Collect and report MathSAT5 problems

kfriedberger commented 4 years ago

There are several smaller bugs in MathSAT5 (version 5.6.3) that need to be reported to the MathSAT5 developers. Most of the bugs regularly appear in CPAchecker benchmarks.

We can set a low priority for interpolation-related problems like mixed AB terms or ie-local interpolant which we already handle via an internal whitelist. The main goal of this issue is to detect crashes during normal activities like check-sat or get-model.

The following issues are known in CPAchecker:

SegFault during check-sat:
This Buildbot table contains several cases where MathSAT5 fails with a nondeterministic SegFault.
NoSuchElementException during model-iteration:
Issue CPAchecker#651 already mentiones this problem.
The following cmdline for CPAchecker triggers the bug: scripts/cpa.sh -noout -setprop cpa.predicate.memoryAllocationsAlwaysSucceed=true -terminationAnalysis -64 -spec test/programs/benchmarks/properties/termination.prp test/programs/benchmarks/termination-15/add_first_alloca.i
IllegalArgumentException in model computation:
Issue Cpachecker#680 also mentiones a model problem. Parts of it seem to have been resolved and fixed already. Current status is unknown.

We need to check whether there are more exception in any Buildbot jobs. The reasiest way is to take a look at the result tables and filter for exception or error. This should be done regularly anyway.

The optimal case would be to extract an SMT query from CPAchecker that directly crashes the MathSAT binary release. For this, just enable output (do not use -benchmark or -noout) and use-setprop solver.logAllQueries=true` to dump the queries. It might even be possible to shorten the query before reporting them. Further investigation of API calls is difficult, as we need to tell Alberto where to look for a bug. We could try to provide a more elaborate stacktrace, or extract the last solved (or failing) query and implement a small C-programm directly linked against MathSAT5. Any better idea is welcome.

baierd commented 4 years ago

The first problem is not reproduceable for me on the current CPAchecker version. It was in the version from 2 weeks ago, so either JavaSMT version 2.6.0 changed something (We didn't change the Mathsat version in that release) or CPAchecker changed something in the last ~12 days. I extracted the query from that problem and can't reproduce a crash in Mathsat itself (current release version) no matter how often i let it run.

The third problem is not reproduceable for me either in the CPAchecker, but this may be fixed as it was reported earlier this year. The issue stated above for this has some SMT querys that are interesting though! The formula is UNSAT per definition, so checking the model afterwards results in no model. Creating a model-iter with msat_create_model_iterator() results in an error as it should. (I checked this with native code. Calling msat_create_model_iterator() after the UNSAT fails a subsequent assert of the return value of the msat_create_model_iterator() call. It is possible that that was/is a problem with our code that we don't check properly that no model is checked after UNSAT or that we don't check the return value of msat_create_model_iterator() resulting in calling a subsequent method with a null pointer.)

The second problem persists and i could recreate the crash in Mathsat. Program below:

//Example for failing model iterator in mathsat5
//Most of this code is copied from the example on the webpage and edited

/* 
 * to compile: gcc example_model_iterator.c -I${MSAT_DIR}/include -L${MSAT_DIR}/lib -lmathsat -lgmpxx -lgmp -lstdc++ -o example_model_iterator
 */

#include <stdio.h>
#include <assert.h>
#include <stdlib.h>
#include "mathsat.h"

// Taken directly from example on the mathsat webpage
static void print_model(msat_env env)
{
    msat_model_iterator iter = msat_create_model_iterator(env);
    assert(!MSAT_ERROR_MODEL_ITERATOR(iter));

    printf("Model:\n");
    while (msat_model_iterator_has_next(iter)) {
        msat_term t, v;
        char *s;
        msat_model_iterator_next(iter, &t, &v);  // As far as i understand this causes the crash!
        s = msat_term_repr(t);
        assert(s);
        printf(" %s = ", s);
        msat_free(s);
        s = msat_term_repr(v);
        assert(s);
        printf("%s\n", s);
        msat_free(s);
    }
    msat_destroy_model_iterator(iter);
}

static void modelCrashExample()
{
    msat_config cfg;
    msat_env env;
    msat_result status;
    int res;

    printf("\nExample start\n");

    cfg = msat_create_config();
    /* enable model generation */
    msat_set_option(cfg, "model_generation", "true");

    env = msat_create_env(cfg);
    assert(!MSAT_ERROR_ENV(env));

    // Parse SMT-LIB2 file that will cause a crash in the model later
    FILE *fp = fopen("mathsat_model_iter_segfault", "r");
    if (fp == NULL) {
      fprintf(stderr, "Can't open input file in example!\n");
      exit(1);
    }

    res = msat_push_backtrack_point(env);
    assert(res == 0);
    msat_term parsed_formula = msat_from_smtlib2_file(env, fp);
    assert(!MSAT_ERROR_TERM(parsed_formula));
    res = msat_assert_formula(env, parsed_formula);
    assert(res == 0);

    printf("Parsed, now check SAT\n");

    status = msat_solve(env);
    assert(status == MSAT_SAT);

    printf("SAT, now get model\n");

    /* display the model. Will cause a Segmentation fault */
    print_model(env);

    msat_destroy_env(env);
    msat_destroy_config(cfg);

    printf("\nEnd of example\n");
}

int main()
{
    printf("This example illustrates a SegFault when using the model iterator\n");

    modelCrashExample();

    return 0;
}

The file that is getting parsed: (More then likely you can delete the options! I just let them be as that's the exact dump of the problem in the CPAchecker. I just commented out the push as it would crash and the sat check as i wanted to do that manually in the program.)

