./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version c00e63dc Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c -s /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash e237a09aaa1bc75b51620084d47086dcaad161f8c8500bd0b8b901d1a9d4bb0a --- Real Ultimate output --- This is Ultimate 0.3.0-?-c00e63d-m [2025-02-05 15:51:11,026 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-02-05 15:51:11,077 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2025-02-05 15:51:11,081 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-02-05 15:51:11,081 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-02-05 15:51:11,107 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-02-05 15:51:11,108 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-02-05 15:51:11,109 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-02-05 15:51:11,109 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-02-05 15:51:11,109 INFO L153 SettingsManager]: * Use memory slicer=true [2025-02-05 15:51:11,110 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-02-05 15:51:11,110 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-02-05 15:51:11,110 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-02-05 15:51:11,110 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-02-05 15:51:11,111 INFO L153 SettingsManager]: * Use SBE=true [2025-02-05 15:51:11,111 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-02-05 15:51:11,111 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2025-02-05 15:51:11,111 INFO L153 SettingsManager]: * sizeof long=4 [2025-02-05 15:51:11,111 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-02-05 15:51:11,111 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-02-05 15:51:11,111 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-02-05 15:51:11,111 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * sizeof long double=12 [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * Use constant arrays=true [2025-02-05 15:51:11,112 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-02-05 15:51:11,112 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-02-05 15:51:11,113 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-02-05 15:51:11,113 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-02-05 15:51:11,113 INFO L153 SettingsManager]: * Compute procedure contracts=false [2025-02-05 15:51:11,113 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2025-02-05 15:51:11,113 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2025-02-05 15:51:11,113 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2025-02-05 15:51:11,113 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-02-05 15:51:11,113 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-02-05 15:51:11,114 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-02-05 15:51:11,114 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-02-05 15:51:11,114 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> e237a09aaa1bc75b51620084d47086dcaad161f8c8500bd0b8b901d1a9d4bb0a [2025-02-05 15:51:11,341 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-02-05 15:51:11,349 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-02-05 15:51:11,352 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-02-05 15:51:11,354 INFO L270 PluginConnector]: Initializing CDTParser... [2025-02-05 15:51:11,354 INFO L274 PluginConnector]: CDTParser initialized [2025-02-05 15:51:11,356 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c [2025-02-05 15:51:12,505 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/5b3e484c0/03aa935dd9b249128a69bb4b0ac703f5/FLAG7d0f91bc6 [2025-02-05 15:51:12,771 INFO L384 CDTParser]: Found 1 translation units. [2025-02-05 15:51:12,772 INFO L180 CDTParser]: Scanning /storage/repos/ultimate-jdk21/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c [2025-02-05 15:51:12,784 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/5b3e484c0/03aa935dd9b249128a69bb4b0ac703f5/FLAG7d0f91bc6 [2025-02-05 15:51:13,072 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/data/5b3e484c0/03aa935dd9b249128a69bb4b0ac703f5 [2025-02-05 15:51:13,074 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-02-05 15:51:13,075 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-02-05 15:51:13,076 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-02-05 15:51:13,076 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-02-05 15:51:13,079 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-02-05 15:51:13,079 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,080 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4ae90002 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13, skipping insertion in model container [2025-02-05 15:51:13,080 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,111 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-02-05 15:51:13,340 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate-jdk21/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c[20217,20230] [2025-02-05 15:51:13,353 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-02-05 15:51:13,362 INFO L200 MainTranslator]: Completed pre-run [2025-02-05 15:51:13,368 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [49] [2025-02-05 15:51:13,370 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [140] [2025-02-05 15:51:13,370 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [481] [2025-02-05 15:51:13,370 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [847] [2025-02-05 15:51:13,370 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification1_spec.i","") [895] [2025-02-05 15:51:13,370 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [922] [2025-02-05 15:51:13,370 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [1026] [2025-02-05 15:51:13,370 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1035] [2025-02-05 15:51:13,418 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate-jdk21/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c[20217,20230] [2025-02-05 15:51:13,426 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-02-05 15:51:13,443 INFO L204 MainTranslator]: Completed translation [2025-02-05 15:51:13,443 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13 WrapperNode [2025-02-05 15:51:13,444 