./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec1_product56.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version c00e63dc Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_product56.cil.c -s /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash a24146f0f51336ad73890bbd928f5403b02b7d1c9a9c70cce136ffcb124619cc --- Real Ultimate output --- This is Ultimate 0.3.0-?-c00e63d-m [2025-02-05 15:51:02,359 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-02-05 15:51:02,403 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2025-02-05 15:51:02,407 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-02-05 15:51:02,407 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-02-05 15:51:02,429 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-02-05 15:51:02,430 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-02-05 15:51:02,431 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-02-05 15:51:02,431 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-02-05 15:51:02,431 INFO L153 SettingsManager]: * Use memory slicer=true [2025-02-05 15:51:02,432 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-02-05 15:51:02,432 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-02-05 15:51:02,432 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-02-05 15:51:02,432 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-02-05 15:51:02,432 INFO L153 SettingsManager]: * Use SBE=true [2025-02-05 15:51:02,432 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-02-05 15:51:02,432 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * sizeof long=4 [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * sizeof long double=12 [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Use constant arrays=true [2025-02-05 15:51:02,433 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-02-05 15:51:02,433 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Compute procedure contracts=false [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2025-02-05 15:51:02,433 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2025-02-05 15:51:02,434 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-02-05 15:51:02,434 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-02-05 15:51:02,434 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-02-05 15:51:02,434 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-02-05 15:51:02,434 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> a24146f0f51336ad73890bbd928f5403b02b7d1c9a9c70cce136ffcb124619cc [2025-02-05 15:51:02,696 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-02-05 15:51:02,705 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-02-05 15:51:02,707 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-02-05 15:51:02,708 INFO L270 PluginConnector]: Initializing CDTParser... [2025-02-05 15:51:02,708 INFO L274 PluginConnector]: CDTParser initialized [2025-02-05 15:51:02,709 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_product56.cil.c [2025-02-05 15:51:03,884 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/f9939613d/351c07fbe1cb41c69fb56c4c52a64ae2/FLAG477e62e7b [2025-02-05 15:51:04,157 INFO L384 CDTParser]: Found 1 translation units. [2025-02-05 15:51:04,157 INFO L180 CDTParser]: Scanning /storage/repos/ultimate-jdk21/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product56.cil.c [2025-02-05 15:51:04,176 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/f9939613d/351c07fbe1cb41c69fb56c4c52a64ae2/FLAG477e62e7b [2025-02-05 15:51:04,454 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/f9939613d/351c07fbe1cb41c69fb56c4c52a64ae2 [2025-02-05 15:51:04,456 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-02-05 15:51:04,457 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-02-05 15:51:04,458 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-02-05 15:51:04,458 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-02-05 15:51:04,461 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-02-05 15:51:04,462 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,462 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6a719b73 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04, skipping insertion in model container [2025-02-05 15:51:04,462 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,480 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-02-05 15:51:04,622 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate-jdk21/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product56.cil.c[16679,16692] [2025-02-05 15:51:04,632 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-02-05 15:51:04,638 INFO L200 MainTranslator]: Completed pre-run [2025-02-05 15:51:04,643 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [49] [2025-02-05 15:51:04,644 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [415] [2025-02-05 15:51:04,645 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [490] [2025-02-05 15:51:04,645 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [746] [2025-02-05 15:51:04,645 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification1_spec.i","") [784] [2025-02-05 15:51:04,645 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [811] [2025-02-05 15:51:04,645 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [820] [2025-02-05 15:51:04,645 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [916] [2025-02-05 15:51:04,697 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate-jdk21/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product56.cil.c[16679,16692] [2025-02-05 15:51:04,707 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-02-05 15:51:04,728 INFO L204 MainTranslator]: Completed translation [2025-02-05 15:51:04,728 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04 WrapperNode [2025-02-05 15:51:04,728 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-02-05 15:51:04,729 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2025-02-05 15:51:04,729 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2025-02-05 15:51:04,729 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2025-02-05 15:51:04,735 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,743 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,759 INFO L138 Inliner]: procedures = 58, calls = 105, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 221 [2025-02-05 15:51:04,760 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2025-02-05 15:51:04,760 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2025-02-05 15:51:04,760 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2025-02-05 15:51:04,760 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2025-02-05 15:51:04,769 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,770 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,772 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,794 INFO L175 MemorySlicer]: Split 2 memory accesses to 1 slices as follows [2]. 