ((v_ArrVal_2255 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2255) |c_#length|)))) is different from true [2022-11-20 11:31:56,851 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:31:56,851 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:31:56,859 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:57,114 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:31:57,114 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:31:57,124 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:31:57,384 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 1 stores, 0 select indices, 0 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 15 treesize of output 11 [2022-11-20 11:31:57,712 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 7 treesize of output 5 [2022-11-20 11:31:57,718 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 5 treesize of output 3 [2022-11-20 11:32:06,107 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:06,107 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:06,118 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:06,514 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 2, 0 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 10 treesize of output 4 [2022-11-20 11:32:06,742 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2263 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2263) |c_#length|)))) is different from true [2022-11-20 11:32:06,762 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:06,763 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:06,782 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:06,783 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:07,051 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2264 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2264) |c_#length|)))) is different from true [2022-11-20 11:32:07,084 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:07,085 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:07,108 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:07,109 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:07,485 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:32:07,485 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:32:07,977 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:07,977 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:08,026 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:32:08,026 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-20 11:32:08,458 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2268 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2268))))) is different from true [2022-11-20 11:32:08,485 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:08,486 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:08,510 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:08,510 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:08,638 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2269 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2269))))) is different from true [2022-11-20 11:32:08,662 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:08,663 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:08,681 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:08,681 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:08,709 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 26 proven. 263 refuted. 12 times theorem prover too weak. 45 trivial. 90 not checked. [2022-11-20 11:32:08,709 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:32:11,401 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [592026169] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:32:11,401 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:32:11,401 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 42] total 54 [2022-11-20 11:32:11,402 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [540105374] [2022-11-20 11:32:11,402 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:32:11,402 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 55 states [2022-11-20 11:32:11,402 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:32:11,403 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 55 interpolants. [2022-11-20 11:32:11,404 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=171, Invalid=1846, Unknown=15, NotChecked=1274, Total=3306 [2022-11-20 11:32:11,404 INFO L87 Difference]: Start difference. First operand 119 states and 156 transitions. Second operand has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) [2022-11-20 11:32:31,898 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:32:31,898 INFO L93 Difference]: Finished difference Result 171 states and 222 transitions. [2022-11-20 11:32:31,899 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 40 states. [2022-11-20 11:32:31,899 INFO L78 Accepts]: Start accepts. Automaton has has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) Word has length 98 [2022-11-20 11:32:31,900 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:32:31,901 INFO L225 Difference]: With dead ends: 171 [2022-11-20 11:32:31,901 INFO L226 Difference]: Without dead ends: 171 [2022-11-20 11:32:31,903 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 212 GetRequests, 142 SyntacticMatches, 2 SemanticMatches, 68 ConstructedPredicates, 13 IntricatePredicates, 0 DeprecatedPredicates, 635 ImplicationChecksByTransitivity, 33.9s TimeCoverageRelationStatistics Valid=251, Invalid=2974, Unknown=19, NotChecked=1586, Total=4830 [2022-11-20 11:32:31,903 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 32 mSDsluCounter, 739 mSDsCounter, 0 mSdLazyCounter, 1485 mSolverCounterSat, 26 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.8s Time, 0 mProtectedPredicate, 0 mProtectedAction, 32 SdHoareTripleChecker+Valid, 778 SdHoareTripleChecker+Invalid, 3292 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 26 IncrementalHoareTripleChecker+Valid, 1485 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1781 IncrementalHoareTripleChecker+Unchecked, 3.2s IncrementalHoareTripleChecker+Time [2022-11-20 11:32:31,904 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [32 Valid, 778 Invalid, 3292 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [26 Valid, 1485 Invalid, 0 Unknown, 1781 Unchecked, 3.2s Time] [2022-11-20 11:32:31,904 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 171 states. [2022-11-20 11:32:31,917 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 171 to 129. [2022-11-20 11:32:31,923 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 129 states, 101 states have (on average 1.0396039603960396) internal successors, (105), 103 states have internal predecessors, (105), 22 states have call successors, (22), 2 states have call predecessors, (22), 4 states have return successors, (43), 23 states have call predecessors, (43), 22 states have call successors, (43) [2022-11-20 11:32:31,924 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 129 states to 129 states and 170 transitions. [2022-11-20 11:32:31,925 INFO L78 Accepts]: Start accepts. Automaton has 129 states and 170 transitions. Word has length 98 [2022-11-20 11:32:31,925 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:32:31,925 INFO L495 AbstractCegarLoop]: Abstraction has 129 states and 170 transitions. [2022-11-20 11:32:31,926 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 55 states, 53 states have (on average 1.8867924528301887) internal successors, (100), 51 states have internal predecessors, (100), 15 states have call successors, (15), 4 states have call predecessors, (15), 16 states have return successors, (20), 17 states have call predecessors, (20), 15 states have call successors, (20) [2022-11-20 11:32:31,926 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 170 transitions. [2022-11-20 11:32:31,927 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:32:31,927 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:32:31,927 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:32:31,943 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (46)] Forceful destruction successful, exit code 0 [2022-11-20 11:32:32,150 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (45)] Forceful destruction successful, exit code 0 [2022-11-20 11:32:32,338 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 46 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,45 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:32:32,338 INFO L420 AbstractCegarLoop]: === Iteration 27 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:32:32,339 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:32:32,339 INFO L85 PathProgramCache]: Analyzing trace with hash -1196147315, now seen corresponding path program 10 times [2022-11-20 11:32:32,339 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:32:32,339 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1584365419] [2022-11-20 11:32:32,339 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:32:32,339 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:32:32,340 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:32:32,341 INFO L229 MonitoredProcess]: Starting monitored process 47 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:32:32,347 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (47)] Waiting until timeout for monitored process [2022-11-20 11:32:32,816 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:32:32,816 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:32:32,833 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-20 11:32:32,838 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:32:32,863 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:32:32,874 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:32:33,092 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2347 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2347) |c_#length|)))) is different from true [2022-11-20 11:32:33,119 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:33,120 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:33,144 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:33,144 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:33,365 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2348 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2348) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:32:33,391 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:33,392 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:33,416 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:33,416 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:33,641 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2349 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2349))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:32:33,668 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:33,669 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:33,694 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:33,694 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:33,904 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2350 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2350))))) is different from true [2022-11-20 11:32:33,926 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:33,927 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:33,947 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:33,947 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:34,333 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2351 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2351) |c_#length|)))) is different from true [2022-11-20 11:32:34,353 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:34,354 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:34,379 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:34,380 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:34,815 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2352 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2352) |c_#length|)))) is different from true [2022-11-20 11:32:34,842 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:34,843 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:34,858 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:34,859 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:35,086 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2353 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2353) |c_#length|)))) is different from true [2022-11-20 11:32:35,121 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:35,121 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:35,152 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:35,153 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:35,417 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2354 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2354) |c_#length|)))) is different from true [2022-11-20 11:32:35,436 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:35,437 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:35,452 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:35,453 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:35,551 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-20 11:32:35,551 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:32:38,344 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:32:38,344 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1584365419] [2022-11-20 11:32:38,345 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1584365419] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:32:38,345 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [324733147] [2022-11-20 11:32:38,345 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:32:38,345 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:32:38,345 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:32:38,346 INFO L229 MonitoredProcess]: Starting monitored process 48 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:32:38,348 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (48)] Waiting until timeout for monitored process [2022-11-20 11:32:39,223 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:32:39,223 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:32:39,236 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-20 11:32:39,241 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:32:39,253 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:32:39,265 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:32:39,387 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2432 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2432))))) is different from true [2022-11-20 11:32:39,411 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:39,412 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:39,431 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:39,431 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:39,525 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2433 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2433) |c_#length|)))) is different from true [2022-11-20 11:32:39,546 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:39,547 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:39,567 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:39,568 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:39,665 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2434 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2434) |c_#length|)))) is different from true [2022-11-20 11:32:39,689 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:39,689 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:39,704 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:39,704 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:39,803 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2435 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2435))))) is different from true [2022-11-20 11:32:39,824 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:39,825 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:39,840 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:39,840 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:40,061 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2436 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2436))))) is different from true [2022-11-20 11:32:40,082 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:40,083 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:40,103 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:40,104 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:40,314 