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-02-05 15:51:13,445 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2025-02-05 15:51:13,446 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2025-02-05 15:51:13,446 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2025-02-05 15:51:13,450 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,457 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,475 INFO L138 Inliner]: procedures = 63, calls = 121, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 274 [2025-02-05 15:51:13,476 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2025-02-05 15:51:13,476 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2025-02-05 15:51:13,476 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2025-02-05 15:51:13,476 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2025-02-05 15:51:13,482 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,482 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,484 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,496 INFO L175 MemorySlicer]: Split 2 memory accesses to 1 slices as follows [2]. 100 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2]. The 0 writes are split as follows [0]. [2025-02-05 15:51:13,497 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,497 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,501 INFO L184 PluginConnector]: Executing the observer ReplaceArrayAssignments from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,502 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,502 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,505 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,506 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2025-02-05 15:51:13,507 INFO L112 PluginConnector]: ------------------------IcfgBuilder---------------------------- [2025-02-05 15:51:13,507 INFO L270 PluginConnector]: Initializing IcfgBuilder... [2025-02-05 15:51:13,507 INFO L274 PluginConnector]: IcfgBuilder initialized [2025-02-05 15:51:13,507 INFO L184 PluginConnector]: Executing the observer IcfgBuilderObserver from plugin IcfgBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (1/1) ... [2025-02-05 15:51:13,512 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-02-05 15:51:13,522 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 [2025-02-05 15:51:13,534 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2025-02-05 15:51:13,540 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure activatePump__before__methaneQuery [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure activatePump__before__methaneQuery [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__highWaterSensor [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__highWaterSensor [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__methaneAlarm [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__methaneAlarm [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__lowWaterSensor [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__lowWaterSensor [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2025-02-05 15:51:13,558 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2025-02-05 15:51:13,558 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2025-02-05 15:51:13,559 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2025-02-05 15:51:13,559 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2025-02-05 15:51:13,559 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2025-02-05 15:51:13,559 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2025-02-05 15:51:13,559 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2025-02-05 15:51:13,559 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2025-02-05 15:51:13,559 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2025-02-05 15:51:13,621 INFO L257 CfgBuilder]: Building ICFG [2025-02-05 15:51:13,623 INFO L287 CfgBuilder]: Building CFG for each procedure with an implementation [2025-02-05 15:51:13,715 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L1014-1: isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; [2025-02-05 15:51:13,715 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L436-1: isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; [2025-02-05 15:51:13,723 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L859: #res := ~retValue_acc~7; [2025-02-05 15:51:13,733 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L968: #res := ~retValue_acc~9; [2025-02-05 15:51:13,759 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint cleanupFINAL: assume true; [2025-02-05 15:51:13,801 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L381-1: isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; [2025-02-05 15:51:13,899 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L892-1: valid_product_#res#1 := valid_product_~retValue_acc~8#1; [2025-02-05 15:51:13,899 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L1128-1: main_#res#1 := main_~retValue_acc~13#1; [2025-02-05 15:51:13,930 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L1023-1: isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~12#1; [2025-02-05 15:51:13,930 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L455-1: isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~3#1; [2025-02-05 15:51:13,937 INFO L1309 $ProcedureCfgBuilder]: dead code at ProgramPoint L372: #res := ~retValue_acc~0; [2025-02-05 15:51:13,958 INFO L? ?]: Removed 52 outVars from TransFormulas that were not future-live. [2025-02-05 15:51:13,960 INFO L308 CfgBuilder]: Performing block encoding [2025-02-05 15:51:13,971 INFO L332 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2025-02-05 15:51:13,972 INFO L337 CfgBuilder]: Removed 0 assume(true) statements. [2025-02-05 15:51:13,972 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 05.02 03:51:13 BoogieIcfgContainer [2025-02-05 15:51:13,972 INFO L131 PluginConnector]: ------------------------ END IcfgBuilder---------------------------- [2025-02-05 15:51:13,974 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2025-02-05 15:51:13,975 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2025-02-05 15:51:13,978 INFO L274 PluginConnector]: TraceAbstraction initialized [2025-02-05 15:51:13,978 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 