100 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2]. The 0 writes are split as follows [0]. [2025-02-05 15:51:04,794 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,794 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,798 INFO L184 PluginConnector]: Executing the observer ReplaceArrayAssignments from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,799 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,800 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,800 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,802 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2025-02-05 15:51:04,802 INFO L112 PluginConnector]: ------------------------IcfgBuilder---------------------------- [2025-02-05 15:51:04,803 INFO L270 PluginConnector]: Initializing IcfgBuilder... [2025-02-05 15:51:04,803 INFO L274 PluginConnector]: IcfgBuilder initialized [2025-02-05 15:51:04,804 INFO L184 PluginConnector]: Executing the observer IcfgBuilderObserver from plugin IcfgBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (1/1) ... [2025-02-05 15:51:04,811 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-02-05 15:51:04,819 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 [2025-02-05 15:51:04,841 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2025-02-05 15:51:04,844 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2025-02-05 15:51:04,864 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2025-02-05 15:51:04,864 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2025-02-05 15:51:04,864 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2025-02-05 15:51:04,864 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2025-02-05 15:51:04,864 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2025-02-05 15:51:04,864 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2025-02-05 15:51:04,864 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2025-02-05 15:51:04,864 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2025-02-05 15:51:04,864 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2025-02-05 15:51:04,865 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2025-02-05 15:51:04,865 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2025-02-05 15:51:04,865 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2025-02-05 15:51:04,865 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2025-02-05 15:51:04,865 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2025-02-05 15:51:04,865 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2025-02-05 15:51:04,865 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2025-02-05 15:51:04,865 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2025-02-05 15:51:04,865 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2025-02-05 15:51:04,865 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2025-02-05 15:51:04,865 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2025-02-05 15:51:04,866 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2025-02-05 15:51:04,866 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2025-02-05 15:51:04,918 INFO L257 CfgBuilder]: Building ICFG [2025-02-05 15:51:04,920 INFO L287 CfgBuilder]: Building CFG for each procedure with an implementation [2025-02-05 15:51:04,955 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L962: #res := ~retValue_acc~10; [2025-02-05 15:51:04,989 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint cleanupFINAL: assume true; [2025-02-05 15:51:05,031 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L637-1: isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~3#1; [2025-02-05 15:51:05,032 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L646-1: isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; [2025-02-05 15:51:05,086 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L913-1: main_#res#1 := main_~retValue_acc~9#1; [2025-02-05 15:51:05,086 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L781-1: valid_product_#res#1 := valid_product_~retValue_acc~8#1; [2025-02-05 15:51:05,106 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L701-1: isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; [2025-02-05 15:51:05,106 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L1008-1: isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~12#1; [2025-02-05 15:51:05,136 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L1017-1: isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~13#1; [2025-02-05 15:51:05,136 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L720-1: isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~6#1; [2025-02-05 15:51:05,147 INFO L? ?]: Removed 49 outVars from TransFormulas that were not future-live. [2025-02-05 15:51:05,147 INFO L308 CfgBuilder]: Performing block encoding [2025-02-05 15:51:05,158 INFO L332 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2025-02-05 15:51:05,160 INFO L337 CfgBuilder]: Removed 0 assume(true) statements. [2025-02-05 15:51:05,161 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 05.02 03:51:05 BoogieIcfgContainer [2025-02-05 15:51:05,161 INFO L131 PluginConnector]: ------------------------ END IcfgBuilder---------------------------- [2025-02-05 15:51:05,164 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2025-02-05 15:51:05,165 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2025-02-05 15:51:05,168 INFO L274 PluginConnector]: TraceAbstraction initialized [2025-02-05 15:51:05,168 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 05.02 03:51:04" (1/3) ... [2025-02-05 15:51:05,169 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@33f27bf9 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 05.02 03:51:05, skipping insertion in model container [2025-02-05 15:51:05,169 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:04" (2/3) ... [2025-02-05 15:51:05,169 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@33f27bf9 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 05.02 03:51:05, skipping insertion in model container [2025-02-05 15:51:05,169 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 05.02 03:51:05" (3/3) ... [2025-02-05 15:51:05,170 INFO L128 eAbstractionObserver]: Analyzing ICFG minepump_spec1_product56.cil.c [2025-02-05 15:51:05,181 INFO L216 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2025-02-05 15:51:05,183 INFO L151 ceAbstractionStarter]: Applying trace abstraction to ICFG minepump_spec1_product56.cil.c that has 10 procedures, 104 locations, 1 initial locations, 2 loop locations, and 1 error locations. [2025-02-05 15:51:05,237 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2025-02-05 15:51:05,249 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@2def1134, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2025-02-05 15:51:05,249 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2025-02-05 15:51:05,252 INFO L276 IsEmpty]: Start isEmpty. Operand has 103 states, 75 states have (on average 1.36) internal successors, (102), 86 states have internal predecessors, (102), 17 states have call successors, (17), 9 states have call predecessors, (17), 8 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2025-02-05 15:51:05,260 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2025-02-05 15:51:05,260 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:05,261 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:05,261 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:05,265 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:05,266 INFO L85 PathProgramCache]: Analyzing trace with hash -235921351, now seen corresponding path program 1 times [2025-02-05 15:51:05,271 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:05,271 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1631053747] [2025-02-05 15:51:05,272 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:05,272 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:05,345 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 23 statements into 1 equivalence classes. [2025-02-05 15:51:05,368 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 23 of 23 statements. [2025-02-05 15:51:05,369 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:05,370 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:05,432 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:05,435 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:05,435 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1631053747] [2025-02-05 15:51:05,436 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1631053747] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:05,436 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:05,436 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2025-02-05 15:51:05,437 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [766830808] [2025-02-05 15:51:05,438 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:05,441 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2025-02-05 15:51:05,442 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:05,460 