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2437 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2437) |c_#length|)))) is different from true [2022-11-20 11:32:40,335 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:40,336 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:40,352 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:40,352 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:40,454 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2438 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2438) |c_#length|)))) is different from true [2022-11-20 11:32:40,489 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:40,490 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:40,509 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:40,510 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:40,602 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2439 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2439) |c_#length|)))) is different from true [2022-11-20 11:32:40,624 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:40,625 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:40,645 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:40,645 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:40,667 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-20 11:32:40,667 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:32:41,256 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [324733147] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:32:41,256 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:32:41,256 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-20 11:32:41,256 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1358144116] [2022-11-20 11:32:41,256 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:32:41,257 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-20 11:32:41,257 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:32:41,257 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-20 11:32:41,258 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-20 11:32:41,258 INFO L87 Difference]: Start difference. First operand 129 states and 170 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:32:45,017 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:32:45,018 INFO L93 Difference]: Finished difference Result 204 states and 265 transitions. [2022-11-20 11:32:45,019 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-20 11:32:45,020 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-20 11:32:45,020 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:32:45,021 INFO L225 Difference]: With dead ends: 204 [2022-11-20 11:32:45,021 INFO L226 Difference]: Without dead ends: 204 [2022-11-20 11:32:45,022 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 68 ImplicationChecksByTransitivity, 5.5s TimeCoverageRelationStatistics Valid=127, Invalid=733, Unknown=16, NotChecked=1104, Total=1980 [2022-11-20 11:32:45,023 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 29 mSDsluCounter, 417 mSDsCounter, 0 mSdLazyCounter, 1171 mSolverCounterSat, 24 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 29 SdHoareTripleChecker+Valid, 456 SdHoareTripleChecker+Invalid, 2355 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 24 IncrementalHoareTripleChecker+Valid, 1171 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1160 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-11-20 11:32:45,023 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [29 Valid, 456 Invalid, 2355 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [24 Valid, 1171 Invalid, 0 Unknown, 1160 Unchecked, 2.5s Time] [2022-11-20 11:32:45,024 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 204 states. [2022-11-20 11:32:45,030 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 204 to 124. [2022-11-20 11:32:45,031 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 97 states have (on average 1.041237113402062) internal successors, (101), 99 states have internal predecessors, (101), 21 states have call successors, (21), 2 states have call predecessors, (21), 4 states have return successors, (41), 22 states have call predecessors, (41), 21 states have call successors, (41) [2022-11-20 11:32:45,032 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 163 transitions. [2022-11-20 11:32:45,032 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 163 transitions. Word has length 98 [2022-11-20 11:32:45,033 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:32:45,033 INFO L495 AbstractCegarLoop]: Abstraction has 124 states and 163 transitions. [2022-11-20 11:32:45,033 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:32:45,033 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 163 transitions. [2022-11-20 11:32:45,034 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:32:45,035 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:32:45,035 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 10, 9, 9, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:32:45,055 INFO L552 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (47)] Ended with exit code 0 [2022-11-20 11:32:45,259 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (48)] Forceful destruction successful, exit code 0 [2022-11-20 11:32:45,453 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 47 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,48 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:32:45,454 INFO L420 AbstractCegarLoop]: === Iteration 28 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:32:45,454 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:32:45,454 INFO L85 PathProgramCache]: Analyzing trace with hash -616016914, now seen corresponding path program 11 times [2022-11-20 11:32:45,455 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:32:45,455 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [119952607] [2022-11-20 11:32:45,455 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:32:45,455 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:32:45,455 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:32:45,456 INFO L229 MonitoredProcess]: Starting monitored process 49 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:32:45,457 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (49)] Waiting until timeout for monitored process [2022-11-20 11:32:46,195 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-20 11:32:46,195 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:32:46,213 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-20 11:32:46,218 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:32:46,242 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:32:46,530 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:32:46,531 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:32:47,033 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2520 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2520) |c_#length|)))) is different from true [2022-11-20 11:32:47,066 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:47,105 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:32:47,105 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 24 treesize of output 31 [2022-11-20 11:32:47,130 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:47,130 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:47,694 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2521 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2521) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:32:47,714 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:47,714 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:47,729 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:47,729 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:47,970 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2522 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2522) |c_#length|)))) is different from true [2022-11-20 11:32:47,994 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:47,996 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:48,016 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:48,017 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:48,263 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2523 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2523) |c_#length|)))) is different from true [2022-11-20 11:32:48,289 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:48,289 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:48,305 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:48,305 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:48,574 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2524 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2524) |c_#length|)))) is different from true [2022-11-20 11:32:48,595 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:48,596 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:48,615 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:48,616 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:48,879 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2525 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2525) |c_#length|)))) is different from true [2022-11-20 11:32:48,899 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:48,900 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:48,919 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:48,919 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:49,193 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2526 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2526) |c_#length|)))) is different from true [2022-11-20 11:32:49,217 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:49,218 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:49,233 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:49,233 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:49,535 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2527 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2527) |c_#length|)))) is different from true [2022-11-20 11:32:49,560 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:49,561 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:49,584 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:49,585 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:49,707 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 20 proven. 240 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-20 11:32:49,707 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:32:50,598 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:32:50,598 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [119952607] [2022-11-20 11:32:50,598 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [119952607] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:32:50,598 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [608544086] [2022-11-20 11:32:50,599 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:32:50,599 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:32:50,599 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:32:50,600 INFO L229 MonitoredProcess]: Starting monitored process 50 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:32:50,602 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (50)] Waiting until timeout for monitored process [2022-11-20 11:32:52,310 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-20 11:32:52,311 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:32:52,352 INFO L263 TraceCheckSpWp]: Trace formula consists of 370 conjuncts, 98 conjunts are in the unsatisfiable core [2022-11-20 11:32:52,359 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:32:52,375 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:32:52,467 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:32:52,653 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:32:52,653 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:32:53,462 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2610 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2610) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2609 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2609))))) is different from true [2022-11-20 11:32:53,609 INFO L321 Elim1Store]: treesize reduction 44, result has 42.9 percent of original size [2022-11-20 11:32:53,610 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 0 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 5 case distinctions, treesize of input 43 treesize of output 70 [2022-11-20 11:32:53,685 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:32:53,685 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 29 treesize of output 36 [2022-11-20 11:32:54,686 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2612 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2612))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2611 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2611))))) is different from true [2022-11-20 11:32:54,720 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:54,807 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-20 11:32:54,807 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-20 11:32:54,828 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-20 11:32:54,828 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-20 11:32:55,156 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2613 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2613) |c_#valid|)) (exists ((v_ArrVal_2614 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2614) |c_#length|)))) is different from true [2022-11-20 11:32:55,195 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:55,198 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:55,202 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-20 11:32:55,203 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-20 11:32:55,215 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:55,280 INFO L321 Elim1Store]: treesize reduction 44, result has 34.3 percent of original size [2022-11-20 11:32:55,280 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 4 case distinctions, treesize of input 26 treesize of output 43 [2022-11-20 11:32:55,586 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2615 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2615) |c_#length|)))) is different from true [2022-11-20 11:32:55,629 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:55,631 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:55,636 INFO L321 Elim1Store]: treesize reduction 7, result has 12.5 percent of original size [2022-11-20 11:32:55,638 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 2 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 17 treesize of output 22 [2022-11-20 11:32:55,674 INFO L321 Elim1Store]: treesize reduction 22, result has 29.0 percent of original size [2022-11-20 11:32:55,674 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 0 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 3 case distinctions, treesize of input 20 treesize of output 22 [2022-11-20 11:32:56,239 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2616 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2616))) (exists ((v_ArrVal_2617 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2617))))) is different from true [2022-11-20 11:32:56,267 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:56,300 INFO L321 Elim1Store]: treesize reduction 19, result has 32.1 percent of original size [2022-11-20 11:32:56,300 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 1 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 17 treesize of output 26 [2022-11-20 11:32:56,355 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:32:56,355 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:32:56,469 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2618 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2618) |c_#length|)) (exists ((v_ArrVal_2619 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2619) |c_#valid|)))) is different from true [2022-11-20 11:32:56,532 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:32:56,533 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:32:56,539 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:56,668 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2620 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2620) |c_#length|)))) is different from true [2022-11-20 11:32:56,698 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:56,699 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:56,723 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:56,724 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:56,835 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2621 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2621) |c_#length|)))) is different from true [2022-11-20 11:32:56,860 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:32:56,861 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:32:56,886 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:32:56,886 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:32:56,910 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 20 proven. 