05.02 03:51:13" (1/3) ... [2025-02-05 15:51:13,979 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1a1f29db and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 05.02 03:51:13, skipping insertion in model container [2025-02-05 15:51:13,979 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 05.02 03:51:13" (2/3) ... [2025-02-05 15:51:13,979 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1a1f29db and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 05.02 03:51:13, skipping insertion in model container [2025-02-05 15:51:13,979 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 05.02 03:51:13" (3/3) ... [2025-02-05 15:51:13,980 INFO L128 eAbstractionObserver]: Analyzing ICFG minepump_spec1_productSimulator.cil.c [2025-02-05 15:51:13,992 INFO L216 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2025-02-05 15:51:13,993 INFO L151 ceAbstractionStarter]: Applying trace abstraction to ICFG minepump_spec1_productSimulator.cil.c that has 13 procedures, 142 locations, 1 initial locations, 2 loop locations, and 1 error locations. [2025-02-05 15:51:14,034 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2025-02-05 15:51:14,042 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@307195de, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2025-02-05 15:51:14,042 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2025-02-05 15:51:14,045 INFO L276 IsEmpty]: Start isEmpty. Operand has 141 states, 97 states have (on average 1.3505154639175259) internal successors, (131), 113 states have internal predecessors, (131), 30 states have call successors, (30), 12 states have call predecessors, (30), 11 states have return successors, (29), 24 states have call predecessors, (29), 29 states have call successors, (29) [2025-02-05 15:51:14,051 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2025-02-05 15:51:14,052 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:14,052 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:14,053 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:14,056 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:14,057 INFO L85 PathProgramCache]: Analyzing trace with hash 645628972, now seen corresponding path program 1 times [2025-02-05 15:51:14,062 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:14,062 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [726701669] [2025-02-05 15:51:14,063 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:14,065 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:14,119 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 53 statements into 1 equivalence classes. [2025-02-05 15:51:14,152 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 53 of 53 statements. [2025-02-05 15:51:14,152 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:14,153 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:14,226 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:14,226 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:14,226 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [726701669] [2025-02-05 15:51:14,227 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [726701669] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:14,227 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:14,227 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2025-02-05 15:51:14,228 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2087913821] [2025-02-05 15:51:14,229 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:14,231 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2025-02-05 15:51:14,231 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:14,243 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2025-02-05 15:51:14,245 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-02-05 15:51:14,247 INFO L87 Difference]: Start difference. First operand has 141 states, 97 states have (on average 1.3505154639175259) internal successors, (131), 113 states have internal predecessors, (131), 30 states have call successors, (30), 12 states have call predecessors, (30), 11 states have return successors, (29), 24 states have call predecessors, (29), 29 states have call successors, (29) Second operand has 2 states, 2 states have (on average 13.5) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,271 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:14,271 INFO L93 Difference]: Finished difference Result 251 states and 347 transitions. [2025-02-05 15:51:14,272 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2025-02-05 15:51:14,273 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 13.5) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 53 [2025-02-05 15:51:14,273 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:14,279 INFO L225 Difference]: With dead ends: 251 [2025-02-05 15:51:14,280 INFO L226 Difference]: Without dead ends: 133 [2025-02-05 15:51:14,284 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-02-05 15:51:14,287 INFO L435 NwaCegarLoop]: 184 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 184 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:14,287 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 184 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:14,296 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 133 states. [2025-02-05 15:51:14,328 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 133 to 133. [2025-02-05 15:51:14,330 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 133 states, 91 states have (on average 1.3186813186813187) internal successors, (120), 106 states have internal predecessors, (120), 30 states have call successors, (30), 12 states have call predecessors, (30), 11 states have return successors, (29), 24 states have call predecessors, (29), 29 states have call successors, (29) [2025-02-05 15:51:14,338 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 133 states to 133 states and 179 transitions. [2025-02-05 15:51:14,340 INFO L78 Accepts]: Start accepts. Automaton has 133 states and 179 transitions. Word has length 53 [2025-02-05 15:51:14,340 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:14,342 INFO L471 AbstractCegarLoop]: Abstraction has 133 states and 179 transitions. [2025-02-05 15:51:14,343 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 