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2025-02-05 15:51:05,461 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-02-05 15:51:05,464 INFO L87 Difference]: Start difference. First operand has 103 states, 75 states have (on average 1.36) internal successors, (102), 86 states have internal predecessors, (102), 17 states have call successors, (17), 9 states have call predecessors, (17), 8 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) Second operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:05,493 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:05,493 INFO L93 Difference]: Finished difference Result 190 states and 257 transitions. [2025-02-05 15:51:05,495 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2025-02-05 15:51:05,498 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2025-02-05 15:51:05,498 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:05,503 INFO L225 Difference]: With dead ends: 190 [2025-02-05 15:51:05,504 INFO L226 Difference]: Without dead ends: 95 [2025-02-05 15:51:05,509 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-02-05 15:51:05,512 INFO L435 NwaCegarLoop]: 129 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 129 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:05,513 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 129 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:05,524 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 95 states. [2025-02-05 15:51:05,546 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 95 to 95. [2025-02-05 15:51:05,547 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 95 states, 69 states have (on average 1.318840579710145) internal successors, (91), 79 states have internal predecessors, (91), 17 states have call successors, (17), 9 states have call predecessors, (17), 8 states have return successors, (16), 11 states have call predecessors, (16), 16 states have call successors, (16) [2025-02-05 15:51:05,553 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 95 states to 95 states and 124 transitions. [2025-02-05 15:51:05,556 INFO L78 Accepts]: Start accepts. Automaton has 95 states and 124 transitions. Word has length 23 [2025-02-05 15:51:05,557 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:05,557 INFO L471 AbstractCegarLoop]: Abstraction has 95 states and 124 transitions. [2025-02-05 15:51:05,557 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:05,557 INFO L276 IsEmpty]: Start isEmpty. Operand 95 states and 124 transitions. [2025-02-05 15:51:05,559 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2025-02-05 15:51:05,560 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:05,560 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:05,560 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2025-02-05 15:51:05,560 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:05,562 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:05,562 INFO L85 PathProgramCache]: Analyzing trace with hash 1029095022, now seen corresponding path program 1 times [2025-02-05 15:51:05,562 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:05,562 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1715676059] [2025-02-05 15:51:05,562 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:05,562 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:05,574 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 24 statements into 1 equivalence classes. [2025-02-05 15:51:05,588 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 24 of 24 statements. [2025-02-05 15:51:05,588 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:05,589 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:05,667 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:05,667 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:05,668 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1715676059] [2025-02-05 15:51:05,668 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1715676059] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:05,668 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:05,668 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-02-05 15:51:05,668 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [266999296] [2025-02-05 15:51:05,668 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:05,669 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-02-05 15:51:05,669 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:05,670 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-02-05 15:51:05,670 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:05,670 INFO L87 Difference]: Start difference. First operand 95 states and 124 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:05,689 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:05,689 INFO L93 Difference]: Finished difference Result 152 states and 198 transitions. [2025-02-05 15:51:05,691 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-02-05 15:51:05,691 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2025-02-05 15:51:05,691 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:05,705 INFO L225 Difference]: With dead ends: 152 [2025-02-05 15:51:05,705 INFO L226 Difference]: Without dead ends: 86 [2025-02-05 15:51:05,706 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:05,706 INFO L435 NwaCegarLoop]: 111 mSDtfsCounter, 16 mSDsluCounter, 90 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 201 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:05,708 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [20 Valid, 201 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:05,709 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 86 states. [2025-02-05 15:51:05,717 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 86 to 86. [2025-02-05 15:51:05,718 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 86 states, 63 states have (on average 1.3333333333333333) internal successors, (84), 73 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 9 states have call predecessors, (14), 14 states have call successors, (14) [2025-02-05 15:51:05,719 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 86 states to 86 states and 112 transitions. [2025-02-05 15:51:05,719 INFO L78 Accepts]: Start accepts. Automaton has 86 states and 112 transitions. Word has length 24 [2025-02-05 15:51:05,719 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:05,719 INFO L471 AbstractCegarLoop]: Abstraction has 86 states and 112 transitions. [2025-02-05 15:51:05,720 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:05,720 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 112 transitions. [2025-02-05 15:51:05,720 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2025-02-05 15:51:05,721 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:05,721 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:05,721 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2025-02-05 15:51:05,721 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:05,721 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:05,722 INFO L85 PathProgramCache]: Analyzing trace with hash -532335419, now seen corresponding path program 1 times [2025-02-05 15:51:05,722 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:05,722 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [858712044] [2025-02-05 15:51:05,722 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:05,722 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:05,732 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 28 statements into 1 equivalence classes. [2025-02-05 15:51:05,746 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 28 of 28 statements. [2025-02-05 15:51:05,749 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:05,749 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:05,835 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:05,836 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:05,836 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [858712044] [2025-02-05 