240 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-20 11:32:56,910 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:32:57,702 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [608544086] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:32:57,702 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:32:57,702 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [39, 36] total 60 [2022-11-20 11:32:57,702 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [980181769] [2022-11-20 11:32:57,702 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:32:57,703 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 61 states [2022-11-20 11:32:57,703 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:32:57,703 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 61 interpolants. [2022-11-20 11:32:57,703 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=204, Invalid=2006, Unknown=16, NotChecked=1680, Total=3906 [2022-11-20 11:32:57,704 INFO L87 Difference]: Start difference. First operand 124 states and 163 transitions. Second operand has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) [2022-11-20 11:33:01,349 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:33:01,349 INFO L93 Difference]: Finished difference Result 204 states and 263 transitions. [2022-11-20 11:33:01,350 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 29 states. [2022-11-20 11:33:01,351 INFO L78 Accepts]: Start accepts. Automaton has has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) Word has length 98 [2022-11-20 11:33:01,351 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:33:01,353 INFO L225 Difference]: With dead ends: 204 [2022-11-20 11:33:01,353 INFO L226 Difference]: Without dead ends: 204 [2022-11-20 11:33:01,354 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 206 GetRequests, 138 SyntacticMatches, 2 SemanticMatches, 66 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 505 ImplicationChecksByTransitivity, 7.2s TimeCoverageRelationStatistics Valid=237, Invalid=2463, Unknown=16, NotChecked=1840, Total=4556 [2022-11-20 11:33:01,355 INFO L413 NwaCegarLoop]: 33 mSDtfsCounter, 28 mSDsluCounter, 508 mSDsCounter, 0 mSdLazyCounter, 798 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 1.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 541 SdHoareTripleChecker+Invalid, 2123 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 798 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1308 IncrementalHoareTripleChecker+Unchecked, 1.7s IncrementalHoareTripleChecker+Time [2022-11-20 11:33:01,355 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 541 Invalid, 2123 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 798 Invalid, 0 Unknown, 1308 Unchecked, 1.7s Time] [2022-11-20 11:33:01,356 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 204 states. [2022-11-20 11:33:01,362 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 204 to 181. [2022-11-20 11:33:01,363 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 181 states, 141 states have (on average 1.0425531914893618) internal successors, (147), 145 states have internal predecessors, (147), 30 states have call successors, (30), 4 states have call predecessors, (30), 8 states have return successors, (59), 31 states have call predecessors, (59), 30 states have call successors, (59) [2022-11-20 11:33:01,364 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 181 states to 181 states and 236 transitions. [2022-11-20 11:33:01,364 INFO L78 Accepts]: Start accepts. Automaton has 181 states and 236 transitions. Word has length 98 [2022-11-20 11:33:01,365 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:33:01,365 INFO L495 AbstractCegarLoop]: Abstraction has 181 states and 236 transitions. [2022-11-20 11:33:01,365 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 61 states, 59 states have (on average 1.9322033898305084) internal successors, (114), 57 states have internal predecessors, (114), 17 states have call successors, (17), 3 states have call predecessors, (17), 20 states have return successors, (21), 19 states have call predecessors, (21), 17 states have call successors, (21) [2022-11-20 11:33:01,366 INFO L276 IsEmpty]: Start isEmpty. Operand 181 states and 236 transitions. [2022-11-20 11:33:01,367 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:33:01,367 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:33:01,367 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:33:01,386 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (49)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:01,594 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (50)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:01,786 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 49 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,50 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:33:01,786 INFO L420 AbstractCegarLoop]: === Iteration 29 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:33:01,787 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:33:01,787 INFO L85 PathProgramCache]: Analyzing trace with hash 1668846541, now seen corresponding path program 12 times [2022-11-20 11:33:01,787 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:33:01,787 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2117407384] [2022-11-20 11:33:01,787 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-20 11:33:01,788 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:33:01,788 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:33:01,789 INFO L229 MonitoredProcess]: Starting monitored process 51 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:33:01,791 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (51)] Waiting until timeout for monitored process [2022-11-20 11:33:02,572 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 11 check-sat command(s) [2022-11-20 11:33:02,572 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:33:02,589 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 84 conjunts are in the unsatisfiable core [2022-11-20 11:33:02,595 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:33:02,628 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:33:02,636 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:33:02,845 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2699 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2699) |c_#length|)))) is different from true [2022-11-20 11:33:02,869 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:02,869 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:02,889 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:02,889 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:03,058 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2700 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2700) |c_#length|)))) is different from true [2022-11-20 11:33:03,079 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:03,080 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:03,117 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:03,118 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:03,475 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2701 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2701) |c_#length|)))) is different from true [2022-11-20 11:33:03,496 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:03,497 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:03,512 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:03,512 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:03,713 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2702 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2702) |c_#length|)))) is different from true [2022-11-20 11:33:03,737 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:03,738 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:03,752 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:03,753 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:03,958 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2703 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2703))))) is different from true [2022-11-20 11:33:03,977 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:03,978 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:03,992 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:03,993 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:04,473 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2704 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2704) |c_#length|)))) is different from true [2022-11-20 11:33:04,499 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:04,500 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:04,515 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:04,515 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:04,744 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2705 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2705))))) is different from true [2022-11-20 11:33:04,767 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:04,768 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:04,782 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:04,783 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:05,026 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2706 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2706) |c_#length|)))) is different from true [2022-11-20 11:33:05,048 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:05,049 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:05,068 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:05,070 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:05,162 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 16 proven. 244 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-20 11:33:05,162 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:33:11,895 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:33:11,895 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2117407384] [2022-11-20 11:33:11,895 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2117407384] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:33:11,896 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [533273487] [2022-11-20 11:33:11,896 INFO L93 rtionOrderModulation]: Changing assertion order to MIX_INSIDE_OUTSIDE [2022-11-20 11:33:11,896 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:33:11,896 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:33:11,897 INFO L229 MonitoredProcess]: Starting monitored process 52 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:33:11,899 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (52)] Waiting until timeout for monitored process [2022-11-20 11:33:13,504 INFO L228 tOrderPrioritization]: Assert order MIX_INSIDE_OUTSIDE issued 11 check-sat command(s) [2022-11-20 11:33:13,504 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:33:13,522 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 94 conjunts are in the unsatisfiable core [2022-11-20 11:33:13,528 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:33:13,542 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:33:13,553 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:33:13,799 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:13,800 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:13,816 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:14,117 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2787 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2787))) (exists ((v_ArrVal_2786 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2786))))) is different from true [2022-11-20 11:33:14,194 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:33:14,195 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:33:14,201 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:14,421 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2788 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2788) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2789 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2789) |c_#valid|)))) is different from true [2022-11-20 11:33:14,489 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:33:14,489 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:33:14,496 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:14,612 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2791 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_2791) |c_#valid|)) (exists ((v_ArrVal_2790 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2790) |c_#length|)))) is different from true [2022-11-20 11:33:14,646 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:14,647 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:14,680 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:33:14,680 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:33:14,787 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2792 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2792) |c_#length|)))) is different from true [2022-11-20 11:33:14,819 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:14,819 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:14,834 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:14,834 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:15,194 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:33:15,194 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:33:15,248 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:33:15,248 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:33:15,898 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2796 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2796))))) is different from true [2022-11-20 11:33:15,936 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:15,937 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 2 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:15,972 INFO L321 Elim1Store]: treesize reduction 12, result has 42.9 percent of original size [2022-11-20 11:33:15,972 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 3 select indices, 3 select index equivalence classes, 1 disjoint index pairs (out of 3 index pairs), introduced 3 new quantified variables, introduced 2 case distinctions, treesize of input 20 treesize of output 22 [2022-11-20 11:33:16,077 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2797 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2797))))) is different from true [2022-11-20 11:33:16,101 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:16,102 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:16,118 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:16,119 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:16,144 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 18 proven. 256 refuted. 0 times theorem prover too weak. 72 trivial. 