13.5) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,343 INFO L276 IsEmpty]: Start isEmpty. Operand 133 states and 179 transitions. [2025-02-05 15:51:14,345 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2025-02-05 15:51:14,346 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:14,346 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:14,347 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2025-02-05 15:51:14,347 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:14,347 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:14,347 INFO L85 PathProgramCache]: Analyzing trace with hash 504472483, now seen corresponding path program 1 times [2025-02-05 15:51:14,348 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:14,348 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1886151637] [2025-02-05 15:51:14,348 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:14,348 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:14,369 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 54 statements into 1 equivalence classes. [2025-02-05 15:51:14,391 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 54 of 54 statements. [2025-02-05 15:51:14,391 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:14,391 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:14,461 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:14,462 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:14,462 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1886151637] [2025-02-05 15:51:14,462 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1886151637] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:14,462 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:14,462 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-02-05 15:51:14,462 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [958275072] [2025-02-05 15:51:14,462 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:14,463 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-02-05 15:51:14,463 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:14,464 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-02-05 15:51:14,464 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:14,464 INFO L87 Difference]: Start difference. First operand 133 states and 179 transitions. Second operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,482 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:14,482 INFO L93 Difference]: Finished difference Result 211 states and 284 transitions. [2025-02-05 15:51:14,483 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-02-05 15:51:14,483 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 54 [2025-02-05 15:51:14,484 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:14,486 INFO L225 Difference]: With dead ends: 211 [2025-02-05 15:51:14,486 INFO L226 Difference]: Without dead ends: 124 [2025-02-05 15:51:14,486 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:14,487 INFO L435 NwaCegarLoop]: 166 mSDtfsCounter, 20 mSDsluCounter, 141 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 307 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:14,487 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 307 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:14,490 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 124 states. [2025-02-05 15:51:14,498 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 124 to 124. [2025-02-05 15:51:14,498 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 85 states have (on average 1.3294117647058823) internal successors, (113), 100 states have internal predecessors, (113), 27 states have call successors, (27), 11 states have call predecessors, (27), 11 states have return successors, (27), 22 states have call predecessors, (27), 27 states have call successors, (27) [2025-02-05 15:51:14,499 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 167 transitions. [2025-02-05 15:51:14,499 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 167 transitions. Word has length 54 [2025-02-05 15:51:14,500 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:14,500 INFO L471 AbstractCegarLoop]: Abstraction has 124 states and 167 transitions. [2025-02-05 15:51:14,500 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,500 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 167 transitions. [2025-02-05 15:51:14,501 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 59 [2025-02-05 15:51:14,501 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:14,501 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:14,502 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2025-02-05 15:51:14,502 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:14,502 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:14,502 INFO L85 PathProgramCache]: Analyzing trace with hash 1902163242, now seen corresponding path program 1 times [2025-02-05 15:51:14,502 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:14,502 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1548727536] [2025-02-05 15:51:14,503 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:14,503 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:14,512 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 58 statements into 1 equivalence classes. [2025-02-05 15:51:14,525 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 58 of 58 statements. [2025-02-05 15:51:14,526 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:14,526 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:14,617 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:14,618 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:14,618 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1548727536] [2025-02-05 15:51:14,618 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1548727536] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:14,618 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:14,618 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-02-05 15:51:14,618 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [632218030] [2025-02-05 15:51:14,618 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:14,618 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-02-05 15:51:14,618 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:14,619 