15:51:05,836 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [858712044] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:05,836 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:05,836 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-02-05 15:51:05,836 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [686394261] [2025-02-05 15:51:05,836 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:05,837 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-02-05 15:51:05,837 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:05,838 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-02-05 15:51:05,838 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:05,838 INFO L87 Difference]: Start difference. First operand 86 states and 112 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:05,865 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:05,865 INFO L93 Difference]: Finished difference Result 242 states and 321 transitions. [2025-02-05 15:51:05,865 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-02-05 15:51:05,865 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 28 [2025-02-05 15:51:05,866 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:05,867 INFO L225 Difference]: With dead ends: 242 [2025-02-05 15:51:05,867 INFO L226 Difference]: Without dead ends: 163 [2025-02-05 15:51:05,867 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:05,868 INFO L435 NwaCegarLoop]: 125 mSDtfsCounter, 91 mSDsluCounter, 100 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 91 SdHoareTripleChecker+Valid, 225 SdHoareTripleChecker+Invalid, 6 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:05,868 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [91 Valid, 225 Invalid, 6 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:05,868 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 163 states. [2025-02-05 15:51:05,885 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 163 to 160. [2025-02-05 15:51:05,885 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 160 states, 115 states have (on average 1.3565217391304347) internal successors, (156), 134 states have internal predecessors, (156), 28 states have call successors, (28), 16 states have call predecessors, (28), 16 states have return successors, (28), 17 states have call predecessors, (28), 28 states have call successors, (28) [2025-02-05 15:51:05,886 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 160 states to 160 states and 212 transitions. [2025-02-05 15:51:05,887 INFO L78 Accepts]: Start accepts. Automaton has 160 states and 212 transitions. Word has length 28 [2025-02-05 15:51:05,887 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:05,887 INFO L471 AbstractCegarLoop]: Abstraction has 160 states and 212 transitions. [2025-02-05 15:51:05,887 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:05,887 INFO L276 IsEmpty]: Start isEmpty. Operand 160 states and 212 transitions. [2025-02-05 15:51:05,888 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2025-02-05 15:51:05,888 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:05,888 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:05,888 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2025-02-05 15:51:05,889 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:05,889 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:05,889 INFO L85 PathProgramCache]: Analyzing trace with hash -2002750635, now seen corresponding path program 1 times [2025-02-05 15:51:05,889 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:05,889 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [292369610] [2025-02-05 15:51:05,889 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:05,889 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:05,895 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 31 statements into 1 equivalence classes. [2025-02-05 15:51:05,904 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 31 of 31 statements. [2025-02-05 15:51:05,904 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:05,904 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:06,018 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:06,019 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:06,019 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [292369610] [2025-02-05 15:51:06,019 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [292369610] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:06,019 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:06,020 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-02-05 15:51:06,020 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [954112748] [2025-02-05 15:51:06,020 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:06,020 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-02-05 15:51:06,020 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:06,021 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-02-05 15:51:06,021 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-02-05 15:51:06,021 INFO L87 Difference]: Start difference. First operand 160 states and 212 transitions. Second operand has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:06,114 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:06,117 INFO L93 Difference]: Finished difference Result 402 states and 549 transitions. [2025-02-05 15:51:06,117 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-02-05 15:51:06,117 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2025-02-05 15:51:06,118 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:06,121 INFO L225 Difference]: With dead ends: 402 [2025-02-05 15:51:06,121 INFO L226 Difference]: Without dead ends: 249 [2025-02-05 15:51:06,122 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2025-02-05 15:51:06,122 INFO L435 NwaCegarLoop]: 110 mSDtfsCounter, 56 mSDsluCounter, 291 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 56 SdHoareTripleChecker+Valid, 401 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:06,123 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [56 Valid, 401 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:06,123 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 249 states. [2025-02-05 15:51:06,150 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 249 to 248. [2025-02-05 15:51:06,153 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 248 states, 181 states have (on average 1.3093922651933703) internal successors, (237), 198 states have internal predecessors, (237), 36 states have call successors, (36), 30 states have call predecessors, (36), 30 states have return successors, (48), 31 states have call predecessors, (48), 36 states have call successors, (48) [2025-02-05 15:51:06,157 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 248 states to 248 states and 321 transitions. [2025-02-05 15:51:06,157 INFO L78 Accepts]: Start accepts. Automaton has 248 states and 321 transitions. Word has length 31 [2025-02-05 15:51:06,158 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:06,158 INFO L471 AbstractCegarLoop]: Abstraction has 248 states and 321 transitions. [2025-02-05 15:51:06,158 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2025-02-05 15:51:06,158 INFO L276 IsEmpty]: Start isEmpty. Operand 248 states and 321 transitions. [2025-02-05 15:51:06,159 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2025-02-05 15:51:06,159 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:06,159 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:06,159 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2025-02-05 15:51:06,159 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:06,160 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:06,160 INFO L85 PathProgramCache]: Analyzing trace with hash -416986280, now seen corresponding path program 1 times [2025-02-05 15:51:06,160 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:06,160 