90 not checked. [2022-11-20 11:33:16,144 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:33:16,704 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [533273487] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:33:16,704 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:33:16,705 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 35] total 48 [2022-11-20 11:33:16,705 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2123933746] [2022-11-20 11:33:16,705 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:33:16,705 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 49 states [2022-11-20 11:33:16,706 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:33:16,706 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 49 interpolants. [2022-11-20 11:33:16,706 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=161, Invalid=1211, Unknown=16, NotChecked=1162, Total=2550 [2022-11-20 11:33:16,707 INFO L87 Difference]: Start difference. First operand 181 states and 236 transitions. Second operand has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) [2022-11-20 11:33:20,655 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:33:20,655 INFO L93 Difference]: Finished difference Result 253 states and 330 transitions. [2022-11-20 11:33:20,657 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 27 states. [2022-11-20 11:33:20,657 INFO L78 Accepts]: Start accepts. Automaton has has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) Word has length 98 [2022-11-20 11:33:20,657 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:33:20,658 INFO L225 Difference]: With dead ends: 253 [2022-11-20 11:33:20,658 INFO L226 Difference]: Without dead ends: 253 [2022-11-20 11:33:20,659 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 203 GetRequests, 150 SyntacticMatches, 1 SemanticMatches, 52 ConstructedPredicates, 14 IntricatePredicates, 0 DeprecatedPredicates, 257 ImplicationChecksByTransitivity, 10.6s TimeCoverageRelationStatistics Valid=179, Invalid=1421, Unknown=16, NotChecked=1246, Total=2862 [2022-11-20 11:33:20,660 INFO L413 NwaCegarLoop]: 33 mSDtfsCounter, 30 mSDsluCounter, 381 mSDsCounter, 0 mSdLazyCounter, 1229 mSolverCounterSat, 31 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 30 SdHoareTripleChecker+Valid, 414 SdHoareTripleChecker+Invalid, 2486 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 31 IncrementalHoareTripleChecker+Valid, 1229 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1226 IncrementalHoareTripleChecker+Unchecked, 2.5s IncrementalHoareTripleChecker+Time [2022-11-20 11:33:20,660 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [30 Valid, 414 Invalid, 2486 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [31 Valid, 1229 Invalid, 0 Unknown, 1226 Unchecked, 2.5s Time] [2022-11-20 11:33:20,661 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 253 states. [2022-11-20 11:33:20,669 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 253 to 191. [2022-11-20 11:33:20,670 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 191 states, 149 states have (on average 1.0402684563758389) internal successors, (155), 153 states have internal predecessors, (155), 32 states have call successors, (32), 4 states have call predecessors, (32), 8 states have return successors, (63), 33 states have call predecessors, (63), 32 states have call successors, (63) [2022-11-20 11:33:20,671 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 191 states to 191 states and 250 transitions. [2022-11-20 11:33:20,672 INFO L78 Accepts]: Start accepts. Automaton has 191 states and 250 transitions. Word has length 98 [2022-11-20 11:33:20,672 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:33:20,672 INFO L495 AbstractCegarLoop]: Abstraction has 191 states and 250 transitions. [2022-11-20 11:33:20,672 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 49 states, 47 states have (on average 2.0425531914893615) internal successors, (96), 46 states have internal predecessors, (96), 12 states have call successors, (12), 3 states have call predecessors, (12), 19 states have return successors, (19), 16 states have call predecessors, (19), 12 states have call successors, (19) [2022-11-20 11:33:20,673 INFO L276 IsEmpty]: Start isEmpty. Operand 191 states and 250 transitions. [2022-11-20 11:33:20,674 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:33:20,674 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:33:20,675 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 8, 3, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:33:20,695 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (51)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:20,900 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (52)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:21,092 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 51 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,52 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:33:21,093 INFO L420 AbstractCegarLoop]: === Iteration 30 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:33:21,093 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:33:21,093 INFO L85 PathProgramCache]: Analyzing trace with hash 1163287916, now seen corresponding path program 13 times [2022-11-20 11:33:21,094 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:33:21,094 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [860435560] [2022-11-20 11:33:21,094 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-20 11:33:21,094 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:33:21,094 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:33:21,095 INFO L229 MonitoredProcess]: Starting monitored process 53 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:33:21,097 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (53)] Waiting until timeout for monitored process [2022-11-20 11:33:21,579 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:33:21,597 INFO L263 TraceCheckSpWp]: Trace formula consists of 358 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-20 11:33:21,602 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:33:21,629 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:33:21,636 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:33:21,848 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2873 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2873) |c_#length|)))) is different from true [2022-11-20 11:33:21,869 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:21,869 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:21,888 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:21,889 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:22,061 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2874 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2874) |c_#length|)))) is different from true [2022-11-20 11:33:22,086 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:22,087 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:22,111 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:22,111 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:22,495 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2875 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2875) |c_#length|)))) is different from true [2022-11-20 11:33:22,516 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:22,517 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:22,531 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:22,531 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:22,729 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2876 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2876) |c_#length|)))) is different from true [2022-11-20 11:33:22,749 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:22,750 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:22,764 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:22,765 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:22,973 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2877 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2877))))) is different from true [2022-11-20 11:33:22,994 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:22,995 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:23,009 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:23,010 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:23,410 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2878 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2878) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:23,430 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:23,431 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:23,450 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:23,451 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:23,864 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2879 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2879))))) is different from true [2022-11-20 11:33:23,885 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:23,886 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:23,901 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:23,902 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:24,000 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 232 refuted. 0 times theorem prover too weak. 96 trivial. 98 not checked. [2022-11-20 11:33:24,000 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:33:24,742 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:33:24,742 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [860435560] [2022-11-20 11:33:24,743 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [860435560] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:33:24,743 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [2087280080] [2022-11-20 11:33:24,743 INFO L93 rtionOrderModulation]: Changing assertion order to NOT_INCREMENTALLY [2022-11-20 11:33:24,743 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:33:24,743 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:33:24,744 INFO L229 MonitoredProcess]: Starting monitored process 54 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:33:24,746 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (54)] Waiting until timeout for monitored process [2022-11-20 11:33:25,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-11-20 11:33:25,692 INFO L263 TraceCheckSpWp]: Trace formula consists of 358 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-20 11:33:25,697 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:33:25,709 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:33:25,720 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:33:25,830 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2955 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2955))))) is different from true [2022-11-20 11:33:25,852 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:25,853 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:25,868 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:25,868 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:25,979 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2956 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2956) |c_#length|)))) is different from true [2022-11-20 11:33:26,003 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:26,004 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:26,019 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:26,019 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:26,243 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2957 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2957) |c_#length|)))) is different from true [2022-11-20 11:33:26,264 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:26,265 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:26,280 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:26,280 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:26,381 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2958 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2958) |c_#length|)))) is different from true [2022-11-20 11:33:26,405 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:26,405 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:26,420 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:26,421 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:26,519 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_2959 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2959) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:26,540 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:26,541 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:26,556 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:26,557 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:26,758 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2960 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2960))))) is different from true [2022-11-20 11:33:26,789 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:26,790 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:26,804 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:26,805 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:27,006 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_2961 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_2961))))) is different from true [2022-11-20 11:33:27,028 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:27,028 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:27,043 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:27,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:27,068 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 232 refuted. 0 times theorem prover too weak. 96 trivial. 98 not checked. [2022-11-20 11:33:27,068 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:33:29,595 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [2087280080] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:33:29,595 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:33:29,596 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [30, 30] total 37 [2022-11-20 11:33:29,596 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [93489731] [2022-11-20 11:33:29,596 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:33:29,597 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 38 states [2022-11-20 11:33:29,597 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:33:29,597 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 38 interpolants. [2022-11-20 11:33:29,598 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=111, Invalid=581, Unknown=14, NotChecked=854, Total=1560 [2022-11-20 11:33:29,598 INFO L87 Difference]: Start difference. First operand 191 states and 250 transitions. Second operand has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) [2022-11-20 11:33:32,765 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:33:32,765 INFO L93 Difference]: Finished difference Result 254 states and 329 transitions. [2022-11-20 11:33:32,767 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 24 states. [2022-11-20 11:33:32,767 INFO L78 Accepts]: Start accepts. Automaton has has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) Word has length 98 [2022-11-20 11:33:32,767 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:33:32,768 INFO L225 Difference]: With dead ends: 254 [2022-11-20 11:33:32,769 INFO L226 Difference]: Without dead ends: 254 [2022-11-20 11:33:32,769 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 161 SyntacticMatches, 1 SemanticMatches, 40 ConstructedPredicates, 14 IntricatePredicates, 0 DeprecatedPredicates, 59 ImplicationChecksByTransitivity, 4.9s TimeCoverageRelationStatistics Valid=119, Invalid=679, Unknown=14, NotChecked=910, Total=1722 [2022-11-20 11:33:32,770 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 26 mSDsluCounter, 378 mSDsCounter, 0 mSdLazyCounter, 1092 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 26 SdHoareTripleChecker+Valid, 416 SdHoareTripleChecker+Invalid, 2200 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 1092 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1086 IncrementalHoareTripleChecker+Unchecked, 2.3s IncrementalHoareTripleChecker+Time [2022-11-20 11:33:32,770 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [26 Valid, 416 Invalid, 2200 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 1092 Invalid, 0 Unknown, 1086 Unchecked, 2.3s Time] [2022-11-20 11:33:32,771 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 254 states. [2022-11-20 11:33:32,779 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 254 to 171. [2022-11-20 11:33:32,780 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-20 11:33:32,781 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-20 11:33:32,781 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-20 11:33:32,782 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:33:32,782 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-20 11:33:32,782 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 38 states, 36 states have (on average 2.138888888888889) internal successors, (77), 37 states have internal predecessors, (77), 11 states have call successors, (11), 2 states have call predecessors, (11), 16 states have return successors, (18), 11 states have call predecessors, (18), 11 states have call successors, (18) [2022-11-20 11:33:32,783 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-20 11:33:32,784 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:33:32,784 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:33:32,784 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:33:32,793 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (54)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:33,003 