scripts/cpa.sh -heap 3000M -noout -disable-java-assertions -predicateAnalysis-PredAbsRefiner-ABEl -setprop cpa.predicate.handlePointerAliasing=false -64 -timelimit 900s -stats -spec test/programs/benchmarks/ldv-linux-3.0/ALL.prp test/programs/benchmarks/ldv-linux-3.0/usb_urb-drivers-hid-usbhid-usbmouse.ko_false-unreach-call.cil.out.i.pp.i -------------------------------------------------------------------------------- Running CPAchecker with Java heap of size 3000M. Using the following resource limits: CPU-time limit of 900s (ResourceLimitChecker.fromConfiguration, INFO) CPAchecker 1.4-svn (OpenJDK 64-Bit Server VM 1.7.0_65) started (CPAchecker.run, INFO) line 5374: Dead code detected: Goto: while_break (CFACreationUtils.addEdgeToCFA, INFO) Dead code detected: Label while_break is not reachable. (CFAFunctionBuilder.leave, INFO) line 5459: Dead code detected: Goto: while_break (CFACreationUtils.addEdgeToCFA, INFO) Dead code detected: Label while_break is not reachable. (CFAFunctionBuilder.leave, INFO) Handling of pointer aliasing is disabled, analysis is unsound if aliased pointers exist. (PredicateCPA:PathFormulaManagerImpl., WARNING) Using predicate analysis with SMTInterpol 2.1-174-ga199d47-comp and JFactory 1.21. (PredicateCPA:PredicateCPA., INFO) Using refinement for predicate analysis with PredicateAbstractionRefinementStrategy strategy. (PredicateCPA:PredicateCPARefiner., INFO) The following configuration options were specified but are not used: cpa.predicate.memoryAllocationsAlwaysSucceed cpa.predicate.maxPreFilledAllocationSize (CPAchecker.printConfigurationWarnings, WARNING) Starting analysis ... (CPAchecker.runAlgorithm, INFO) Assuming external function ldv_initialize to be a constant function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function usb_register_driver to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function dev_get_drvdata to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function dev_set_drvdata to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function usb_kill_urb to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function input_unregister_device to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function warn_slowpath_null to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function input_allocate_device to be a constant function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function ldv_undefined_pointer to be a constant function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Program contains array, or pointer (multiple level of indirection), or field (enable handleFieldAccess and handleFieldAliasing) access; analysis is imprecise in case of aliasing. (PredicateCPA:CtoFormulaConverter.makeVariableUnsafe, WARNING) Assuming external function strlcpy to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function strlcat to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function snprintf to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function input_register_device to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function input_free_device to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function ldv_check_return_value to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Assuming external function usb_deregister to be a pure function. (PredicateCPA:ExpressionToFormulaVisitor.visit, INFO) Error path found, starting counterexample check with CPACHECKER. (CounterexampleCheckAlgorithm.checkCounterexample, INFO) Using the following resource limits: CPU-time limit of 900s (CounterexampleCheck:ResourceLimitChecker.fromConfiguration, INFO) Dereferencing of a non-pointer in expression *(epd) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@5e682583: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(mouse) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@4b131fe3: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(epd) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@77ec4fb7: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(intf) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@6560e244: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(epd) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@2df8e5e4: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(mouse) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@63ecceb3: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(dev) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@6cd0b6f8: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(intf) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@2dd40ea2: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(urb) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@365133ca: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(dev) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@6d222286: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(intf) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@5b65381c: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(dev) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@79b1cd58: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(dev) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@b85cfd8: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(intf) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@76a382ac: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(intf) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@5533c431: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Dereferencing of a non-pointer in expression *(intf) (org.eclipse.cdt.internal.core.dom.parser.ProblemType@7eba4a46: Type depends on an unresolved name) (CounterexampleCheck:ASTConverter.convert, WARNING) Error path found and confirmed by counterexample check with CPACHECKER. (CounterexampleCheckAlgorithm.checkCounterexample, INFO) Stopping analysis ... (CPAchecker.runAlgorithm, INFO) PredicateCPA statistics ----------------------- Number of abstractions: 6 (0% of all post computations) Times abstraction was reused: 0 Because of function entry/exit: 0 (0%) Because of loop head: 6 (100%) Because of join nodes: 0 (0%) Because of threshold: 0 (0%) Times precision was empty: 1 (17%) Times precision was {false}: 0 (0%) Times result was cached: 0 (0%) Times cartesian abs was used: 0 (0%) Times boolean abs was used: 5 (83%) Times result was 'false': 0 (0%) Number of strengthen sat checks: 21 Times result was 'false': 18 (86%) Number of coverage checks: 218 BDD entailment checks: 6 Number of SMT sat checks: 21 trivial: 0 cached: 0 Max ABE block size: 114 Number of predicates discovered: 6 Number of abstraction locations: 2 Max number of predicates per location: 5 Avg number of predicates per location: 5 Total predicates per abstraction: 24 Max number of predicates per abstraction: 5 Avg number of predicates per abstraction: 4.80 Number of irrelevant predicates: 0 (0%) Number of preds handled by boolean abs: 24 (100%) Total number of models for allsat: 22 Max number of models for allsat: 10 Avg number of models for allsat: 4.40 Number of path formula cache hits: 148 (7%) Time for post operator: 0.366s Time for path formula creation: 0.329s Actual computation: 0.362s Time for strengthen operator: 0.997s Time for satisfiability checks: 0.992s Time for prec operator: 1.345s Time for abstraction: 1.344s (Max: 0.621s, Count: 6) Boolean abstraction: 0.897s Solving time: 0.203s (Max: 0.085s) Model enumeration time: 0.680s Time for BDD construction: 0.001s (Max: 0.001s) Time for merge operator: 0.263s Time for coverage check: 0.008s Time for BDD entailment checks: 0.008s Total time for SMT solver (w/o itp): 1.875s Number of BDD nodes: 277 Size of BDD node table: 10007 Size of BDD node cleanup queue: 0 (count: 74, min: 0, max: 0, avg: 0,00) Time for BDD node cleanup: 0.000s Time for BDD garbage collection: 0.000s (in 0 runs) PrecisionBootstrap statistics ----------------------------- Init. function predicates: 0 Init. global predicates: 0 Init. location predicates: 0 AutomatonAnalysis (SVCOMP) statistics ------------------------------------- Number of states: 1 Total time for successor computation: 0.069s Automaton transfers with branching: 0 Automaton transfer successors: 3057 (count: 3057, min: 1, max: 1, avg: 1,00) [1 x 3057] CPA algorithm statistics ------------------------ Number of iterations: 1205 Max size of waitlist: 18 Average size of waitlist: 9 Number of computed successors: 1331 Max successors for one state: 2 Number of times merged: 106 Number of times stopped: 107 Number of times breaked: 3 Total time for CPA algorithm: 3.365s (Max: 3.227s) Time for choose from waitlist: 0.014s Time for precision adjustment: 1.414s Time for transfer relation: 1.526s Time for merge operator: 0.281s Time for stop operator: 0.021s Time for adding to reached set: 0.053s Predicate-Abstraction Refiner statistics ---------------------------------------- Avg. length of target path (in blocks): 8 (count: 3, min: 2, max: 4, avg: 2,67) Time for refinement: 1.673s Counterexample analysis: 0.687s (Max: 0.664s, Calls: 3) Refinement sat check: 0.468s Interpolant computation: 0.008s Error path post-processing: 0.975s Path-formulas extraction: 0.000s Building the counterexample trace: 0.688s Extracting precise counterexample: 0.975s Predicate creation: 0.000s Precision update: 0.001s ARG update: 0.001s Length of refined path (in blocks): 2 (count: 1, min: 2, max: 2, avg: 2,00) Number of affected states: 1 (count: 1, min: 1, max: 1, avg: 1,00) Length (states) of path with itp 'true': 0 (count: 1, min: 0, max: 0, avg: 0,00) Length (states) of path with itp non-trivial itp: 1 (count: 1, min: 1, max: 1, avg: 1,00) Length (states) of path with itp 'false': 0 (count: 1, min: 0, max: 0, avg: 0,00) Different non-trivial interpolants along paths: 0 (count: 1, min: 0, max: 0, avg: 0,00) Equal non-trivial interpolants along paths: 0 (count: 1, min: 0, max: 0, avg: 0,00) Different precisions along paths: 0 (count: 0, min: 0, max: 0, avg: 0,00) Equal precisions along paths: 0 (count: 0, min: 0, max: 0, avg: 0,00) Number of refs with location-based cutoff: 0 CEGAR algorithm statistics -------------------------- Number of refinements: 3 Number of successful refinements: 2 Number of failed refinements: 0 Max. size of reached set before ref.: 1087 Max. size of reached set after ref.: 23 Avg. size of reached set before ref.: 416.33 Avg. size of reached set after ref.: 12.00 Total time for CEGAR algorithm: 5.045s Time for refinements: 1.680s Average time for refinement: 0.560s Max time for refinement: 1.642s Counterexample-Check Algorithm statistics ----------------------------------------- Number of counterexample checks: 1 Number of infeasible paths: 0 (0%) Time for counterexample checks: 1.789s CPAchecker general statistics ----------------------------- Number of program locations: 393 Number of functions: 36 Number of loops: 1 Size of reached set: 1087 Number of reached locations: 311 (79%) Avg states per location: 3 Max states per location: 19 (at node N502) Number of reached functions: 27 (75%) Number of partitions: 1085 Avg size of partitions: 1 Max size of partitions: 3 (with key [N442 (before lines 5217-5296), Function main called from node N426, stack depth 1 [41b4b425], stack [main], Init]) Number of target states: 1 Size of final wait list 5 Time for analysis setup: 3.193s Time for loading CPAs: 0.638s Time for loading parser: 0.736s Time for CFA construction: 1.763s Time for parsing file(s): 0.776s Time for AST to CFA: 0.621s Time for CFA sanity check: 0.000s Time for post-processing: 0.146s Time for var class.: 0.000s Time for Analysis: 6.834s CPU time for analysis: 6.830s Total time for CPAchecker: 10.027s Total CPU time for CPAchecker: 10.030s Time for Garbage Collector: 0.171s (in 2 runs) Garbage Collector(s) used: PS MarkSweep, PS Scavenge Used heap memory: 150MB ( 143 MiB) max; 80MB ( 76 MiB) avg; 151MB ( 144 MiB) peak Used non-heap memory: 24MB ( 23 MiB) max; 19MB ( 18 MiB) avg; 24MB ( 23 MiB) peak Used in PS Old Gen pool: 0MB ( 0 MiB) max; 0MB ( 0 MiB) avg; 0MB ( 0 MiB) peak Allocated heap memory: 637MB ( 607 MiB) max; 515MB ( 491 MiB) avg Allocated non-heap memory: 25MB ( 24 MiB) max; 24MB ( 23 MiB) avg Total process virtual memory: 4967MB ( 4737 MiB) max; 4908MB ( 4681 MiB) avg Verification result: FALSE. Property violation (__VERIFIER_error(); called in line 5319) found by chosen configuration. More details about the verification run can be found in the directory "./output".