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-02-05 15:51:14,619 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:14,619 INFO L87 Difference]: Start difference. First operand 124 states and 167 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,660 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:14,660 INFO L93 Difference]: Finished difference Result 326 states and 446 transitions. [2025-02-05 15:51:14,660 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-02-05 15:51:14,660 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 58 [2025-02-05 15:51:14,661 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:14,664 INFO L225 Difference]: With dead ends: 326 [2025-02-05 15:51:14,665 INFO L226 Difference]: Without dead ends: 224 [2025-02-05 15:51:14,666 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-02-05 15:51:14,666 INFO L435 NwaCegarLoop]: 187 mSDtfsCounter, 134 mSDsluCounter, 135 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 134 SdHoareTripleChecker+Valid, 322 SdHoareTripleChecker+Invalid, 6 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:14,666 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [134 Valid, 322 Invalid, 6 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:14,667 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 224 states. [2025-02-05 15:51:14,692 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 224 to 221. [2025-02-05 15:51:14,693 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 221 states, 151 states have (on average 1.3642384105960266) internal successors, (206), 180 states have internal predecessors, (206), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (48), 37 states have call predecessors, (48), 48 states have call successors, (48) [2025-02-05 15:51:14,694 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 221 states to 221 states and 302 transitions. [2025-02-05 15:51:14,694 INFO L78 Accepts]: Start accepts. Automaton has 221 states and 302 transitions. Word has length 58 [2025-02-05 15:51:14,695 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:14,695 INFO L471 AbstractCegarLoop]: Abstraction has 221 states and 302 transitions. [2025-02-05 15:51:14,695 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,695 INFO L276 IsEmpty]: Start isEmpty. Operand 221 states and 302 transitions. [2025-02-05 15:51:14,697 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2025-02-05 15:51:14,697 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:14,697 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:14,697 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2025-02-05 15:51:14,697 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:14,698 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:14,698 INFO L85 PathProgramCache]: Analyzing trace with hash 924323374, now seen corresponding path program 1 times [2025-02-05 15:51:14,698 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:14,698 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [687495654] [2025-02-05 15:51:14,698 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:14,698 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:14,707 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 62 statements into 1 equivalence classes. [2025-02-05 15:51:14,715 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 62 of 62 statements. [2025-02-05 15:51:14,716 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:14,716 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:14,814 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:14,814 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:14,814 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [687495654] [2025-02-05 15:51:14,814 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [687495654] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:14,814 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:14,814 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-02-05 15:51:14,814 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1061541904] [2025-02-05 15:51:14,814 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:14,814 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-02-05 15:51:14,815 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:14,815 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-02-05 15:51:14,815 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-02-05 15:51:14,815 INFO L87 Difference]: Start difference. First operand 221 states and 302 transitions. Second operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (8), 1 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,929 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:14,929 INFO L93 Difference]: Finished difference Result 541 states and 771 transitions. [2025-02-05 15:51:14,930 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-02-05 15:51:14,930 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (8), 1 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 62 [2025-02-05 15:51:14,930 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:14,935 INFO L225 Difference]: With dead ends: 541 [2025-02-05 15:51:14,935 INFO L226 Difference]: Without dead ends: 342 [2025-02-05 15:51:14,936 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2025-02-05 15:51:14,937 INFO L435 NwaCegarLoop]: 165 mSDtfsCounter, 130 mSDsluCounter, 426 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 130 SdHoareTripleChecker+Valid, 591 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:14,937 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [130 Valid, 591 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-02-05 15:51:14,938 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 342 states. [2025-02-05 15:51:14,971 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 342 to 341. [2025-02-05 15:51:14,972 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 341 states, 239 states have (on average 1.3347280334728033) internal successors, (319), 272 states have internal predecessors, (319), 64 states have call successors, (64), 37 states have call predecessors, (64), 37 states have return successors, (84), 59 states have call predecessors, (84), 64 states have call successors, (84) [2025-02-05 15:51:14,974 