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (53)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:33,193 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 54 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,53 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:33:33,193 INFO L420 AbstractCegarLoop]: === Iteration 31 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:33:33,194 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:33:33,194 INFO L85 PathProgramCache]: Analyzing trace with hash 1743290095, now seen corresponding path program 14 times [2022-11-20 11:33:33,194 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:33:33,195 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [739997005] [2022-11-20 11:33:33,195 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:33:33,195 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:33:33,195 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:33:33,196 INFO L229 MonitoredProcess]: Starting monitored process 55 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:33:33,197 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (55)] Waiting until timeout for monitored process [2022-11-20 11:33:33,711 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:33:33,711 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:33:33,727 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-20 11:33:33,744 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:33:33,768 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:33:33,778 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:33:33,986 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3039 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3039) |c_#length|)))) is different from true [2022-11-20 11:33:34,006 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:34,007 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:34,026 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:34,027 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:34,197 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3040 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3040) |c_#length|)))) is different from true [2022-11-20 11:33:34,217 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:34,218 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:34,238 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:34,238 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:34,576 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3041 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3041))))) is different from true [2022-11-20 11:33:34,606 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:34,607 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:34,622 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:34,622 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:34,827 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3042 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3042))))) is different from true [2022-11-20 11:33:34,852 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:34,852 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:34,867 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:34,868 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:35,245 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3043 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3043) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:35,269 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:35,270 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:35,289 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:35,290 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:35,505 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3044 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3044) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:35,536 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:35,537 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:35,556 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:35,556 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:35,785 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3045 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3045))))) is different from true [2022-11-20 11:33:35,809 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:35,809 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:35,828 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:35,829 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:36,059 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3046 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3046) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:36,079 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:36,080 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:36,097 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:36,097 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:36,196 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-20 11:33:36,196 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:33:37,193 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:33:37,194 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [739997005] [2022-11-20 11:33:37,194 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [739997005] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:33:37,194 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [398733162] [2022-11-20 11:33:37,194 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2022-11-20 11:33:37,195 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:33:37,195 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:33:37,199 INFO L229 MonitoredProcess]: Starting monitored process 56 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:33:37,203 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (56)] Waiting until timeout for monitored process [2022-11-20 11:33:38,179 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2022-11-20 11:33:38,180 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:33:38,216 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 87 conjunts are in the unsatisfiable core [2022-11-20 11:33:38,222 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:33:38,239 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:33:38,256 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:33:38,383 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3124 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3124) |c_#length|)))) is different from true [2022-11-20 11:33:38,410 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:38,411 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:38,434 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:38,434 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:38,538 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3125 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3125) |c_#length|)))) is different from true [2022-11-20 11:33:38,564 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:38,565 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:38,588 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:38,588 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:38,831 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3126 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3126))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:38,852 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:38,853 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:38,876 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:38,876 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:38,986 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3127 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3127) |c_#length|)))) is different from true [2022-11-20 11:33:39,009 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:39,010 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:39,026 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:39,027 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:39,272 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3128 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3128) |c_#length|)))) is different from true [2022-11-20 11:33:39,297 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:39,298 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:39,321 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:39,321 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:39,434 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3129 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3129))))) is different from true [2022-11-20 11:33:39,470 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:39,471 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:39,492 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:39,493 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:39,599 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3130 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3130) |c_#length|)))) is different from true [2022-11-20 11:33:39,625 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:39,626 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:39,643 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:39,643 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:39,751 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3131 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3131) |c_#length|)))) is different from true [2022-11-20 11:33:39,774 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:39,775 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:39,797 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:39,797 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:39,820 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-20 11:33:39,820 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:33:42,418 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [398733162] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:33:42,418 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:33:42,419 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-20 11:33:42,419 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1188697909] [2022-11-20 11:33:42,419 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:33:42,419 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-20 11:33:42,419 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:33:42,420 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-20 11:33:42,420 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=631, Unknown=16, NotChecked=1040, Total=1806 [2022-11-20 11:33:42,421 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:33:47,231 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:33:47,231 INFO L93 Difference]: Finished difference Result 251 states and 324 transitions. [2022-11-20 11:33:47,233 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-20 11:33:47,234 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-20 11:33:47,234 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:33:47,240 INFO L225 Difference]: With dead ends: 251 [2022-11-20 11:33:47,240 INFO L226 Difference]: Without dead ends: 251 [2022-11-20 11:33:47,240 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 65 ImplicationChecksByTransitivity, 5.7s TimeCoverageRelationStatistics Valid=127, Invalid=733, Unknown=16, NotChecked=1104, Total=1980 [2022-11-20 11:33:47,241 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 28 mSDsluCounter, 480 mSDsCounter, 0 mSdLazyCounter, 1359 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 519 SdHoareTripleChecker+Invalid, 2396 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 1359 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1016 IncrementalHoareTripleChecker+Unchecked, 3.5s IncrementalHoareTripleChecker+Time [2022-11-20 11:33:47,242 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 519 Invalid, 2396 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 1359 Invalid, 0 Unknown, 1016 Unchecked, 3.5s Time] [2022-11-20 11:33:47,243 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 251 states. [2022-11-20 11:33:47,251 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 251 to 171. [2022-11-20 11:33:47,252 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-20 11:33:47,253 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-20 11:33:47,253 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-20 11:33:47,260 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:33:47,261 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-20 11:33:47,261 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:33:47,262 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-20 11:33:47,263 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:33:47,263 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:33:47,264 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:33:47,281 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (56)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:47,487 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (55)] Forceful destruction successful, exit code 0 [2022-11-20 11:33:47,675 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 56 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,55 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:33:47,675 INFO L420 AbstractCegarLoop]: === Iteration 32 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:33:47,675 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:33:47,676 INFO L85 PathProgramCache]: Analyzing trace with hash -856557043, now seen corresponding path program 15 times [2022-11-20 11:33:47,676 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:33:47,676 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1372997010] [2022-11-20 11:33:47,676 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:33:47,677 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:33:47,677 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:33:47,679 INFO L229 MonitoredProcess]: Starting monitored process 57 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:33:47,680 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (57)] Waiting until timeout for monitored process [2022-11-20 11:33:48,428 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-20 11:33:48,428 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:33:48,446 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-20 11:33:48,451 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:33:48,488 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:33:48,499 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:33:48,762 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3209 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3209))))) is different from true [2022-11-20 11:33:48,792 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:48,792 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:48,810 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:48,810 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:48,993 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3210 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3210))))) is different from true [2022-11-20 11:33:49,018 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:49,019 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:49,035 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:49,035 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:49,461 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3211 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3211))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:49,484 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:49,485 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:49,510 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:49,510 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:49,980 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3212 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3212))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:33:50,004 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:50,005 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:50,023 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:50,023 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:50,291 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3213 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3213))))) is different from true [2022-11-20 11:33:50,319 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:50,320 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:50,339 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:50,339 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:50,622 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3214 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3214) |c_#length|)))) is different from true [2022-11-20 11:33:50,645 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:50,645 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:50,668 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:50,669 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:50,947 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3215 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3215) |c_#length|)))) is different from true [2022-11-20 11:33:50,974 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:50,975 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:50,993 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:50,993 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:51,290 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3216 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3216) |c_#length|)))) is different from true [2022-11-20 11:33:51,317 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:33:51,318 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:33:51,336 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:33:51,336 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:33:51,454 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 32 proven. 