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1214612809] [2025-02-05 15:51:06,160 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:06,160 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:06,167 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 47 statements into 1 equivalence classes. [2025-02-05 15:51:06,175 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 47 of 47 statements. [2025-02-05 15:51:06,177 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:06,177 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:06,265 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:06,265 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:06,265 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1214612809] [2025-02-05 15:51:06,265 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1214612809] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:06,265 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:06,265 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-02-05 15:51:06,266 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [704130383] [2025-02-05 15:51:06,266 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:06,266 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-02-05 15:51:06,267 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:06,268 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-02-05 15:51:06,268 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-02-05 15:51:06,268 INFO L87 Difference]: Start difference. First operand 248 states and 321 transitions. Second operand has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2025-02-05 15:51:06,301 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:06,302 INFO L93 Difference]: Finished difference Result 495 states and 655 transitions. [2025-02-05 15:51:06,303 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-02-05 15:51:06,303 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) Word has length 47 [2025-02-05 15:51:06,303 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:06,305 INFO L225 Difference]: With dead ends: 495 [2025-02-05 15:51:06,305 INFO L226 Difference]: Without dead ends: 254 [2025-02-05 15:51:06,306 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-02-05 15:51:06,307 INFO L435 NwaCegarLoop]: 109 mSDtfsCounter, 0 mSDsluCounter, 321 mSDsCounter, 0 mSdLazyCounter, 17 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 430 SdHoareTripleChecker+Invalid, 17 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 17 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:06,308 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 430 Invalid, 17 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 17 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:06,308 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 254 states. [2025-02-05 15:51:06,330 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 254 to 254. [2025-02-05 15:51:06,332 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 254 states, 187 states have (on average 1.2994652406417113) internal successors, (243), 204 states have internal predecessors, (243), 36 states have call successors, (36), 30 states have call predecessors, (36), 30 states have return successors, (48), 31 states have call predecessors, (48), 36 states have call successors, (48) [2025-02-05 15:51:06,334 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 254 states to 254 states and 327 transitions. [2025-02-05 15:51:06,335 INFO L78 Accepts]: Start accepts. Automaton has 254 states and 327 transitions. Word has length 47 [2025-02-05 15:51:06,336 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:06,336 INFO L471 AbstractCegarLoop]: Abstraction has 254 states and 327 transitions. [2025-02-05 15:51:06,336 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.0) internal successors, (40), 5 states have internal predecessors, (40), 2 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2025-02-05 15:51:06,336 INFO L276 IsEmpty]: Start isEmpty. Operand 254 states and 327 transitions. [2025-02-05 15:51:06,337 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2025-02-05 15:51:06,339 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:06,339 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:06,340 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2025-02-05 15:51:06,340 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:06,340 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:06,341 INFO L85 PathProgramCache]: Analyzing trace with hash -825810505, now seen corresponding path program 1 times [2025-02-05 15:51:06,341 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:06,341 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1632345637] [2025-02-05 15:51:06,341 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:06,341 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:06,350 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 47 statements into 1 equivalence classes. [2025-02-05 15:51:06,366 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 47 of 47 statements. [2025-02-05 15:51:06,369 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:06,370 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:06,424 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:06,424 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:06,424 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1632345637] [2025-02-05 15:51:06,424 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1632345637] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:06,424 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:06,425 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-02-05 15:51:06,425 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2096246253] [2025-02-05 15:51:06,425 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:06,425 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-02-05 15:51:06,425 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:06,425 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-02-05 15:51:06,425 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:06,425 INFO L87 Difference]: Start difference. First operand 254 states and 327 transitions. Second operand has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2025-02-05 15:51:06,454 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:06,454 INFO L93 Difference]: Finished difference Result 505 states and 677 transitions. [2025-02-05 15:51:06,455 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-02-05 15:51:06,455 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) Word has length 47 [2025-02-05 15:51:06,455 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:06,458 INFO L225 Difference]: With dead ends: 505 [2025-02-05 15:51:06,458 INFO L226 Difference]: Without dead ends: 258 [2025-02-05 15:51:06,458 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:06,459 INFO L435 NwaCegarLoop]: 110 mSDtfsCounter, 0 mSDsluCounter, 214 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 324 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:06,459 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 324 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:06,463 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 258 states. [2025-02-05 15:51:06,480 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 258 to 258. [2025-02-05 15:51:06,483 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 258 states, 191 states have (on average 1.293193717277487) internal successors, (247), 208 states have internal predecessors, (247), 36 states have call successors, (36), 30 states have call predecessors, (36), 30 states have return successors, (48), 31 states have call predecessors, (48), 36 states have call successors, (48) [2025-02-05 15:51:06,484 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 258 states to 258 states and 331 transitions. [2025-02-05 15:51:06,485 INFO L78 Accepts]: Start accepts. Automaton has 258 states and 331 