;; MathSAT API call trace
;; generated on Thu 16 Jul 2020 10:28:14 AM CEST
(set-option :global-declarations true)
(set-option :config "verbosity=0")
(set-option :config "proof_generation=false")
(set-option :config "interpolation=false")
(set-option :config "model_generation=true")
(set-option :config "bool_model_generation=false")
(set-option :config "unsat_core_generation=0")
(set-option :config "random_seed=42")
(set-option :config "debug.dump_theory_lemmas=false")
(set-option :config "debug.solver_enabled=true")
(set-option :config "printer.bv_number_format=0")
(set-option :config "printer.fp_number_format=1")
(set-option :config "printer.defines_prefix=")
(set-option :config "printer.model_as_formula=false")
(set-option :config "preprocessor.toplevel_propagation=true")
(set-option :config "preprocessor.toplevel_propagation_limit=0")
(set-option :config "preprocessor.simplification=23")
(set-option :config "preprocessor.ite_minimization=false")
(set-option :config "preprocessor.ite_minimization_call_limit=150000")
(set-option :config "preprocessor.interpolation_ite_elimination=false")
(set-option :config "preprocessor.partial_nnf_conversion=false")
(set-option :config "preprocessor.full_cnf_conversion=false")
(set-option :config "dpll.restart_strategy=0")
(set-option :config "dpll.restart_initial=200")
(set-option :config "dpll.restart_geometric_factor=1.5")
(set-option :config "dpll.store_tlemmas=false")
(set-option :config "dpll.branching_random_frequency=0.001")
(set-option :config "dpll.branching_initial_phase=0")
(set-option :config "dpll.branching_cache_phase=2")
(set-option :config "dpll.branching_random_invalidate_phase_cache=false")
(set-option :config "dpll.branching_random_ignore_polarity=true")
(set-option :config "dpll.ghost_filtering=true")
(set-option :config "dpll.minimize_model=false")
(set-option :config "dpll.allsat_minimize_model=false")
(set-option :config "dpll.allsat_allow_duplicates=false")
(set-option :config "dpll.pop_btpoint_reset_var_order=true")
(set-option :config "dpll.glucose_var_activity=false")
(set-option :config "dpll.glucose_learnt_minimization=false")
(set-option :config "dpll.interpolation_mode=0")
(set-option :config "dpll.proof_simplification=false")
(set-option :config "dpll.preprocessor.mode=0")
(set-option :config "dpll.preprocessor.clause_size_limit=20")
(set-option :config "dpll.preprocessor.subsumption_size_limit=1000")
(set-option :config "dpll.preprocessor.elimination_grow_limit=0")
(set-option :config "dpll.preprocessor.elimination_phase=1")
(set-option :config "dpll.preprocessor.elimination_recent_vars_only=false")
(set-option :config "dpll.preprocessor.try_reelimination=true")
(set-option :config "theory.eq_propagation=true")
(set-option :config "theory.interface_eq_policy=2")
(set-option :config "theory.pairwise_interface_eq=true")
(set-option :config "theory.interface_eq_batch_size=100")
(set-option :config "theory.pure_literal_filtering=false")
(set-option :config "theory.euf.enabled=true")
(set-option :config "theory.euf.dyn_ack=0")
(set-option :config "theory.euf.dyn_ack_threshold=1")
(set-option :config "theory.euf.dyn_ack_limit=1000")
(set-option :config "theory.la.enabled=true")
(set-option :config "theory.la.split_rat_eq=false")
(set-option :config "theory.la.delay_alien=false")
(set-option :config "theory.la.pivoting_greedy_threshold=0")
(set-option :config "theory.la.lazy_expl_threshold=10")
(set-option :config "theory.la.interpolation_laz_use_floor=true")
(set-option :config "theory.la.pure_equality_filtering=true")
(set-option :config "theory.la.detect_euf_fragment=false")
(set-option :config "theory.la.deduction_enabled=true")
(set-option :config "theory.la.laz_equality_elimination=true")
(set-option :config "theory.la.laz_internal_branch_and_bound=true")
(set-option :config "theory.la.laz_internal_branch_and_bound_limit=1")
(set-option :config "theory.la.laz_cuts_from_proofs_mode=3")
(set-option :config "theory.la.laz_enabled=true")
(set-option :config "theory.la.laz_unit_cube_test=true")
(set-option :config "theory.la.interpolation_mode=0")
(set-option :config "theory.bv.enabled=true")
(set-option :config "theory.bv.div_by_zero_mode=0")
(set-option :config "theory.bv.delay_propagated_eqs=true")
(set-option :config "theory.bv.eager=true")
(set-option :config "theory.bv.bit_blast_mode=1")
(set-option :config "theory.bv.interpolation_mode=0")
(set-option :config "theory.bv.proof_simplification=false")
(set-option :config "theory.bv.lazydpll.restart_strategy=0")
(set-option :config "theory.bv.lazydpll.restart_initial=200")
(set-option :config "theory.bv.lazydpll.restart_geometric_factor=1.5")
(set-option :config "theory.bv.lazydpll.branching_random_frequency=0")
(set-option :config "theory.bv.lazydpll.branching_initial_phase=0")
(set-option :config "theory.bv.lazydpll.branching_cache_phase=2")
(set-option :config "theory.bv.lazydpll.branching_random_invalidate_phase_cache=false")
(set-option :config "theory.bv.lazydpll.branching_random_ignore_polarity=true")
(set-option :config "theory.bv.lazydpll.ghost_filtering=false")
(set-option :config "theory.bv.lazydpll.glucose_var_activity=false")
(set-option :config "theory.bv.lazydpll.glucose_learnt_minimization=false")
(set-option :config "theory.arr.enabled=true")
(set-option :config "theory.arr.mode=0")
(set-option :config "theory.arr.lazy_lemmas=false")
(set-option :config "theory.arr.max_ext_lemmas=0")
(set-option :config "theory.arr.enable_ext_polarity=true")
(set-option :config "theory.arr.enable_ext_arg=true")
(set-option :config "theory.arr.enable_witness=true")
(set-option :config "theory.fp.enabled=true")
(set-option :config "theory.fp.minmax_zero_mode=1")
(set-option :config "theory.fp.mode=1")
(set-option :config "theory.fp.bv_combination_enabled=true")
(set-option :config "theory.fp.bit_blast_mode=2")
(set-option :config "theory.fp.dpll.restart_strategy=3")
(set-option :config "theory.fp.dpll.restart_initial=200")
(set-option :config "theory.fp.dpll.restart_geometric_factor=1.5")
(set-option :config "theory.fp.dpll.branching_random_frequency=0.01")
(set-option :config "theory.fp.dpll.branching_initial_phase=0")
(set-option :config "theory.fp.dpll.branching_cache_phase=1")
(set-option :config "theory.fp.dpll.branching_random_invalidate_phase_cache=false")
(set-option :config "theory.fp.dpll.branching_random_ignore_polarity=true")
(set-option :config "theory.fp.dpll.ghost_filtering=false")
(set-option :config "theory.fp.dpll.glucose_var_activity=true")
(set-option :config "theory.fp.dpll.glucose_learnt_minimization=true")
(set-option :config "theory.fp.acdcl_conflict_generalization=2")
(set-option :config "theory.fp.interpolation_mode=0")
(set-option :config "theory.fp.acdcl_single_propagation_limit=0")
(set-option :config "theory.fp.acdcl_single_generalization_limit=0")
(set-option :config "theory.fp.acdcl_generalization_fair=true")
(set-option :config "theory.na.enabled=true")
(set-option :config "theory.na.permanent_lemmas=true")
(set-option :config "theory.na.eager_lemmas=false")
(set-option :config "theory.na.enable_tangent_lemmas_frontier=true")
(set-option :config "theory.na.tangent_lemmas_rat_approx=0")
(set-option :config "theory.na.tangent_lemmas_limit=0")
(set-option :config "theory.na.tangent_lemmas_enabled=true")
(set-option :config "theory.na.sat_check_enabled=true")
(set-option :config "theory.na.bound_lemmas_enabled=true")
(set-option :config "theory.na.nta_enabled=true")
(set-option :config "theory.na.nta_rat_approx=3")
(set-option :config "theory.na.nta_rat_approx_limit=10")
(set-option :config "theory.na.nta_sat_mode=1")
(set-option :config "theory.na.nta_eager=true")