240 refuted. 0 times theorem prover too weak. 60 trivial. 104 not checked. [2022-11-20 11:33:51,454 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:33:58,316 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:33:58,316 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1372997010] [2022-11-20 11:33:58,316 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1372997010] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:33:58,316 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [544046629] [2022-11-20 11:33:58,316 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:33:58,316 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:33:58,317 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:33:58,318 INFO L229 MonitoredProcess]: Starting monitored process 58 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:33:58,319 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (58)] Waiting until timeout for monitored process [2022-11-20 11:33:59,972 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-20 11:33:59,972 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:33:59,988 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 93 conjunts are in the unsatisfiable core [2022-11-20 11:33:59,994 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:34:00,006 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:34:00,018 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:34:00,129 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3295 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3295))) (exists ((v_ArrVal_3294 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3294))))) is different from true [2022-11-20 11:34:00,157 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:00,158 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:00,192 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:34:00,193 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:34:00,501 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:34:00,501 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:34:00,532 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:00,533 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:00,933 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3298 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3298) |c_#length|)))) is different from true [2022-11-20 11:34:00,956 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:00,956 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:00,973 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:00,973 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:01,250 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| |c_ldv_malloc_#in~size|) |c_#length|)) is different from true [2022-11-20 11:34:01,288 INFO L321 Elim1Store]: treesize reduction 11, result has 45.0 percent of original size [2022-11-20 11:34:01,289 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 1 case distinctions, treesize of input 12 treesize of output 18 [2022-11-20 11:34:01,970 INFO L321 Elim1Store]: treesize reduction 20, result has 57.4 percent of original size [2022-11-20 11:34:01,971 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 24 treesize of output 43 [2022-11-20 11:34:03,096 INFO L321 Elim1Store]: treesize reduction 24, result has 48.9 percent of original size [2022-11-20 11:34:03,096 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 3 case distinctions, treesize of input 17 treesize of output 34 [2022-11-20 11:34:03,155 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:03,156 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:03,519 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3304 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3304))))) is different from true [2022-11-20 11:34:03,544 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:03,545 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:03,559 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:03,560 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:03,664 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3305 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3305))))) is different from true [2022-11-20 11:34:03,686 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:03,687 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:03,701 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:03,702 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:03,726 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 36 proven. 278 refuted. 0 times theorem prover too weak. 42 trivial. 80 not checked. [2022-11-20 11:34:03,726 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:34:07,777 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [544046629] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:34:07,777 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:34:07,777 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [35, 39] total 53 [2022-11-20 11:34:07,778 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2089787080] [2022-11-20 11:34:07,778 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:34:07,778 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 54 states [2022-11-20 11:34:07,778 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:34:07,778 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 54 interpolants. [2022-11-20 11:34:07,779 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=171, Invalid=1672, Unknown=15, NotChecked=1222, Total=3080 [2022-11-20 11:34:07,779 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) [2022-11-20 11:34:13,981 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:34:13,981 INFO L93 Difference]: Finished difference Result 265 states and 344 transitions. [2022-11-20 11:34:13,983 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 34 states. [2022-11-20 11:34:13,983 INFO L78 Accepts]: Start accepts. Automaton has has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) Word has length 98 [2022-11-20 11:34:13,983 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:34:13,984 INFO L225 Difference]: With dead ends: 265 [2022-11-20 11:34:13,984 INFO L226 Difference]: Without dead ends: 265 [2022-11-20 11:34:13,985 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 209 GetRequests, 144 SyntacticMatches, 3 SemanticMatches, 62 ConstructedPredicates, 13 IntricatePredicates, 0 DeprecatedPredicates, 483 ImplicationChecksByTransitivity, 16.3s TimeCoverageRelationStatistics Valid=222, Invalid=2365, Unknown=15, NotChecked=1430, Total=4032 [2022-11-20 11:34:13,986 INFO L413 NwaCegarLoop]: 38 mSDtfsCounter, 40 mSDsluCounter, 594 mSDsCounter, 0 mSdLazyCounter, 1885 mSolverCounterSat, 30 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 3.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 40 SdHoareTripleChecker+Valid, 632 SdHoareTripleChecker+Invalid, 3430 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 30 IncrementalHoareTripleChecker+Valid, 1885 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1515 IncrementalHoareTripleChecker+Unchecked, 3.9s IncrementalHoareTripleChecker+Time [2022-11-20 11:34:13,986 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [40 Valid, 632 Invalid, 3430 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [30 Valid, 1885 Invalid, 0 Unknown, 1515 Unchecked, 3.9s Time] [2022-11-20 11:34:13,987 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 265 states. [2022-11-20 11:34:13,995 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 265 to 171. [2022-11-20 11:34:13,995 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-20 11:34:13,997 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-20 11:34:13,997 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-20 11:34:13,997 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:34:13,998 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-20 11:34:13,998 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 54 states, 52 states have (on average 1.8846153846153846) internal successors, (98), 50 states have internal predecessors, (98), 14 states have call successors, (14), 3 states have call predecessors, (14), 17 states have return successors, (19), 16 states have call predecessors, (19), 14 states have call successors, (19) [2022-11-20 11:34:13,998 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-20 11:34:13,999 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:34:13,999 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:34:14,000 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:34:14,010 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (58)] Forceful destruction successful, exit code 0 [2022-11-20 11:34:14,236 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (57)] Forceful destruction successful, exit code 0 [2022-11-20 11:34:14,409 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 58 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,57 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:34:14,410 INFO L420 AbstractCegarLoop]: === Iteration 33 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:34:14,410 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:34:14,410 INFO L85 PathProgramCache]: Analyzing trace with hash -335667025, now seen corresponding path program 16 times [2022-11-20 11:34:14,411 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:34:14,411 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [845089879] [2022-11-20 11:34:14,411 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:34:14,411 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:34:14,411 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:34:14,412 INFO L229 MonitoredProcess]: Starting monitored process 59 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:34:14,414 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (59)] Waiting until timeout for monitored process [2022-11-20 11:34:14,915 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:34:14,915 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:34:14,932 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-20 11:34:14,936 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:34:14,963 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:34:14,971 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:34:15,185 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3383 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3383) |c_#length|)))) is different from true [2022-11-20 11:34:15,206 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:15,207 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:15,227 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:15,227 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:15,401 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3384 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3384))))) is different from true [2022-11-20 11:34:15,422 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:15,423 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:15,443 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:15,443 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:15,965 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3385 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3385) |c_#length|)))) is different from true [2022-11-20 11:34:15,992 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:15,993 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:16,013 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:16,013 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:16,264 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3386 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3386))))) is different from true [2022-11-20 11:34:16,289 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:16,290 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:16,308 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:16,309 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:16,545 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3387 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3387) |c_#length|)))) is different from true [2022-11-20 11:34:16,566 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:16,567 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:16,582 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:16,582 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:16,817 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3388 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3388) |c_#length|)))) is different from true [2022-11-20 11:34:16,843 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:16,844 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:16,864 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:16,864 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:17,093 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3389 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3389) |c_#length|)))) is different from true [2022-11-20 11:34:17,119 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:17,120 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:17,136 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:17,136 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:17,383 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3390 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3390) |c_#length|)))) is different from true [2022-11-20 11:34:17,403 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:17,404 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:17,424 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:17,425 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:17,520 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-20 11:34:17,521 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:34:20,359 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:34:20,360 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [845089879] [2022-11-20 11:34:20,360 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [845089879] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:34:20,360 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [799190462] [2022-11-20 11:34:20,360 INFO L93 rtionOrderModulation]: Changing assertion order to TERMS_WITH_SMALL_CONSTANTS_FIRST [2022-11-20 11:34:20,360 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:34:20,360 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:34:20,361 INFO L229 MonitoredProcess]: Starting monitored process 60 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:34:20,363 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (60)] Waiting until timeout for monitored process [2022-11-20 11:34:21,350 INFO L228 tOrderPrioritization]: Assert order TERMS_WITH_SMALL_CONSTANTS_FIRST issued 0 check-sat command(s) [2022-11-20 11:34:21,351 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:34:21,363 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 86 conjunts are in the unsatisfiable core [2022-11-20 11:34:21,369 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:34:21,381 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 7 [2022-11-20 11:34:21,391 