transitions. Word has length 47 [2025-02-05 15:51:06,486 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:06,486 INFO L471 AbstractCegarLoop]: Abstraction has 258 states and 331 transitions. [2025-02-05 15:51:06,486 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 2 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 2 states have call successors, (3) [2025-02-05 15:51:06,486 INFO L276 IsEmpty]: Start isEmpty. Operand 258 states and 331 transitions. [2025-02-05 15:51:06,487 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 48 [2025-02-05 15:51:06,488 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:06,488 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:06,488 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2025-02-05 15:51:06,489 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:06,489 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:06,489 INFO L85 PathProgramCache]: Analyzing trace with hash -606955787, now seen corresponding path program 1 times [2025-02-05 15:51:06,489 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:06,489 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1911617291] [2025-02-05 15:51:06,489 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:06,489 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:06,498 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 47 statements into 1 equivalence classes. [2025-02-05 15:51:06,502 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 47 of 47 statements. [2025-02-05 15:51:06,505 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:06,505 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:06,592 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:06,592 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:06,592 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1911617291] [2025-02-05 15:51:06,593 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1911617291] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:06,593 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:06,593 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-02-05 15:51:06,593 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [216706786] [2025-02-05 15:51:06,593 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:06,594 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-02-05 15:51:06,594 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:06,595 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-02-05 15:51:06,595 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:06,595 INFO L87 Difference]: Start difference. First operand 258 states and 331 transitions. Second operand has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2025-02-05 15:51:06,720 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:06,721 INFO L93 Difference]: Finished difference Result 852 states and 1130 transitions. [2025-02-05 15:51:06,721 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-02-05 15:51:06,721 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 47 [2025-02-05 15:51:06,721 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:06,724 INFO L225 Difference]: With dead ends: 852 [2025-02-05 15:51:06,724 INFO L226 Difference]: Without dead ends: 601 [2025-02-05 15:51:06,725 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:06,726 INFO L435 NwaCegarLoop]: 193 mSDtfsCounter, 147 mSDsluCounter, 186 mSDsCounter, 0 mSdLazyCounter, 65 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 147 SdHoareTripleChecker+Valid, 379 SdHoareTripleChecker+Invalid, 70 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 65 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:06,726 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [147 Valid, 379 Invalid, 70 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 65 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-02-05 15:51:06,726 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 601 states. [2025-02-05 15:51:06,755 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 601 to 589. [2025-02-05 15:51:06,756 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 589 states, 434 states have (on average 1.2649769585253456) internal successors, (549), 467 states have internal predecessors, (549), 82 states have call successors, (82), 70 states have call predecessors, (82), 72 states have return successors, (132), 74 states have call predecessors, (132), 82 states have call successors, (132) [2025-02-05 15:51:06,775 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 589 states to 589 states and 763 transitions. [2025-02-05 15:51:06,776 INFO L78 Accepts]: Start accepts. Automaton has 589 states and 763 transitions. Word has length 47 [2025-02-05 15:51:06,776 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:06,776 INFO L471 AbstractCegarLoop]: Abstraction has 589 states and 763 transitions. [2025-02-05 15:51:06,776 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.0) internal successors, (40), 4 states have internal predecessors, (40), 3 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2025-02-05 15:51:06,776 INFO L276 IsEmpty]: Start isEmpty. Operand 589 states and 763 transitions. [2025-02-05 15:51:06,777 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2025-02-05 15:51:06,777 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:06,777 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:06,777 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2025-02-05 15:51:06,778 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:06,779 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:06,779 INFO L85 PathProgramCache]: Analyzing trace with hash -351861801, now seen corresponding path program 1 times [2025-02-05 15:51:06,779 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:06,779 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1576992507] [2025-02-05 15:51:06,780 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:06,780 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:06,789 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 51 statements into 1 equivalence classes. [2025-02-05 15:51:06,794 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 51 of 51 statements. [2025-02-05 15:51:06,794 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:06,794 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:06,888 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2025-02-05 15:51:06,889 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:06,889 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1576992507] [2025-02-05 15:51:06,889 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1576992507] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:06,889 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:06,889 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2025-02-05 15:51:06,889 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1039778803] [2025-02-05 15:51:06,889 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:06,890 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2025-02-05 15:51:06,890 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:06,891 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2025-02-05 15:51:06,893 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2025-02-05 15:51:06,894 INFO L87 Difference]: Start difference. First operand 589 states and 763 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2025-02-05 15:51:07,057 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:07,057 INFO L93 Difference]: Finished difference Result 1731 states and 2298 transitions. [2025-02-05 15:51:07,058 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2025-02-05 15:51:07,058 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) Word has length 51 [2025-02-05 15:51:07,058 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:07,068 INFO L225 Difference]: With dead ends: 1731 [2025-02-05 15:51:07,068 INFO L226 Difference]: Without dead ends: 1149 [2025-02-05 15:51:07,072 