; (push 1)
(declare-fun __VERIFIER_nondet_int!2@ () Int)
(declare-fun |main::length@3| () Int)
(declare-fun |__ADDRESS_OF___VERIFIER_successful_alloc_*void#1@| () Int)
(declare-fun |main::arr@3| () Int)
(declare-fun |main::a@2| () Int)
(declare-fun *int@1 () (Array Int Int))
(declare-fun *int@2 () (Array Int Int))
(declare-fun |main::__CPAchecker_TMP_0@2| () Int)
(declare-fun |main::a@3| () Int)
(define-fun v8 () Int 0)
(define-fun v13 () Int 4)
(define-fun v14 () Int __VERIFIER_nondet_int!2@)
(define-fun v15 () Int |main::length@3|)
(define-fun v16 () Bool (= v14 v15))
(define-fun v17 () Int 1)
(define-fun v18 () Bool (<= v17 v15))
(define-fun v22 () Bool (and v16 v18))
(define-fun v30 () Int |__ADDRESS_OF___VERIFIER_successful_alloc_*void#1@|)
(define-fun v31 () Bool (<= v30 v8))
(define-fun v32 () Bool (not v31))
(define-fun v33 () Bool ((_ divisible 4) (- v30 v8)))
(define-fun v35 () Int (- 4))
(define-fun v36 () Bool (<= v30 v35))
(define-fun v37 () Bool (not v36))
(define-fun v41 () Int |main::arr@3|)
(define-fun v42 () Bool (= v30 v41))
(define-fun v43 () Bool (and v32 v33))
(define-fun v44 () Bool (and v37 v43))
(define-fun v48 () Bool (= v41 v8))
(define-fun v51 () Bool (not v48))
(define-fun v54 () Int (- 1))
(define-fun v56 () Int |main::a@2|)
(define-fun v57 () Int (* v54 v56))
(define-fun v58 () Int (+ v41 v57))
(define-fun v2300 () (Array Int Int) *int@1)
(define-fun v2304 () (Array Int Int) *int@2)
(define-fun v6120 () Int (select v2300 v56))
(define-fun v6121 () Int (select v2300 v41))
(define-fun v6122 () Bool (= v6120 v6121))
(define-fun v6123 () Bool (not v6122))
(define-fun v6135 () Int |main::__CPAchecker_TMP_0@2|)
(define-fun v6136 () Bool (= v56 v6135))
(define-fun v6139 () Int |main::a@3|)
(define-fun v6140 () Int (* v54 v6139))
(define-fun v6141 () Int (+ v56 v6140))
(define-fun v6142 () Bool (= v6141 v13))
(define-fun v6144 () Int (+ v6120 v6121))
(define-fun v6145 () (Array Int Int) (store v2300 v56 v6144))
(define-fun v6146 () Bool (= v2304 v6145))
(define-fun v18733 () Int (* v13 v15))
(define-fun v18735 () Int (+ v18733 v30))
(define-fun v18736 () Bool (<= v18735 v8))
(define-fun v18737 () Bool (not v18736))
(define-fun v18738 () Bool (and v44 v18737))
(define-fun v18739 () Bool (and v42 v18738))
(define-fun v18740 () Bool (and v22 v18739))
(define-fun v18741 () Bool (and v51 v18740))
(define-fun v18744 () Int (+ v18733 v58))
(define-fun v18745 () Bool (= v18744 v13))
(define-fun v18746 () Bool (and v18741 v18745))
(define-fun v18747 () Bool (and v6123 v18746))
(define-fun v18748 () Bool (and v6146 v18747))
(define-fun v18749 () Bool (and v6136 v18748))
(define-fun v18750 () Bool (and v6142 v18749))
(assert v18750)
; (check-sat)

kfriedberger commented 4 years ago

Thanks for the example program. Alberto already reported back and explained the behaviour of msat_model_iterator_next. It returns -1 on error and we did not check that. The missing model for this query is another bug in MathSAT5 that might be fixed separately.

The cmdline for CPAchecker for the first bug is:

scripts/cpa.sh -noout -heap 2000M -predicateAnalysis-linear \
    -setprop cpa.predicate.memoryAllocationsAlwaysSucceed=true \
    -timelimit 60s -stats -spec test/programs/benchmarks/properties/unreach-call.prp \
    test/programs/benchmarks/loops/linear_search.c \
    -setprop cpa.predicate.refinement.cexTraceCheckDirection=FORWARDS \
    -setprop cpa.predicate.refinement.incrementalCexTraceCheck=false

The change in CPAchecker happened in r34450, where default values for interpolation-related prover usage was changed.

baierd commented 4 years ago

Maybe we should reflect these checks in our wrapper? In the native mathsat C code nearly all important method calls should be checked for errors afterwards, just like the examples show(i.e. assert, create environment, model iterator). We could simply check for these errors in the wrapper and throw an exception there? That would be better than a SegFault i think.

With the cmdline you posted i can recreate the crash, thanks. I'm on it.

kfriedberger commented 4 years ago

Most of the checks are already implemented. The method msat_model_iterator_next is checked in the Java code in Mathsat5Model#toList. However, it seems to crash directly within the call, thus the check is never reached in this case. Thus, there is a real bug in MathSAT5 that can not be handled on our side.

baierd commented 4 years ago

The log of the query you provided crashes Mathsat reliable with a SegFault. Is a C-Program that parses better or is the plain parseable log enough?

The following can be run with Mathsat by copying it into a file with ending .smt2 and running it with the Mathsat binary located in /bin in the current version with: ./mathsat -input=smt2 < NAME_OF_YOUR_FILE.smt2

If you delete the last interpolation group it returns SAT reliable.