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:34:21,500 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3468 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3468))))) is different from true [2022-11-20 11:34:21,525 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:21,526 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:21,546 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:21,546 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:21,640 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3469 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3469) |c_#length|)))) is different from true [2022-11-20 11:34:21,664 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:21,665 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:21,679 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:21,680 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:22,025 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3470 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3470) |c_#length|)))) is different from true [2022-11-20 11:34:22,049 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:22,050 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:22,070 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:22,070 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:22,165 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3471 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3471))))) is different from true [2022-11-20 11:34:22,186 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:22,187 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:22,207 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:22,207 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:22,306 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3472 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3472))))) is different from true [2022-11-20 11:34:22,328 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:22,329 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:22,349 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:22,349 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:22,462 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3473 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3473) |c_#length|)))) is different from true [2022-11-20 11:34:22,486 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:22,487 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:22,502 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:22,502 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:22,599 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3474 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3474))) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:34:22,624 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:22,625 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:22,645 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:22,645 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:22,739 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3475 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3475) |c_#length|)))) is different from true [2022-11-20 11:34:22,767 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:22,768 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:22,788 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:22,788 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:22,802 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 10 proven. 230 refuted. 0 times theorem prover too weak. 92 trivial. 104 not checked. [2022-11-20 11:34:22,802 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:34:26,052 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [799190462] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:34:26,052 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:34:26,052 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [32, 32] total 40 [2022-11-20 11:34:26,053 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1620115782] [2022-11-20 11:34:26,053 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:34:26,053 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 41 states [2022-11-20 11:34:26,054 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:34:26,054 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 41 interpolants. [2022-11-20 11:34:26,054 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=119, Invalid=630, Unknown=17, NotChecked=1040, Total=1806 [2022-11-20 11:34:26,055 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:34:30,204 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:34:30,204 INFO L93 Difference]: Finished difference Result 257 states and 334 transitions. [2022-11-20 11:34:30,206 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 25 states. [2022-11-20 11:34:30,206 INFO L78 Accepts]: Start accepts. Automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-20 11:34:30,206 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:34:30,207 INFO L225 Difference]: With dead ends: 257 [2022-11-20 11:34:30,207 INFO L226 Difference]: Without dead ends: 257 [2022-11-20 11:34:30,208 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 158 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 63 ImplicationChecksByTransitivity, 8.2s TimeCoverageRelationStatistics Valid=127, Invalid=732, Unknown=17, NotChecked=1104, Total=1980 [2022-11-20 11:34:30,208 INFO L413 NwaCegarLoop]: 39 mSDtfsCounter, 28 mSDsluCounter, 459 mSDsCounter, 0 mSdLazyCounter, 1297 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 28 SdHoareTripleChecker+Valid, 498 SdHoareTripleChecker+Invalid, 2259 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 1297 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 940 IncrementalHoareTripleChecker+Unchecked, 2.8s IncrementalHoareTripleChecker+Time [2022-11-20 11:34:30,209 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [28 Valid, 498 Invalid, 2259 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 1297 Invalid, 0 Unknown, 940 Unchecked, 2.8s Time] [2022-11-20 11:34:30,209 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 257 states. [2022-11-20 11:34:30,224 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 257 to 171. [2022-11-20 11:34:30,225 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 171 states, 133 states have (on average 1.0451127819548873) internal successors, (139), 137 states have internal predecessors, (139), 28 states have call successors, (28), 4 states have call predecessors, (28), 8 states have return successors, (55), 29 states have call predecessors, (55), 28 states have call successors, (55) [2022-11-20 11:34:30,226 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 171 states to 171 states and 222 transitions. [2022-11-20 11:34:30,226 INFO L78 Accepts]: Start accepts. Automaton has 171 states and 222 transitions. Word has length 98 [2022-11-20 11:34:30,227 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:34:30,227 INFO L495 AbstractCegarLoop]: Abstraction has 171 states and 222 transitions. [2022-11-20 11:34:30,227 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 41 states, 39 states have (on average 2.076923076923077) internal successors, (81), 40 states have internal predecessors, (81), 11 states have call successors, (11), 2 states have call predecessors, (11), 18 states have return successors, (19), 11 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:34:30,227 INFO L276 IsEmpty]: Start isEmpty. Operand 171 states and 222 transitions. [2022-11-20 11:34:30,229 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 99 [2022-11-20 11:34:30,229 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:34:30,229 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 10, 10, 10, 10, 9, 9, 9, 2, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:34:30,248 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (59)] Forceful destruction successful, exit code 0 [2022-11-20 11:34:30,450 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (60)] Forceful destruction successful, exit code 0 [2022-11-20 11:34:30,643 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 59 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3,60 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt [2022-11-20 11:34:30,643 INFO L420 AbstractCegarLoop]: === Iteration 34 === Targeting ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:34:30,644 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:34:30,644 INFO L85 PathProgramCache]: Analyzing trace with hash 552179341, now seen corresponding path program 17 times [2022-11-20 11:34:30,644 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:34:30,644 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [135140167] [2022-11-20 11:34:30,644 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:34:30,644 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:34:30,644 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:34:30,645 INFO L229 MonitoredProcess]: Starting monitored process 61 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:34:30,647 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (61)] Waiting until timeout for monitored process [2022-11-20 11:34:31,472 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-20 11:34:31,472 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:34:31,488 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 83 conjunts are in the unsatisfiable core [2022-11-20 11:34:31,493 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:34:31,516 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:34:31,885 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3552 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3552) |c_#length|)))) is different from true [2022-11-20 11:34:31,906 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:31,906 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:31,921 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:31,921 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:32,277 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3553 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3553) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:34:32,297 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:32,298 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:32,312 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:32,312 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:32,517 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3554 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3554) |c_#length|)))) is different from true [2022-11-20 11:34:32,537 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:32,537 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:32,557 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:32,557 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:32,765 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3555 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3555))))) is different from true [2022-11-20 11:34:32,785 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:32,786 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:32,806 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:32,806 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:33,029 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3556 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3556) |c_#length|)))) is different from true [2022-11-20 11:34:33,063 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:33,064 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:33,079 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:33,079 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:33,302 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3557 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3557) |c_#length|)))) is different from true [2022-11-20 11:34:33,322 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:33,323 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:33,342 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:33,343 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:33,581 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3558 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3558))))) is different from true [2022-11-20 11:34:33,605 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:33,606 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:33,621 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:33,621 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:33,868 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3559 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3559) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:34:33,889 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:33,890 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:33,909 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:33,910 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:34,017 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 30 proven. 230 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-20 11:34:34,017 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:34:38,805 INFO L136 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-11-20 11:34:38,805 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [135140167] [2022-11-20 11:34:38,805 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleMathsat [135140167] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:34:38,805 INFO L333 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleCvc4 [1695023932] [2022-11-20 11:34:38,806 INFO L93 rtionOrderModulation]: Changing assertion order to INSIDE_LOOP_FIRST1 [2022-11-20 11:34:38,806 INFO L173 SolverBuilder]: Constructing external solver with command: cvc4 --incremental --print-success --lang smt [2022-11-20 11:34:38,806 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 [2022-11-20 11:34:38,807 INFO L229 MonitoredProcess]: Starting monitored process 62 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (exit command is (exit), workingDir is null) [2022-11-20 11:34:38,809 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (62)] Waiting until timeout for monitored process [2022-11-20 11:34:40,476 INFO L228 tOrderPrioritization]: Assert order INSIDE_LOOP_FIRST1 issued 11 check-sat command(s) [2022-11-20 11:34:40,477 INFO L229 tOrderPrioritization]: Conjunction of SSA is unsat [2022-11-20 11:34:40,513 INFO L263 TraceCheckSpWp]: Trace formula consists of 364 conjuncts, 85 conjunts are in the unsatisfiable core [2022-11-20 11:34:40,518 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-11-20 11:34:40,531 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 0 select indices, 0 select index equivalence classes, 0 disjoint index pairs (out of 0 index pairs), introduced 0 new quantified variables, introduced 0 case distinctions, treesize of input 6 treesize of output 5 [2022-11-20 11:34:40,700 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3636 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3636) |c_#length|)) (exists ((v_ArrVal_3637 (_ BitVec 1))) (= |c_#valid| (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3637))))) is different from true [2022-11-20 11:34:40,727 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:40,728 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:40,766 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:34:40,767 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:34:40,985 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3639 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3639) |c_#valid|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3638 (_ BitVec 32))) (= |c_#length| (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3638))))) is different from true [2022-11-20 11:34:41,043 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:34:41,043 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:34:41,049 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:41,160 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3641 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3641) |c_#valid|)) (exists ((v_ArrVal_3640 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3640) |c_#length|)))) is different from true [2022-11-20 11:34:41,229 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:34:41,230 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:34:41,236 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:41,340 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3642 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3642) |c_#length|)))) is different from true [2022-11-20 