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2025-02-05 15:51:07,073 INFO L435 NwaCegarLoop]: 110 mSDtfsCounter, 80 mSDsluCounter, 393 mSDsCounter, 0 mSdLazyCounter, 55 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 82 SdHoareTripleChecker+Valid, 503 SdHoareTripleChecker+Invalid, 57 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 55 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:07,073 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [82 Valid, 503 Invalid, 57 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 55 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-02-05 15:51:07,075 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1149 states. [2025-02-05 15:51:07,177 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1149 to 1149. [2025-02-05 15:51:07,180 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1149 states, 840 states have (on average 1.2452380952380953) internal successors, (1046), 905 states have internal predecessors, (1046), 164 states have call successors, (164), 140 states have call predecessors, (164), 144 states have return successors, (274), 148 states have call predecessors, (274), 164 states have call successors, (274) [2025-02-05 15:51:07,188 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1149 states to 1149 states and 1484 transitions. [2025-02-05 15:51:07,190 INFO L78 Accepts]: Start accepts. Automaton has 1149 states and 1484 transitions. Word has length 51 [2025-02-05 15:51:07,190 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:07,190 INFO L471 AbstractCegarLoop]: Abstraction has 1149 states and 1484 transitions. [2025-02-05 15:51:07,190 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (5), 2 states have call predecessors, (5), 2 states have return successors, (4), 3 states have call predecessors, (4), 2 states have call successors, (4) [2025-02-05 15:51:07,191 INFO L276 IsEmpty]: Start isEmpty. Operand 1149 states and 1484 transitions. [2025-02-05 15:51:07,192 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 56 [2025-02-05 15:51:07,193 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:07,193 INFO L218 NwaCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:07,193 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2025-02-05 15:51:07,193 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:07,194 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:07,194 INFO L85 PathProgramCache]: Analyzing trace with hash 1989796888, now seen corresponding path program 1 times [2025-02-05 15:51:07,194 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:07,194 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1620879110] [2025-02-05 15:51:07,194 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:07,194 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:07,203 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 55 statements into 1 equivalence classes. [2025-02-05 15:51:07,212 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 55 of 55 statements. [2025-02-05 15:51:07,212 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:07,212 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-02-05 15:51:07,212 INFO L348 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2025-02-05 15:51:07,217 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 55 statements into 1 equivalence classes. [2025-02-05 15:51:07,225 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 55 of 55 statements. [2025-02-05 15:51:07,226 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:07,226 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-02-05 15:51:07,248 INFO L130 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2025-02-05 15:51:07,250 INFO L340 BasicCegarLoop]: Counterexample is feasible [2025-02-05 15:51:07,251 INFO L782 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2025-02-05 15:51:07,253 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2025-02-05 15:51:07,255 INFO L422 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:07,291 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2025-02-05 15:51:07,293 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 05.02 03:51:07 BoogieIcfgContainer [2025-02-05 15:51:07,293 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2025-02-05 15:51:07,293 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2025-02-05 15:51:07,294 INFO L270 PluginConnector]: Initializing Witness Printer... [2025-02-05 15:51:07,294 INFO L274 PluginConnector]: Witness Printer initialized [2025-02-05 15:51:07,294 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 05.02 03:51:05" (3/4) ... [2025-02-05 15:51:07,295 INFO L140 WitnessPrinter]: Generating witness for reachability counterexample [2025-02-05 15:51:07,359 INFO L127 tionWitnessGenerator]: Generated YAML witness of length 47. [2025-02-05 15:51:07,434 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/witness.graphml [2025-02-05 15:51:07,434 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/witness.yml [2025-02-05 15:51:07,434 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2025-02-05 15:51:07,435 INFO L158 Benchmark]: Toolchain (without parser) took 2978.32ms. Allocated memory was 142.6MB in the beginning and 394.3MB in the end (delta: 251.7MB). Free memory was 110.9MB in the beginning and 260.2MB in the end (delta: -149.3MB). Peak memory consumption was 105.7MB. Max. memory is 16.1GB. [2025-02-05 15:51:07,435 INFO L158 Benchmark]: CDTParser took 0.92ms. Allocated memory is still 201.3MB. Free memory is still 123.1MB. There was no memory consumed. Max. memory is 16.1GB. [2025-02-05 15:51:07,435 INFO L158 Benchmark]: CACSL2BoogieTranslator took 270.24ms. Allocated memory is still 142.6MB. Free memory was 110.9MB in the beginning and 92.0MB in the end (delta: 18.9MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-02-05 15:51:07,436 INFO L158 Benchmark]: Boogie Procedure Inliner took 30.73ms. Allocated memory is still 142.6MB. Free memory was 92.0MB in the beginning and 90.0MB in the end (delta: 1.9MB). There was no memory consumed. Max. memory is 16.1GB. [2025-02-05 15:51:07,436 INFO L158 Benchmark]: Boogie Preprocessor took 41.74ms. Allocated memory is still 142.6MB. Free memory was 90.0MB in the beginning and 88.5MB in the end (delta: 1.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2025-02-05 15:51:07,436 INFO L158 Benchmark]: IcfgBuilder took 358.38ms. Allocated memory is still 142.6MB. Free memory was 88.5MB in the beginning and 69.3MB in the end (delta: 19.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-02-05 15:51:07,436 INFO L158 Benchmark]: TraceAbstraction took 2128.53ms. Allocated memory was 142.6MB in the beginning and 394.3MB in the end (delta: 251.7MB). Free memory was 68.4MB in the beginning and 269.6MB in the end (delta: -201.2MB). Peak memory consumption was 47.0MB. Max. memory is 16.1GB. [2025-02-05 15:51:07,436 INFO L158 Benchmark]: Witness Printer took 141.03ms. Allocated memory is still 394.3MB. Free memory was 269.6MB in the beginning and 260.2MB in the end (delta: 9.4MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-02-05 15:51:07,437 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.92ms. Allocated memory is still 201.3MB. Free memory is still 123.1MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 270.24ms. Allocated memory is still 142.6MB. Free memory was 110.9MB in the beginning and 92.0MB in the end (delta: 18.9MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 30.73ms. Allocated memory is still 142.6MB. Free memory was 92.0MB in the beginning and 90.0MB in the end (delta: 1.9MB). There was no memory consumed. Max. memory is 16.1GB. * Boogie Preprocessor took 41.74ms. Allocated memory is still 142.6MB. Free memory was 90.0MB in the beginning and 88.5MB in the end (delta: 1.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * IcfgBuilder took 358.38ms. Allocated memory is still 142.6MB. Free memory was 88.5MB in the beginning and 69.3MB in the end (delta: 19.