;; MathSAT API call trace
;; generated on Mon 27 Jul 2020 01:56:24 PM CEST
(set-option :global-declarations true)
(set-option :config "verbosity=0")
(set-option :config "proof_generation=true")
(set-option :config "interpolation=true")
(set-option :config "model_generation=true")
(set-option :config "bool_model_generation=false")
(set-option :config "unsat_core_generation=0")
(set-option :config "random_seed=42")
(set-option :config "debug.dump_theory_lemmas=false")
(set-option :config "debug.solver_enabled=true")
(set-option :config "printer.bv_number_format=0")
(set-option :config "printer.fp_number_format=1")
(set-option :config "printer.defines_prefix=")
(set-option :config "printer.model_as_formula=false")
(set-option :config "preprocessor.toplevel_propagation=false")
(set-option :config "preprocessor.toplevel_propagation_limit=0")
(set-option :config "preprocessor.simplification=23")
(set-option :config "preprocessor.ite_minimization=false")
(set-option :config "preprocessor.ite_minimization_call_limit=150000")
(set-option :config "preprocessor.interpolation_ite_elimination=false")
(set-option :config "preprocessor.partial_nnf_conversion=false")
(set-option :config "preprocessor.full_cnf_conversion=false")
(set-option :config "dpll.restart_strategy=0")
(set-option :config "dpll.restart_initial=200")
(set-option :config "dpll.restart_geometric_factor=1.5")
(set-option :config "dpll.store_tlemmas=false")
(set-option :config "dpll.branching_random_frequency=0.001")
(set-option :config "dpll.branching_initial_phase=0")
(set-option :config "dpll.branching_cache_phase=2")
(set-option :config "dpll.branching_random_invalidate_phase_cache=false")
(set-option :config "dpll.branching_random_ignore_polarity=true")
(set-option :config "dpll.ghost_filtering=true")
(set-option :config "dpll.minimize_model=false")
(set-option :config "dpll.allsat_minimize_model=false")
(set-option :config "dpll.allsat_allow_duplicates=false")
(set-option :config "dpll.pop_btpoint_reset_var_order=true")
(set-option :config "dpll.glucose_var_activity=false")
(set-option :config "dpll.glucose_learnt_minimization=false")
(set-option :config "dpll.interpolation_mode=0")
(set-option :config "dpll.proof_simplification=false")
(set-option :config "dpll.preprocessor.mode=0")
(set-option :config "dpll.preprocessor.clause_size_limit=20")
(set-option :config "dpll.preprocessor.subsumption_size_limit=1000")
(set-option :config "dpll.preprocessor.elimination_grow_limit=0")
(set-option :config "dpll.preprocessor.elimination_phase=1")
(set-option :config "dpll.preprocessor.elimination_recent_vars_only=false")
(set-option :config "dpll.preprocessor.try_reelimination=true")
(set-option :config "theory.eq_propagation=true")
(set-option :config "theory.interface_eq_policy=2")
(set-option :config "theory.pairwise_interface_eq=true")
(set-option :config "theory.interface_eq_batch_size=100")
(set-option :config "theory.pure_literal_filtering=false")
(set-option :config "theory.euf.enabled=true")
(set-option :config "theory.euf.dyn_ack=0")
(set-option :config "theory.euf.dyn_ack_threshold=1")
(set-option :config "theory.euf.dyn_ack_limit=1000")
(set-option :config "theory.la.enabled=true")
(set-option :config "theory.la.split_rat_eq=false")
(set-option :config "theory.la.delay_alien=false")
(set-option :config "theory.la.pivoting_greedy_threshold=0")
(set-option :config "theory.la.lazy_expl_threshold=10")
(set-option :config "theory.la.interpolation_laz_use_floor=true")
(set-option :config "theory.la.pure_equality_filtering=true")
(set-option :config "theory.la.detect_euf_fragment=false")
(set-option :config "theory.la.deduction_enabled=true")
(set-option :config "theory.la.laz_equality_elimination=true")
(set-option :config "theory.la.laz_internal_branch_and_bound=true")
(set-option :config "theory.la.laz_internal_branch_and_bound_limit=1")
(set-option :config "theory.la.laz_cuts_from_proofs_mode=3")
(set-option :config "theory.la.laz_enabled=true")
(set-option :config "theory.la.laz_unit_cube_test=true")
(set-option :config "theory.la.interpolation_mode=0")
(set-option :config "theory.bv.enabled=true")
(set-option :config "theory.bv.div_by_zero_mode=0")
(set-option :config "theory.bv.delay_propagated_eqs=true")
(set-option :config "theory.bv.eager=false")
(set-option :config "theory.bv.bit_blast_mode=1")
(set-option :config "theory.bv.interpolation_mode=0")
(set-option :config "theory.bv.proof_simplification=false")
(set-option :config "theory.bv.lazydpll.restart_strategy=0")
(set-option :config "theory.bv.lazydpll.restart_initial=200")
(set-option :config "theory.bv.lazydpll.restart_geometric_factor=1.5")
(set-option :config "theory.bv.lazydpll.branching_random_frequency=0")
(set-option :config "theory.bv.lazydpll.branching_initial_phase=0")
(set-option :config "theory.bv.lazydpll.branching_cache_phase=2")
(set-option :config "theory.bv.lazydpll.branching_random_invalidate_phase_cache=false")
(set-option :config "theory.bv.lazydpll.branching_random_ignore_polarity=true")
(set-option :config "theory.bv.lazydpll.ghost_filtering=false")
(set-option :config "theory.bv.lazydpll.glucose_var_activity=false")
(set-option :config "theory.bv.lazydpll.glucose_learnt_minimization=false")
(set-option :config "theory.arr.enabled=true")
(set-option :config "theory.arr.mode=0")
(set-option :config "theory.arr.lazy_lemmas=false")
(set-option :config "theory.arr.max_ext_lemmas=0")
(set-option :config "theory.arr.enable_ext_polarity=true")
(set-option :config "theory.arr.enable_ext_arg=true")
(set-option :config "theory.arr.enable_witness=true")
(set-option :config "theory.fp.enabled=true")
(set-option :config "theory.fp.minmax_zero_mode=1")
(set-option :config "theory.fp.mode=1")
(set-option :config "theory.fp.bv_combination_enabled=true")
(set-option :config "theory.fp.bit_blast_mode=2")
(set-option :config "theory.fp.dpll.restart_strategy=3")
(set-option :config "theory.fp.dpll.restart_initial=200")
(set-option :config "theory.fp.dpll.restart_geometric_factor=1.5")
(set-option :config "theory.fp.dpll.branching_random_frequency=0.01")
(set-option :config "theory.fp.dpll.branching_initial_phase=0")
(set-option :config "theory.fp.dpll.branching_cache_phase=1")
(set-option :config "theory.fp.dpll.branching_random_invalidate_phase_cache=false")
(set-option :config "theory.fp.dpll.branching_random_ignore_polarity=true")
(set-option :config "theory.fp.dpll.ghost_filtering=false")
(set-option :config "theory.fp.dpll.glucose_var_activity=true")
(set-option :config "theory.fp.dpll.glucose_learnt_minimization=true")
(set-option :config "theory.fp.acdcl_conflict_generalization=2")
(set-option :config "theory.fp.interpolation_mode=0")
(set-option :config "theory.fp.acdcl_single_propagation_limit=0")
(set-option :config "theory.fp.acdcl_single_generalization_limit=0")
(set-option :config "theory.fp.acdcl_generalization_fair=true")
(set-option :config "theory.na.enabled=true")
(set-option :config "theory.na.permanent_lemmas=true")
(set-option :config "theory.na.eager_lemmas=false")
(set-option :config "theory.na.enable_tangent_lemmas_frontier=true")
(set-option :config "theory.na.tangent_lemmas_rat_approx=0")
(set-option :config "theory.na.tangent_lemmas_limit=0")
(set-option :config "theory.na.tangent_lemmas_enabled=true")
(set-option :config "theory.na.sat_check_enabled=true")
(set-option :config "theory.na.bound_lemmas_enabled=true")
(set-option :config "theory.na.nta_enabled=true")
(set-option :config "theory.na.nta_rat_approx=3")
(set-option :config "theory.na.nta_rat_approx_limit=10")
(set-option :config "theory.na.nta_sat_mode=1")
(set-option :config "theory.na.nta_eager=true")