11:34:41,361 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:41,362 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:41,383 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:41,383 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:41,497 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3643 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3643) |c_#length|)) (exists ((v_ArrVal_3644 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3644) |c_#valid|)))) is different from true [2022-11-20 11:34:41,562 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:34:41,562 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:34:41,573 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:41,679 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3646 (_ BitVec 1))) (= (store |c_old(#valid)| |ldv_malloc_#res.base| v_ArrVal_3646) |c_#valid|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3645 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3645) |c_#length|)))) is different from true [2022-11-20 11:34:41,705 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:41,706 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:41,743 INFO L321 Elim1Store]: treesize reduction 22, result has 35.3 percent of original size [2022-11-20 11:34:41,744 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 2 case distinctions, treesize of input 19 treesize of output 27 [2022-11-20 11:34:41,848 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)) (exists ((v_ArrVal_3647 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3647) |c_#length|)))) is different from true [2022-11-20 11:34:41,873 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:41,873 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:41,888 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:41,888 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:41,982 WARN L859 $PredicateComparison]: unable to prove that (exists ((|ldv_malloc_#res.base| (_ BitVec 32))) (and (exists ((v_ArrVal_3648 (_ BitVec 32))) (= (store |c_old(#length)| |ldv_malloc_#res.base| v_ArrVal_3648) |c_#length|)) (= (_ bv0 1) (select |c_old(#valid)| |ldv_malloc_#res.base|)))) is different from true [2022-11-20 11:34:42,019 INFO L190 IndexEqualityManager]: detected not equals via solver [2022-11-20 11:34:42,020 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 1 stores, 1 select indices, 1 select index equivalence classes, 1 disjoint index pairs (out of 0 index pairs), introduced 1 new quantified variables, introduced 0 case distinctions, treesize of input 12 treesize of output 14 [2022-11-20 11:34:42,035 INFO L321 Elim1Store]: treesize reduction 6, result has 40.0 percent of original size [2022-11-20 11:34:42,035 INFO L350 Elim1Store]: Elim1 eliminated variable of array dimension 1, 0 stores, 2 select indices, 2 select index equivalence classes, 0 disjoint index pairs (out of 1 index pairs), introduced 2 new quantified variables, introduced 1 case distinctions, treesize of input 13 treesize of output 13 [2022-11-20 11:34:42,053 INFO L134 CoverageAnalysis]: Checked inductivity of 436 backedges. 30 proven. 230 refuted. 0 times theorem prover too weak. 72 trivial. 104 not checked. [2022-11-20 11:34:42,053 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-11-20 11:34:46,619 INFO L157 FreeRefinementEngine]: IpTcStrategyModuleCvc4 [1695023932] provided 0 perfect and 1 imperfect interpolant sequences [2022-11-20 11:34:46,619 INFO L184 FreeRefinementEngine]: Found 0 perfect and 2 imperfect interpolant sequences. [2022-11-20 11:34:46,619 INFO L197 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [34, 29] total 42 [2022-11-20 11:34:46,619 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [380823965] [2022-11-20 11:34:46,620 INFO L85 oduleStraightlineAll]: Using 2 imperfect interpolants to construct interpolant automaton [2022-11-20 11:34:46,620 INFO L571 AbstractCegarLoop]: INTERPOLANT automaton has 43 states [2022-11-20 11:34:46,620 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-11-20 11:34:46,621 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 43 interpolants. [2022-11-20 11:34:46,621 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=126, Invalid=733, Unknown=17, NotChecked=1104, Total=1980 [2022-11-20 11:34:46,621 INFO L87 Difference]: Start difference. First operand 171 states and 222 transitions. Second operand has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:34:50,492 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-11-20 11:34:50,492 INFO L93 Difference]: Finished difference Result 227 states and 296 transitions. [2022-11-20 11:34:50,493 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 21 states. [2022-11-20 11:34:50,494 INFO L78 Accepts]: Start accepts. Automaton has has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) Word has length 98 [2022-11-20 11:34:50,494 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-11-20 11:34:50,495 INFO L225 Difference]: With dead ends: 227 [2022-11-20 11:34:50,496 INFO L226 Difference]: Without dead ends: 227 [2022-11-20 11:34:50,496 INFO L412 NwaCegarLoop]: 0 DeclaredPredicates, 202 GetRequests, 156 SyntacticMatches, 1 SemanticMatches, 45 ConstructedPredicates, 16 IntricatePredicates, 0 DeprecatedPredicates, 104 ImplicationChecksByTransitivity, 11.5s TimeCoverageRelationStatistics Valid=135, Invalid=842, Unknown=17, NotChecked=1168, Total=2162 [2022-11-20 11:34:50,497 INFO L413 NwaCegarLoop]: 37 mSDtfsCounter, 23 mSDsluCounter, 413 mSDsCounter, 0 mSdLazyCounter, 1283 mSolverCounterSat, 23 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 2.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 23 SdHoareTripleChecker+Valid, 450 SdHoareTripleChecker+Invalid, 2336 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 23 IncrementalHoareTripleChecker+Valid, 1283 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 1030 IncrementalHoareTripleChecker+Unchecked, 2.6s IncrementalHoareTripleChecker+Time [2022-11-20 11:34:50,497 INFO L414 NwaCegarLoop]: SdHoareTripleChecker [23 Valid, 450 Invalid, 2336 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [23 Valid, 1283 Invalid, 0 Unknown, 1030 Unchecked, 2.6s Time] [2022-11-20 11:34:50,498 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 227 states. [2022-11-20 11:34:50,504 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 227 to 135. [2022-11-20 11:34:50,504 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 135 states, 104 states have (on average 1.0576923076923077) internal successors, (110), 108 states have internal predecessors, (110), 22 states have call successors, (22), 4 states have call predecessors, (22), 7 states have return successors, (42), 22 states have call predecessors, (42), 22 states have call successors, (42) [2022-11-20 11:34:50,505 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 135 states to 135 states and 174 transitions. [2022-11-20 11:34:50,505 INFO L78 Accepts]: Start accepts. Automaton has 135 states and 174 transitions. Word has length 98 [2022-11-20 11:34:50,506 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-11-20 11:34:50,506 INFO L495 AbstractCegarLoop]: Abstraction has 135 states and 174 transitions. [2022-11-20 11:34:50,506 INFO L496 AbstractCegarLoop]: INTERPOLANT automaton has has 43 states, 41 states have (on average 2.292682926829268) internal successors, (94), 42 states have internal predecessors, (94), 11 states have call successors, (11), 3 states have call predecessors, (11), 19 states have return successors, (19), 16 states have call predecessors, (19), 11 states have call successors, (19) [2022-11-20 11:34:50,506 INFO L276 IsEmpty]: Start isEmpty. Operand 135 states and 174 transitions. [2022-11-20 11:34:50,507 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 103 [2022-11-20 11:34:50,508 INFO L187 NwaCegarLoop]: Found error trace [2022-11-20 11:34:50,508 INFO L195 NwaCegarLoop]: trace histogram [11, 11, 11, 10, 10, 10, 10, 10, 10, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-11-20 11:34:50,519 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt (62)] Forceful destruction successful, exit code 0 [2022-11-20 11:34:50,729 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (61)] Forceful destruction successful, exit code 0 [2022-11-20 11:34:50,918 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 62 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/cvc4 --incremental --print-success --lang smt,61 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:34:50,918 INFO L420 AbstractCegarLoop]: === Iteration 35 === Targeting ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK === [ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE, ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK] === [2022-11-20 11:34:50,918 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-11-20 11:34:50,919 INFO L85 PathProgramCache]: Analyzing trace with hash 329760614, now seen corresponding path program 3 times [2022-11-20 11:34:50,919 INFO L118 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-11-20 11:34:50,919 INFO L333 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [351816860] [2022-11-20 11:34:50,920 INFO L93 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST2 [2022-11-20 11:34:50,920 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:34:50,920 INFO L189 MonitoredProcess]: No working directory specified, using /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat [2022-11-20 11:34:50,921 INFO L229 MonitoredProcess]: Starting monitored process 63 with /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-11-20 11:34:50,943 INFO L327 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (63)] Waiting until timeout for monitored process [2022-11-20 11:34:51,910 INFO L228 tOrderPrioritization]: Assert order OUTSIDE_LOOP_FIRST2 issued 11 check-sat command(s) [2022-11-20 11:34:51,910 INFO L229 tOrderPrioritization]: Conjunction of SSA is sat [2022-11-20 11:34:51,910 INFO L356 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-11-20 11:34:52,348 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-11-20 11:34:52,473 INFO L130 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-11-20 11:34:52,485 INFO L359 BasicCegarLoop]: Counterexample is feasible [2022-11-20 11:34:52,490 INFO L805 garLoopResultBuilder]: Registering result UNSAFE for location ULTIMATE.startErr2ASSERT_VIOLATIONMEMORY_LEAK (2 of 3 remaining) [2022-11-20 11:34:52,493 INFO L805 garLoopResultBuilder]: Registering result UNKNOWN for location ULTIMATE.startErr0REQUIRES_VIOLATIONMEMORY_DEREFERENCE (1 of 3 remaining) [2022-11-20 11:34:52,499 INFO L805 garLoopResultBuilder]: Registering result UNKNOWN for location ULTIMATE.startErr1REQUIRES_VIOLATIONMEMORY_DEREFERENCE (0 of 3 remaining) [2022-11-20 11:34:52,519 INFO L540 MonitoredProcess]: [MP /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 (63)] Forceful destruction successful, exit code 0 [2022-11-20 11:34:52,715 WARN L477 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 63 /tmp/vcloud_worker_vcloud-master_on_vcloud-master/run_dir_9b5e045d-6b5e-427f-9594-24a9a67834d5/bin/uautomizer-ug76WZFUDN/mathsat -theory.fp.to_bv_overflow_mode=1 -theory.fp.minmax_zero_mode=4 -theory.bv.div_by_zero_mode=1 -unsat_core_generation=3 [2022-11-20 11:34:52,719 INFO L444 BasicCegarLoop]: Path program histogram: [17, 9, 3, 1, 1, 1, 1, 1, 1] [2022-11-20 11:34:52,723 INFO L178 ceAbstractionStarter]: Computing trace abstraction results [2022-11-20 11:34:52,854 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.11 11:34:52 BoogieIcfgContainer [2022-11-20 11:34:52,855 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-11-20 11:34:52,855 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-11-20 11:34:52,856 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-11-20 11:34:52,856 INFO L275 PluginConnector]: Witness Printer initialized [2022-11-20 11:34:52,857 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.11 11:27:50" (3/4) ... [2022-11-20 11:34:52,860 INFO L140 WitnessPrinter]: No result that supports witness generation found [2022-11-20 11:34:52,874 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-11-20 11:34:52,875 INFO L158 Benchmark]: Toolchain (without parser) took 423891.80ms. Allocated memory was 83.9MB in the beginning and 132.1MB in the end (delta: 48.2MB). Free memory was 60.0MB in the beginning and 30.7MB in the end (delta: 29.3MB). Peak memory consumption was 79.9MB. Max. memory is 16.1GB. [2022-11-20 11:34:52,875 INFO L158 Benchmark]: CDTParser took 0.21ms. Allocated memory is still 83.9MB. Free memory is still 61.1MB. There was no memory consumed. Max. memory is 16.1GB. [2022-11-20 11:34:52,875 INFO L158 Benchmark]: CACSL2BoogieTranslator took 758.75ms. Allocated memory is still 83.9MB. Free memory was 59.8MB in the beginning and 56.3MB in the end (delta: 3.6MB). Peak memory consumption was 26.1MB. Max. memory is 16.1GB. [2022-11-20 11:34:52,876 INFO L158 Benchmark]: Boogie Procedure Inliner took 77.92ms. Allocated memory is still 83.9MB. Free memory was 56.3MB in the beginning and 53.8MB in the end (delta: 2.4MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-11-20 11:34:52,876 INFO L158 Benchmark]: Boogie Preprocessor took 60.66ms. Allocated memory is still 83.9MB. Free memory was 53.8MB in the beginning and 52.4MB in the end (delta: 1.4MB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-20 11:34:52,876 INFO L158 Benchmark]: RCFGBuilder took 524.14ms. Allocated memory is still 83.9MB. Free memory was 52.4MB in the beginning and 40.3MB in the end (delta: 12.2MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. [2022-11-20 11:34:52,876 INFO L158 Benchmark]: TraceAbstraction took 422444.82ms. Allocated memory was 83.9MB in the beginning and 132.1MB in the end (delta: 48.2MB). Free memory was 39.6MB in the beginning and 31.8MB in the end (delta: 7.8MB). Peak memory consumption was 60.1MB. Max. memory is 16.1GB. [2022-11-20 11:34:52,876 INFO L158 Benchmark]: Witness Printer took 19.22ms. Allocated memory is still 132.1MB. Free memory was 31.8MB in the beginning and 30.7MB in the end (delta: 1.0MB). There was no memory consumed. Max. memory is 16.1GB. [2022-11-20 11:34:52,877 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.21ms. Allocated memory is still 83.9MB. Free memory is still 61.1MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 758.75ms. Allocated memory is still 83.9MB. Free memory was 59.8MB in the beginning and 56.3MB in the end (delta: 3.6MB). Peak memory consumption was 26.1MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 77.92ms. Allocated memory is still 83.9MB. Free memory was 56.3MB in the beginning and 53.8MB in the end (delta: 2.4MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 60.66ms. Allocated memory is still 83.9MB. Free memory was 53.8MB in the beginning and 52.4MB in the end (delta: 1.4MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 524.14ms. Allocated memory is still 83.9MB. Free memory was 52.4MB in the beginning and 40.3MB in the end (delta: 12.2MB). Peak memory consumption was 12.6MB. Max. memory is 16.1GB. * TraceAbstraction took 422444.82ms. Allocated memory was 83.9MB in the beginning and 132.1MB in the end (delta: 48.2MB). Free memory was 39.6MB in the beginning and 31.8MB in the end (delta: 7.8MB). Peak memory consumption was 60.1MB. Max. memory is 16.1GB. * Witness Printer took 19.22ms. Allocated memory is still 132.1MB. Free memory was 31.8MB in the beginning and 30.7MB in the end (delta: 1.0MB). There was no memory consumed. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - UnprovableResult [Line: 772]: Unable to prove that all allocated memory was freed Unable to prove that all allocated memory was freed Reason: overapproximation of memtrack at line 772. Possible FailurePath: [L569] struct ldv_list_head ldv_global_msg_list = { &(ldv_global_msg_list), &(ldv_global_msg_list) }; VAL [ldv_global_msg_list={1:0}] [L773] CALL entry_point() [L761] int len = 10; VAL [ldv_global_msg_list={1:0}, len=10] [L762] CALL, EXPR ldv_malloc(sizeof(struct A18*)*len) VAL [\old(size)=40, ldv_global_msg_list={1:0}] [L526] COND TRUE __VERIFIER_nondet_int() [L527] return malloc(size); [L762] RET, EXPR ldv_malloc(sizeof(struct A18*)*len) VAL [ldv_global_msg_list={1:0}, ldv_malloc(sizeof(struct A18*)*len)={10:0}, len=10] [L762] struct A18 **array = (struct A18 **)ldv_malloc(sizeof(struct A18*)*len); [L763] struct A18 *p; [L764] int i=0; VAL [array={10:0}, i=0, ldv_global_msg_list={1:0}, len=10] [L765] COND FALSE !(!array) VAL [array={10:0}, i=0, ldv_global_msg_list={1:0}, len=10] [L766] COND TRUE i