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 2128.53ms. Allocated memory was 142.6MB in the beginning and 394.3MB in the end (delta: 251.7MB). Free memory was 68.4MB in the beginning and 269.6MB in the end (delta: -201.2MB). Peak memory consumption was 47.0MB. Max. memory is 16.1GB. * Witness Printer took 141.03ms. Allocated memory is still 394.3MB. Free memory was 269.6MB in the beginning and 260.2MB in the end (delta: 9.4MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [49] - GenericResultAtLocation [Line: 415]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [415] - GenericResultAtLocation [Line: 490]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [490] - GenericResultAtLocation [Line: 746]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [746] - GenericResultAtLocation [Line: 784]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification1_spec.i","") [784] - GenericResultAtLocation [Line: 811]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [811] - GenericResultAtLocation [Line: 820]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [820] - GenericResultAtLocation [Line: 916]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [916] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - CounterExampleResult [Line: 816]: a call to reach_error is reachable a call to reach_error is reachable We found a FailurePath: [L219] static struct __ACC__ERR *head = (struct __ACC__ERR *)0; [L500] int pumpRunning = 0; [L501] int systemActive = 1; [L821] int cleanupTimeShifts = 4; [L918] int waterLevel = 1; [L919] int methaneLevelCritical = 0; VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L894] int retValue_acc ; [L895] int tmp ; [L899] FCALL select_helpers() [L900] FCALL select_features() [L901] CALL, EXPR valid_product() [L776] int retValue_acc ; [L779] retValue_acc = 1 [L780] return (retValue_acc); VAL [\result=1, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L901] RET, EXPR valid_product() [L901] tmp = valid_product() [L903] COND TRUE \read(tmp) [L905] FCALL setup() [L906] CALL runTest() [L888] CALL test() [L423] int splverifierCounter ; [L424] int tmp ; [L425] int tmp___0 ; [L426] int tmp___1 ; [L427] int tmp___2 ; [L430] splverifierCounter = 0 VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L432] COND TRUE 1 VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L434] COND TRUE splverifierCounter < 4 [L440] tmp = __VERIFIER_nondet_int() [L442] COND TRUE \read(tmp) VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L444] CALL waterRise() VAL [\old(waterLevel)=1, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L936] COND TRUE waterLevel < 2 [L937] waterLevel = waterLevel + 1 VAL [\old(waterLevel)=1, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L444] RET waterRise() VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L450] tmp___0 = __VERIFIER_nondet_int() [L452] COND TRUE \read(tmp___0) VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L454] CALL changeMethaneLevel() VAL [\old(methaneLevelCritical)=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L948] COND FALSE !(\read(methaneLevelCritical)) [L951] methaneLevelCritical = 1 VAL [\old(methaneLevelCritical)=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L454] RET changeMethaneLevel() VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L460] tmp___2 = __VERIFIER_nondet_int() [L462] COND FALSE !(\read(tmp___2)) [L468] tmp___1 = __VERIFIER_nondet_int() [L470] COND FALSE !(\read(tmp___1)) VAL [cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L479] CALL timeShift() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L508] COND FALSE !(\read(pumpRunning)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L515] COND TRUE \read(systemActive) [L517] CALL processEnvironment() [L589] int tmp ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L592] COND FALSE !(\read(pumpRunning)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L607] CALL processEnvironment__wrappee__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L563] int tmp ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L566] COND FALSE !(\read(pumpRunning)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L581] CALL processEnvironment__wrappee__highWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L537] int tmp ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L540] COND TRUE ! pumpRunning [L542] CALL, EXPR isHighWaterLevel() [L686] int retValue_acc ; [L687] int tmp ; [L688] int tmp___0 ; [L692] CALL, EXPR isHighWaterSensorDry() [L998] int retValue_acc ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L1001] COND FALSE !(waterLevel < 2) [L1005] retValue_acc = 0 [L1006] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L692] RET, EXPR isHighWaterSensorDry() [L692] tmp = isHighWaterSensorDry() [L694] COND FALSE !(\read(tmp)) [L697] tmp___0 = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, tmp___0=1, waterLevel=2] [L699] retValue_acc = tmp___0 [L700] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L542] RET, EXPR isHighWaterLevel() [L542] tmp = isHighWaterLevel() [L544] COND TRUE \read(tmp) [L546] CALL activatePump() [L617] pumpRunning = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L546] RET activatePump() [L581] RET processEnvironment__wrappee__highWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L607] RET processEnvironment__wrappee__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L517] RET processEnvironment() [L523] CALL __utac_acc__Specification1_spec__1() [L787] int tmp ; [L788] int tmp___0 ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L792] CALL, EXPR isMethaneLevelCritical() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L957] int retValue_acc ; [L960] retValue_acc = methaneLevelCritical [L961] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L792] RET, EXPR isMethaneLevelCritical() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L792] tmp = isMethaneLevelCritical() [L794] COND TRUE \read(tmp) [L796] CALL, EXPR isPumpRunning() [L641] int retValue_acc ; [L644] retValue_acc = pumpRunning [L645] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L796] RET, EXPR isPumpRunning() [L796] tmp___0 = isPumpRunning() [L798] COND TRUE \read(tmp___0) [L800] CALL __automaton_fail() [L816] reach_error() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] - StatisticsResult: Ultimate Automizer benchmark data CFG has 10 procedures, 104 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 2.0s, OverallIterations: 9, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 0.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 396 SdHoareTripleChecker+Valid, 0.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 390 mSDsluCounter, 2592 SdHoareTripleChecker+Invalid, 0.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 1595 mSDsCounter, 20 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 187 IncrementalHoareTripleChecker+Invalid, 207 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 20 mSolverCounterUnsat, 997 mSDtfsCounter, 187 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 39 GetRequests, 18 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1149occurred in iteration=8, InterpolantAutomatonStates: 33, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 8 MinimizatonAttempts, 16 StatesRemovedByMinimization, 3 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.7s InterpolantComputationTime, 353 NumberOfCodeBlocks, 353 NumberOfCodeBlocksAsserted, 9 NumberOfCheckSat, 290 ConstructedInterpolants, 0 QuantifiedInterpolants, 512 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 8 InterpolantComputations, 8 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available, ConComCheckerStatistics: No data available RESULT: Ultimate proved your program to be incorrect! [2025-02-05 15:51:07,455 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Writing human readable error path to file UltimateCounterExample.errorpath Result: FALSE