(push 1)
(declare-fun Integer_/_ (Int Int) Int)
(declare-fun SIZE@2 () Int)
(declare-fun MAX@2 () Int)
(declare-fun __VERIFIER_nondet_uint!2@ () Int)
(declare-fun |main::__CPAchecker_TMP_0@3| () Int)
(declare-fun SIZE@3 () Int)
(declare-fun |__ADDRESS_OF___VERIFIER_successful_alloc_*void#1@| () Int)
(declare-fun |main::a@3| () Int)
(declare-fun *int@1 () (Array Int Int))
(declare-fun *int@2 () (Array Int Int))
(declare-fun |linear_search::a@2| () Int)
(declare-fun |linear_search::n@2| () Int)
(declare-fun |linear_search::q@2| () Int)
(declare-fun |linear_search::j@2| () Int)
(define-fun .8 () Int 0)
(define-fun .12 () Int 4)
(define-fun .13 () Int SIZE@2)
(define-fun .14 () Bool (= .13 .8))
(define-fun .15 () Int 100000)
(define-fun .16 () Int MAX@2)
(define-fun .17 () Bool (= .16 .15))
(define-fun .18 () Bool (and .14 .17))
(define-fun .19 () Int __VERIFIER_nondet_uint!2@)
(define-fun .20 () Int |main::__CPAchecker_TMP_0@3|)
(define-fun .21 () Bool (= .19 .20))
(define-fun .22 () Bool (and .18 .21))
(define-fun .23 () Int 2)
(define-fun .24 () Int 1)
(define-fun .25 () Int (- 1))
(define-fun .26 () Int (Integer_/_ .20 .23))
(define-fun .27 () Bool (<= .8 .20))
(define-fun .29 () Int (- 2))
(define-fun .30 () Int (* .29 .26))
(define-fun .31 () Int (+ .20 .30))
(define-fun .32 () Bool (= .31 .8))
(define-fun .33 () Bool (or .27 .32))
(define-fun .34 () Int (+ .24 .26))
(define-fun .35 () Int (ite .33 .26 .34))
(define-fun .37 () Int SIZE@3)
(define-fun .38 () Int (* .25 .37))
(define-fun .39 () Int (+ .35 .38))
(define-fun .40 () Bool (= .39 .25))
(define-fun .41 () Bool (and .22 .40))
(define-fun .42 () Bool (<= .37 .24))
(define-fun .43 () Bool (not .42))
(define-fun .45 () Bool (and .41 .43))
(define-fun .47 () Bool (<= .16 .37))
(define-fun .48 () Bool (not .47))
(define-fun .50 () Bool (and .45 .48))
(define-fun .53 () Int (* .12 .37))
(define-fun .54 () Int |__ADDRESS_OF___VERIFIER_successful_alloc_*void#1@|)
(define-fun .55 () Bool (<= .54 .8))
(define-fun .56 () Bool (not .55))
(define-fun .57 () Bool ((_ divisible 4) (- .54 .8)))
(define-fun .59 () Int (- 4))
(define-fun .60 () Bool (<= .54 .59))
(define-fun .61 () Bool (not .60))
(define-fun .62 () Int (+ .53 .54))
(define-fun .63 () Bool (<= .62 .8))
(define-fun .64 () Bool (not .63))
(define-fun .65 () Int |main::a@3|)
(define-fun .66 () Bool (= .54 .65))
(define-fun .67 () Bool (and .56 .57))
(define-fun .68 () Bool (and .61 .67))
(define-fun .69 () Bool (and .64 .68))
(define-fun .70 () Bool (and .66 .69))
(define-fun .71 () Bool (and .50 .70))
(define-fun .72 () Int 3)
(define-fun .73 () Int (Integer_/_ .37 .23))
(define-fun .74 () Bool (<= .8 .37))
(define-fun .76 () Int (* .29 .73))
(define-fun .77 () Int (+ .37 .76))
(define-fun .78 () Bool (= .77 .8))
(define-fun .79 () Bool (or .74 .78))
(define-fun .80 () Int (+ .24 .73))
(define-fun .81 () Int (ite .79 .73 .80))
(define-fun .82 () Int (* .12 .81))
(define-fun .83 () Int (+ .65 .82))
(define-fun .84 () (Array Int Int) *int@1)
(define-fun .85 () (Array Int Int) *int@2)
(define-fun .86 () (Array Int Int) (store .84 .83 .72))
(define-fun .87 () Bool (= .85 .86))
(define-fun .88 () Bool (and .71 .87))
(define-fun .89 () Int |linear_search::a@2|)
(define-fun .90 () Bool (= .65 .89))
(define-fun .91 () Int |linear_search::n@2|)
(define-fun .92 () Bool (= .37 .91))
(define-fun .93 () Bool (and .90 .92))
(define-fun .94 () Int |linear_search::q@2|)
(define-fun .95 () Bool (= .94 .72))
(define-fun .96 () Bool (and .93 .95))
(define-fun .97 () Bool (and .88 .96))
(define-fun .98 () Int |linear_search::j@2|)
(define-fun .99 () Bool (= .98 .8))
(define-fun .100 () Bool (and .97 .99))
(assert (! .100 :interpolation-group .g0))
(push 1)
(assert (! true :interpolation-group .g0))
(declare-fun |linear_search::j@3| () Int)
(declare-fun |linear_search::j@4| () Int)
(define-fun .101 () Bool (<= .91 .98))
(define-fun .102 () Bool (not .101))
(define-fun .104 () Int (* .12 .98))
(define-fun .105 () Int (+ .89 .104))
(define-fun .106 () Int (select .85 .105))
(define-fun .107 () Bool (= .94 .106))
(define-fun .108 () Bool (not .107))
(define-fun .110 () Bool (and .102 .108))
(define-fun .128 () Int |linear_search::j@3|)
(define-fun .129 () Int (* .25 .128))
(define-fun .130 () Int (+ .98 .129))
(define-fun .131 () Bool (= .130 .25))
(define-fun .132 () Bool (and .110 .131))
(define-fun .133 () Int 20)
(define-fun .134 () Bool (= .128 .133))
(define-fun .136 () Bool (and .132 .134))
(define-fun .137 () Bool (not .134))
(define-fun .138 () Bool (and .132 .137))
(define-fun .139 () Int |linear_search::j@4|)
(define-fun .140 () Bool (= .139 .25))
(define-fun .141 () Bool (and .136 .140))
(define-fun .142 () Bool (= .128 .139))
(define-fun .143 () Bool (and .138 .142))
(define-fun .144 () Bool (or .141 .143))
(assert (! .144 :interpolation-group .g1))
(push 1)
(assert (! true :interpolation-group .g1))
(declare-fun |linear_search::j@5| () Int)
(declare-fun |linear_search::j@6| () Int)
(define-fun .366 () Bool (<= .91 .139))
(define-fun .367 () Bool (not .366))
(define-fun .369 () Int (* .12 .139))
(define-fun .370 () Int (+ .89 .369))
(define-fun .371 () Int (select .85 .370))
(define-fun .372 () Bool (= .94 .371))
(define-fun .373 () Bool (not .372))
(define-fun .375 () Bool (and .367 .373))
(define-fun .388 () Int |linear_search::j@5|)
(define-fun .389 () Int (* .25 .388))
(define-fun .390 () Int (+ .139 .389))
(define-fun .391 () Bool (= .390 .25))
(define-fun .392 () Bool (and .375 .391))
(define-fun .393 () Bool (= .388 .133))
(define-fun .395 () Bool (and .392 .393))
(define-fun .396 () Bool (not .393))
(define-fun .397 () Bool (and .392 .396))
(define-fun .398 () Int |linear_search::j@6|)
(define-fun .399 () Bool (= .398 .25))
(define-fun .400 () Bool (and .395 .399))
(define-fun .401 () Bool (= .388 .398))
(define-fun .402 () Bool (and .397 .401))
(define-fun .403 () Bool (or .400 .402))
(assert (! .403 :interpolation-group .g2))
(push 1)
(assert (! true :interpolation-group .g2))
(declare-fun |linear_search::__retval__@2| () Int)
(declare-fun |main::__CPAchecker_TMP_1@3| () Int)
(declare-fun |__VERIFIER_assert::cond@2| () Int)
(define-fun .118 () Int |linear_search::__retval__@2|)
(define-fun .119 () Bool (= .118 .8))
(define-fun .121 () Bool (= .118 .24))
(define-fun .124 () Int |main::__CPAchecker_TMP_1@3|)
(define-fun .125 () Bool (= .118 .124))
(define-fun .145 () Int |__VERIFIER_assert::cond@2|)
(define-fun .146 () Bool (= .124 .145))
(define-fun .148 () Bool (= .145 .8))
(define-fun .472 () Bool (<= .91 .398))
(define-fun .473 () Bool (not .472))
(define-fun .475 () Int (* .12 .398))
(define-fun .476 () Int (+ .89 .475))
(define-fun .477 () Int (select .85 .476))
(define-fun .478 () Bool (= .94 .477))
(define-fun .482 () Bool (and .473 .478))
(define-fun .483 () Bool (or .472 .482))
(define-fun .484 () Bool (<= .37 .398))
(define-fun .485 () Bool (not .484))
(define-fun .487 () Bool (and .483 .485))
(define-fun .488 () Bool (and .483 .484))
(define-fun .489 () Bool (and .119 .488))
(define-fun .490 () Bool (and .121 .487))
(define-fun .491 () Bool (or .489 .490))
(define-fun .492 () Bool (and .125 .491))
(define-fun .533 () Bool (and .146 .492))
(define-fun .534 () Bool (and .148 .533))
(assert (! .534 :interpolation-group .g3))
(check-sat)

baierd commented 4 years ago

If you delete the option: (set-option :config "theory.bv.eager=false") it doesn't crash anymore and results in SAT. Does that help?

kfriedberger commented 4 years ago

SMTLIB input is optimal. The option is a hint on some invalid BV handling.

kfriedberger commented 4 years ago

The bug seems to be already fixed in the nightly build from today. Thus, reporting might not help us here and we need to wait for the next release.

baierd commented 4 years ago

The following cmdLine results in a Exception in thread "main" java.lang.IllegalArgumentException: AB-mixed term in LaCombImp thrown by msat_get_interpolant(): scripts/cpa.sh -noout -heap 2000M -predicateAnalysis-linear -setprop cpa.predicate.memoryAllocationsAlwaysSucceed=true -timelimit 60s -stats -spec test/programs/benchmarks/properties/unreach-call.prp test/programs/benchmarks/ldv-regression/ex3_forlist.i

If i extract the SMTLIB2 (last item down below as it is a lot of text) and let it run in mathsat i get the following output with no problems (tried 5.6.0, current release and nightly):

sat
sat
sat
sat
sat
sat
sat
unsat
unsat
(not (= counter@2 0))
(not (= counter@2 0))
(not (= counter@2 0))
(and (<= |f::i@3| 0) (and (= |f::i@3| 0) (not (= |f::pointer@2| 0))))
(and (<= |f::i@5| 0) (not (= 0 (select |*(void)*@4| (+ __ADDRESS_OF_pp@ (* 4 |f::i@5|))))))

Do you know more about that exception and why it occurs @kfriedberger ?

SMTLIB2 of the problem:

;; MathSAT API call trace
;; generated on Thu 30 Jul 2020 05:34:10 PM CEST
(set-option :global-declarations true)
(set-option :config "verbosity=0")
(set-option :config "proof_generation=true")
(set-option :config "interpolation=true")
(set-option :config "model_generation=true")
(set-option :config "bool_model_generation=false")
(set-option :config "unsat_core_generation=0")
(set-option :config "random_seed=42")
(set-option :config "debug.dump_theory_lemmas=false")
(set-option :config "debug.solver_enabled=true")
(set-option :config "printer.bv_number_format=0")
(set-option :config "printer.fp_number_format=1")
(set-option :config "printer.defines_prefix=")
(set-option :config "printer.model_as_formula=false")
(set-option :config "preprocessor.toplevel_propagation=false")
(set-option :config "preprocessor.toplevel_propagation_limit=0")
(set-option :config "preprocessor.simplification=23")
(set-option :config "preprocessor.ite_minimization=false")
(set-option :config "preprocessor.ite_minimization_call_limit=150000")
(set-option :config "preprocessor.interpolation_ite_elimination=false")
(set-option :config "preprocessor.partial_nnf_conversion=false")
(set-option :config "preprocessor.full_cnf_conversion=false")
(set-option :config "dpll.restart_strategy=0")
(set-option :config "dpll.restart_initial=200")
(set-option :config "dpll.restart_geometric_factor=1.5")
(set-option :config "dpll.store_tlemmas=false")
(set-option :config "dpll.branching_random_frequency=0.001")
(set-option :config "dpll.branching_initial_phase=0")
(set-option :config "dpll.branching_cache_phase=2")
(set-option :config "dpll.branching_random_invalidate_phase_cache=false")
(set-option :config "dpll.branching_random_ignore_polarity=true")
(set-option :config "dpll.ghost_filtering=true")
(set-option :config "dpll.minimize_model=false")
(set-option :config "dpll.allsat_minimize_model=false")
(set-option :config "dpll.allsat_allow_duplicates=false")
(set-option :config "dpll.pop_btpoint_reset_var_order=true")
(set-option :config "dpll.glucose_var_activity=false")
(set-option :config "dpll.glucose_learnt_minimization=false")
(set-option :config "dpll.interpolation_mode=0")
(set-option :config "dpll.proof_simplification=false")
(set-option :config "dpll.preprocessor.mode=0")
(set-option :config "dpll.preprocessor.clause_size_limit=20")
(set-option :config "dpll.preprocessor.subsumption_size_limit=1000")
(set-option :config "dpll.preprocessor.elimination_grow_limit=0")
(set-option :config "dpll.preprocessor.elimination_phase=1")
(set-option :config "dpll.preprocessor.elimination_recent_vars_only=false")
(set-option :config "dpll.preprocessor.try_reelimination=true")
(set-option :config "theory.eq_propagation=true")
(set-option :config "theory.interface_eq_policy=2")
(set-option :config "theory.pairwise_interface_eq=true")
(set-option :config "theory.interface_eq_batch_size=100")
(set-option :config "theory.pure_literal_filtering=false")
(set-option :config "theory.euf.enabled=true")
(set-option :config "theory.euf.dyn_ack=0")
(set-option :config "theory.euf.dyn_ack_threshold=1")
(set-option :config "theory.euf.dyn_ack_limit=1000")
(set-option :config "theory.la.enabled=true")
(set-option :config "theory.la.split_rat_eq=false")
(set-option :config "theory.la.delay_alien=false")
(set-option :config "theory.la.pivoting_greedy_threshold=0")
(set-option :config "theory.la.lazy_expl_threshold=10")
(set-option :config "theory.la.interpolation_laz_use_floor=true")
(set-option :config "theory.la.pure_equality_filtering=true")
(set-option :config "theory.la.detect_euf_fragment=false")
(set-option :config "theory.la.deduction_enabled=true")
(set-option :config "theory.la.laz_equality_elimination=true")
(set-option :config "theory.la.laz_internal_branch_and_bound=true")
(set-option :config "theory.la.laz_internal_branch_and_bound_limit=1")
(set-option :config "theory.la.laz_cuts_from_proofs_mode=3")
(set-option :config "theory.la.laz_enabled=true")
(set-option :config "theory.la.laz_unit_cube_test=true")
(set-option :config "theory.la.interpolation_mode=0")
(set-option :config "theory.bv.enabled=true")
(set-option :config "theory.bv.div_by_zero_mode=0")
(set-option :config "theory.bv.delay_propagated_eqs=true")
(set-option :config "theory.bv.eager=false")
(set-option :config "theory.bv.bit_blast_mode=1")
(set-option :config "theory.bv.interpolation_mode=0")
(set-option :config "theory.bv.proof_simplification=false")
(set-option :config "theory.bv.lazydpll.restart_strategy=0")
(set-option :config "theory.bv.lazydpll.restart_initial=200")
(set-option :config "theory.bv.lazydpll.restart_geometric_factor=1.5")
(set-option :config "theory.bv.lazydpll.branching_random_frequency=0")
(set-option :config "theory.bv.lazydpll.branching_initial_phase=0")
(set-option :config "theory.bv.lazydpll.branching_cache_phase=2")
(set-option :config "theory.bv.lazydpll.branching_random_invalidate_phase_cache=false")
(set-option :config "theory.bv.lazydpll.branching_random_ignore_polarity=true")
(set-option :config "theory.bv.lazydpll.ghost_filtering=false")
(set-option :config "theory.bv.lazydpll.glucose_var_activity=false")
(set-option :config "theory.bv.lazydpll.glucose_learnt_minimization=false")
(set-option :config "theory.arr.enabled=true")
(set-option :config "theory.arr.mode=0")
(set-option :config "theory.arr.lazy_lemmas=false")
(set-option :config "theory.arr.max_ext_lemmas=0")
(set-option :config "theory.arr.enable_ext_polarity=true")
(set-option :config "theory.arr.enable_ext_arg=true")
(set-option :config "theory.arr.enable_witness=true")
(set-option :config "theory.fp.enabled=true")
(set-option :config "theory.fp.minmax_zero_mode=1")
(set-option :config "theory.fp.mode=1")
(set-option :config "theory.fp.bv_combination_enabled=true")
(set-option :config "theory.fp.bit_blast_mode=2")
(set-option :config "theory.fp.dpll.restart_strategy=3")
(set-option :config "theory.fp.dpll.restart_initial=200")
(set-option :config "theory.fp.dpll.restart_geometric_factor=1.5")
(set-option :config "theory.fp.dpll.branching_random_frequency=0.01")
(set-option :config "theory.fp.dpll.branching_initial_phase=0")
(set-option :config "theory.fp.dpll.branching_cache_phase=1")
(set-option :config "theory.fp.dpll.branching_random_invalidate_phase_cache=false")
(set-option :config "theory.fp.dpll.branching_random_ignore_polarity=true")
(set-option :config "theory.fp.dpll.ghost_filtering=false")
(set-option :config "theory.fp.dpll.glucose_var_activity=true")
(set-option :config "theory.fp.dpll.glucose_learnt_minimization=true")
(set-option :config "theory.fp.acdcl_conflict_generalization=2")
(set-option :config "theory.fp.interpolation_mode=0")
(set-option :config "theory.fp.acdcl_single_propagation_limit=0")
(set-option :config "theory.fp.acdcl_single_generalization_limit=0")
(set-option :config "theory.fp.acdcl_generalization_fair=true")
(set-option :config "theory.na.enabled=true")
(set-option :config "theory.na.permanent_lemmas=true")
(set-option :config "theory.na.eager_lemmas=false")
(set-option :config "theory.na.enable_tangent_lemmas_frontier=true")
(set-option :config "theory.na.tangent_lemmas_rat_approx=0")
(set-option :config "theory.na.tangent_lemmas_limit=0")
(set-option :config "theory.na.tangent_lemmas_enabled=true")
(set-option :config "theory.na.sat_check_enabled=true")
(set-option :config "theory.na.bound_lemmas_enabled=true")
(set-option :config "theory.na.nta_enabled=true")
(set-option :config "theory.na.nta_rat_approx=3")
(set-option :config "theory.na.nta_rat_approx_limit=10")
(set-option :config "theory.na.nta_sat_mode=1")
(set-option :config "theory.na.nta_eager=true")

(push 1)
(declare-fun __ADDRESS_OF_pp@ () Int)
(declare-fun __ADDRESS_OF_pstate@ () Int)
(declare-fun |g::pointer@2| () Int)
(declare-fun |g::i@4| () Int)
(declare-fun |*(void)*@5| () (Array Int Int))
(declare-fun *int@6 () (Array Int Int))
(define-fun .13 () Int __ADDRESS_OF_pp@)
(define-fun .21 () Int 4)
(define-fun .25 () Int 1)
(define-fun .33 () Int __ADDRESS_OF_pstate@)
(define-fun .61 () Int 2)
(define-fun .195 () Int |g::pointer@2|)
(define-fun .703 () Int |g::i@4|)
(define-fun .709 () Int (* .21 .703))
(define-fun .710 () Int (+ .33 .709))
(define-fun .731 () Bool (<= .61 .703))
(define-fun .732 () Bool (not .731))
(define-fun .734 () Int (+ .13 .709))
(define-fun .1029 () (Array Int Int) |*(void)*@5|)
(define-fun .1143 () (Array Int Int) *int@6)
(define-fun .1152 () Int (select .1143 .710))
(define-fun .1153 () Bool (= .1152 .25))
(define-fun .1165 () Int (select .1029 .734))
(define-fun .1166 () Bool (= .195 .1165))
(define-fun .1168 () Bool (and .732 .1166))
(define-fun .1173 () Bool (not .1153))
(define-fun .1174 () Bool (and .1168 .1173))
(assert (! .1174 :interpolation-group .g0))
(check-sat)
(push 1)
(assert (! true :interpolation-group .g0))
(declare-fun |*(void)*@1| () (Array Int Int))
(declare-fun *int@1 () (Array Int Int))
(declare-fun counter@2 () Int)
(declare-fun |init::i@3| () Int)
(define-fun .8 () Int 0)
(define-fun .14 () Bool (<= .13 .8))
(define-fun .15 () Bool (not .14))
(define-fun .16 () Bool ((_ divisible 4) (- .13 .8)))
(define-fun .18 () Int (- 8))
(define-fun .19 () Bool (<= .13 .18))
(define-fun .20 () Bool (not .19))
(define-fun .22 () (Array Int Int) |*(void)*@1|)
(define-fun .23 () (Array Int Int) (store .22 .13 .8))
(define-fun .24 () Bool (= .22 .23))
(define-fun .26 () Int (+ .13 .21))
(define-fun .27 () (Array Int Int) (store .22 .26 .8))
(define-fun .28 () Bool (= .22 .27))
(define-fun .29 () Bool (and .24 .28))
(define-fun .30 () Bool (and .15 .16))
(define-fun .31 () Bool (and .20 .30))
(define-fun .32 () Bool (and .29 .31))
(define-fun .34 () Int (- 1))
(define-fun .35 () Int (* .34 .33))
(define-fun .36 () Int (+ .13 .35))
(define-fun .37 () Bool (<= .18 .36))
(define-fun .38 () Bool (not .37))
(define-fun .39 () Bool ((_ divisible 4) (- .33 .8)))
(define-fun .41 () Bool (<= .33 .18))
(define-fun .42 () Bool (not .41))
(define-fun .43 () (Array Int Int) *int@1)
(define-fun .44 () (Array Int Int) (store .43 .33 .8))
(define-fun .45 () Bool (= .43 .44))
(define-fun .47 () Int (+ .33 .21))
(define-fun .48 () (Array Int Int) (store .43 .47 .8))
(define-fun .49 () Bool (= .43 .48))
(define-fun .50 () Bool (and .45 .49))
(define-fun .51 () Bool (and .38 .39))
(define-fun .52 () Bool (and .42 .51))
(define-fun .53 () Bool (and .50 .52))
(define-fun .54 () Bool (and .32 .53))
(define-fun .55 () Int counter@2)
(define-fun .56 () Bool (= .55 .25))
(define-fun .57 () Bool (and .54 .56))
(define-fun .58 () Int |init::i@3|)
(define-fun .59 () Bool (= .58 .8))
(define-fun .60 () Bool (and .57 .59))
(assert (! .60 :interpolation-group .g1))
(check-sat)
(push 1)
(assert (! true :interpolation-group .g1))
(declare-fun |g::i@3| () Int)
(declare-fun *int@5 () (Array Int Int))
(define-fun .198 () Int |g::i@3|)
(define-fun .201 () Bool (<= .61 .198))
(define-fun .202 () Bool (not .201))
(define-fun .204 () Int (* .21 .198))
(define-fun .205 () Int (+ .13 .204))
(define-fun .212 () Int (+ .33 .204))
(define-fun .695 () (Array Int Int) *int@5)
(define-fun .704 () Int (* .34 .703))
(define-fun .705 () Int (+ .198 .704))
(define-fun .706 () Bool (= .705 .34))
(define-fun .1116 () Int (select .695 .212))
(define-fun .1117 () Bool (= .1116 .25))
(define-fun .1130 () Int (select .1029 .205))
(define-fun .1131 () Bool (= .195 .1130))
(define-fun .1133 () Bool (and .202 .1131))
(define-fun .1134 () Bool (not .1131))
(define-fun .1135 () Bool (and .202 .1134))
(define-fun .1137 () Bool (and .1117 .1133))
(define-fun .1144 () (Array Int Int) (store .695 .212 .61))
(define-fun .1145 () Bool (= .1143 .1144))
(define-fun .1146 () Bool (and .1137 .1145))
(define-fun .1147 () Bool (= .695 .1143))
(define-fun .1148 () Bool (and .1135 .1147))
(define-fun .1149 () Bool (or .1146 .1148))
(define-fun .1150 () Bool (and .706 .1149))
(assert (! .1150 :interpolation-group .g2))
(check-sat)
(push 1)
(assert (! true :interpolation-group .g2))
(declare-fun |*(void)*@2| () (Array Int Int))
(declare-fun *int@2 () (Array Int Int))
(declare-fun |init::i@4| () Int)
(define-fun .62 () Bool (<= .61 .58))
(define-fun .63 () Bool (not .62))
(define-fun .65 () Int (* .21 .58))
(define-fun .66 () Int (+ .13 .65))
(define-fun .67 () (Array Int Int) |*(void)*@2|)
(define-fun .68 () (Array Int Int) (store .22 .66 .8))
(define-fun .69 () Bool (= .67 .68))
(define-fun .70 () Bool (and .63 .69))
(define-fun .71 () Int (+ .33 .65))
(define-fun .72 () (Array Int Int) *int@2)
(define-fun .73 () (Array Int Int) (store .43 .71 .8))
(define-fun .74 () Bool (= .72 .73))
(define-fun .75 () Bool (and .70 .74))
(define-fun .77 () Int |init::i@4|)
(define-fun .78 () Int (* .34 .77))
(define-fun .79 () Int (+ .58 .78))
(define-fun .80 () Bool (= .79 .34))
(define-fun .81 () Bool (and .75 .80))
(assert (! .81 :interpolation-group .g3))
(check-sat)
(push 1)
(assert (! true :interpolation-group .g3))
(declare-fun |main::a@3| () Int)
(declare-fun |f::pointer@3| () Int)
(declare-fun |f::i@5| () Int)
(declare-fun |*(void)*@4| () (Array Int Int))
(declare-fun *int@4 () (Array Int Int))
(define-fun .94 () Int |main::a@3|)
(define-fun .158 () Int |f::pointer@3|)
(define-fun .161 () Int |f::i@5|)
(define-fun .164 () Bool (<= .61 .161))
(define-fun .165 () Bool (not .164))
(define-fun .167 () Int (* .21 .161))
(define-fun .168 () Int (+ .13 .167))
(define-fun .185 () Int (+ .33 .167))
(define-fun .196 () Bool (= .94 .195))
(define-fun .199 () Bool (= .198 .8))
(define-fun .525 () (Array Int Int) |*(void)*@4|)
(define-fun .529 () (Array Int Int) *int@4)
(define-fun .699 () Bool (= .529 .695))
(define-fun .1003 () Int (select .525 .168))
(define-fun .1004 () Bool (= .1003 .8))
(define-fun .1006 () Bool (and .165 .1004))
(define-fun .1030 () (Array Int Int) (store .525 .168 .158))
(define-fun .1031 () Bool (= .1029 .1030))
(define-fun .1032 () Bool (and .1006 .1031))
(define-fun .1033 () (Array Int Int) (store .529 .185 .25))
(define-fun .1034 () Bool (= .695 .1033))
(define-fun .1035 () Bool (and .1032 .1034))
(define-fun .1042 () Bool (= .525 .1029))
(define-fun .1043 () Bool (and .699 .1042))
(define-fun .1044 () Bool (and .164 .1043))
(define-fun .1045 () Bool (or .1035 .1044))
(define-fun .1113 () Bool (and .196 .1045))
(define-fun .1114 () Bool (and .199 .1113))
(assert (! .1114 :interpolation-group .g4))
(check-sat)
(push 1)
(assert (! true :interpolation-group .g4))
(declare-fun |*(void)*@3| () (Array Int Int))
(declare-fun *int@3 () (Array Int Int))
(declare-fun |init::i@5| () Int)
(define-fun .181 () (Array Int Int) |*(void)*@3|)
(define-fun .186 () (Array Int Int) *int@3)
(define-fun .412 () Bool (<= .61 .77))
(define-fun .413 () Bool (not .412))
(define-fun .415 () Int (* .21 .77))
(define-fun .416 () Int (+ .13 .415))
(define-fun .417 () (Array Int Int) (store .67 .416 .8))
(define-fun .418 () Bool (= .181 .417))
(define-fun .419 () Bool (and .413 .418))
(define-fun .420 () Int (+ .33 .415))
(define-fun .421 () (Array Int Int) (store .72 .420 .8))
(define-fun .422 () Bool (= .186 .421))
(define-fun .423 () Bool (and .419 .422))
(define-fun .425 () Int |init::i@5|)
(define-fun .426 () Int (* .34 .425))
(define-fun .427 () Int (+ .77 .426))
(define-fun .428 () Bool (= .427 .34))
(define-fun .429 () Bool (and .423 .428))
(assert (! .429 :interpolation-group .g5))
(check-sat)
(push 1)
(assert (! true :interpolation-group .g5))
(declare-fun |main::b@3| () Int)
(declare-fun |f::pointer@2| () Int)
(declare-fun |f::i@3| () Int)
(define-fun .109 () Int |main::b@3|)
(define-fun .123 () Int |f::pointer@2|)
(define-fun .126 () Int |f::i@3|)
(define-fun .129 () Bool (<= .61 .126))
(define-fun .130 () Bool (not .129))
(define-fun .132 () Int (* .21 .126))
(define-fun .133 () Int (+ .13 .132))
(define-fun .149 () Int (+ .33 .132))
(define-fun .159 () Bool (= .109 .158))
(define-fun .162 () Bool (= .161 .8))
(define-fun .533 () Bool (= .181 .525))
(define-fun .534 () Bool (= .186 .529))
(define-fun .535 () Bool (and .533 .534))
(define-fun .929 () Int (select .181 .133))
(define-fun .930 () Bool (= .929 .8))
(define-fun .932 () Bool (and .130 .930))
(define-fun .979 () (Array Int Int) (store .181 .133 .123))
(define-fun .980 () Bool (= .525 .979))
(define-fun .981 () Bool (and .932 .980))
(define-fun .982 () (Array Int Int) (store .186 .149 .25))
(define-fun .983 () Bool (= .529 .982))
(define-fun .984 () Bool (and .981 .983))
(define-fun .992 () Bool (and .129 .535))
(define-fun .993 () Bool (or .984 .992))
(define-fun .996 () Bool (and .159 .993))
(define-fun .997 () Bool (and .162 .996))
(assert (! .997 :interpolation-group .g6))
(check-sat)
(push 1)
(assert (! true :interpolation-group .g6))
(declare-fun |malloc::__CPAchecker_TMP_0@2| () Int)
(declare-fun counter@3 () Int)
(declare-fun |malloc::__retval__@2| () Int)
(declare-fun |malloc::__CPAchecker_TMP_0@3| () Int)
(declare-fun counter@4 () Int)
(declare-fun |malloc::__retval__@3| () Int)
(define-fun .82 () Int |malloc::__CPAchecker_TMP_0@2|)
(define-fun .83 () Bool (= .55 .82))
(define-fun .86 () Int counter@3)
(define-fun .87 () Int (* .34 .86))
(define-fun .88 () Int (+ .55 .87))
(define-fun .89 () Bool (= .88 .34))
(define-fun .91 () Int |malloc::__retval__@2|)
(define-fun .92 () Bool (= .82 .91))
(define-fun .95 () Bool (= .91 .94))
(define-fun .97 () Int |malloc::__CPAchecker_TMP_0@3|)
(define-fun .98 () Bool (= .86 .97))
(define-fun .101 () Int counter@4)
(define-fun .102 () Int (* .34 .101))
(define-fun .103 () Int (+ .86 .102))
(define-fun .104 () Bool (= .103 .34))
(define-fun .106 () Int |malloc::__retval__@3|)
(define-fun .107 () Bool (= .97 .106))
(define-fun .110 () Bool (= .106 .109))
(define-fun .112 () Bool (= .94 .8))
(define-fun .115 () Bool (not .112))
(define-fun .117 () Bool (= .109 .8))
(define-fun .120 () Bool (not .117))
(define-fun .124 () Bool (= .94 .123))
(define-fun .127 () Bool (= .126 .8))
(define-fun .865 () Bool (<= .61 .425))
(define-fun .899 () Bool (and .83 .865))
(define-fun .900 () Bool (and .89 .899))
(define-fun .901 () Bool (and .92 .900))
(define-fun .902 () Bool (and .95 .901))
(define-fun .903 () Bool (and .98 .902))
(define-fun .904 () Bool (and .104 .903))
(define-fun .905 () Bool (and .107 .904))
(define-fun .906 () Bool (and .110 .905))
(define-fun .908 () Bool (and .115 .906))
(define-fun .910 () Bool (and .120 .908))
(define-fun .920 () Bool (and .124 .910))
(define-fun .921 () Bool (and .127 .920))
(assert (! .921 :interpolation-group .g7))
(check-sat)
(check-sat)
(get-interpolant (.g1))
(get-interpolant (.g1 .g3))
(get-interpolant (.g1 .g3 .g5))
(get-interpolant (.g1 .g3 .g5 .g7))
(get-interpolant (.g1 .g3 .g5 .g7 .g6))

kfriedberger commented 4 years ago

I can confirm your problem. The exception is known to be thrown for some interpolation problems. However, until now, the SMTLIB file always also triggers the error directly.

Without such input, it is quite hard to report an error to Alberto. Maybe some internal caching of formula reuse trigger the error.

baierd commented 3 years ago

I have just checked the problem stated last here again and it no longer crashes (results in UNKNOWN now). This can be closed then.

sosy-lab / java-smt

Collect and report MathSAT5 problems #199