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 341 states to 341 states and 467 transitions. [2025-02-05 15:51:14,975 INFO L78 Accepts]: Start accepts. Automaton has 341 states and 467 transitions. Word has length 62 [2025-02-05 15:51:14,975 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:14,975 INFO L471 AbstractCegarLoop]: Abstraction has 341 states and 467 transitions. [2025-02-05 15:51:14,975 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (8), 1 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-02-05 15:51:14,975 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 467 transitions. [2025-02-05 15:51:14,977 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 83 [2025-02-05 15:51:14,977 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:14,977 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:14,978 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2025-02-05 15:51:14,978 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:14,978 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:14,978 INFO L85 PathProgramCache]: Analyzing trace with hash 160277991, now seen corresponding path program 1 times [2025-02-05 15:51:14,979 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:14,979 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1877950339] [2025-02-05 15:51:14,979 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:14,979 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:14,992 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 82 statements into 1 equivalence classes. [2025-02-05 15:51:15,009 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 82 of 82 statements. [2025-02-05 15:51:15,010 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:15,010 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:15,096 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:15,097 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:15,097 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1877950339] [2025-02-05 15:51:15,097 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1877950339] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:15,097 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:15,097 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-02-05 15:51:15,097 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [34410046] [2025-02-05 15:51:15,097 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:15,098 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-02-05 15:51:15,098 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:15,098 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-02-05 15:51:15,098 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-02-05 15:51:15,098 INFO L87 Difference]: Start difference. First operand 341 states and 467 transitions. Second operand has 5 states, 5 states have (on average 10.2) internal successors, (51), 5 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-02-05 15:51:15,133 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:15,133 INFO L93 Difference]: Finished difference Result 666 states and 955 transitions. [2025-02-05 15:51:15,133 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-02-05 15:51:15,134 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.2) internal successors, (51), 5 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 82 [2025-02-05 15:51:15,134 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:15,136 INFO L225 Difference]: With dead ends: 666 [2025-02-05 15:51:15,137 INFO L226 Difference]: Without dead ends: 347 [2025-02-05 15:51:15,138 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-02-05 15:51:15,139 INFO L435 NwaCegarLoop]: 164 mSDtfsCounter, 0 mSDsluCounter, 485 mSDsCounter, 0 mSdLazyCounter, 18 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 649 SdHoareTripleChecker+Invalid, 18 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 18 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:15,139 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 649 Invalid, 18 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 18 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:15,140 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 347 states. [2025-02-05 15:51:15,157 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 347 to 347. [2025-02-05 15:51:15,157 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 347 states, 245 states have (on average 1.3265306122448979) internal successors, (325), 278 states have internal predecessors, (325), 64 states have call successors, (64), 37 states have call predecessors, (64), 37 states have return successors, (84), 59 states have call predecessors, (84), 64 states have call successors, (84) [2025-02-05 15:51:15,159 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 347 states to 347 states and 473 transitions. [2025-02-05 15:51:15,160 INFO L78 Accepts]: Start accepts. Automaton has 347 states and 473 transitions. Word has length 82 [2025-02-05 15:51:15,160 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:15,160 INFO L471 AbstractCegarLoop]: Abstraction has 347 states and 473 transitions. [2025-02-05 15:51:15,161 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 10.2) internal successors, (51), 5 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-02-05 15:51:15,161 INFO L276 IsEmpty]: Start isEmpty. Operand 347 states and 473 transitions. [2025-02-05 15:51:15,162 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 83 [2025-02-05 15:51:15,162 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:15,162 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:15,162 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2025-02-05 15:51:15,162 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:15,163 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:15,163 INFO L85 PathProgramCache]: Analyzing trace with hash 191297798, now seen corresponding path program 1 times [2025-02-05 15:51:15,163 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:15,163 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1320929226] [2025-02-05 15:51:15,163 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:15,163 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:15,177 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 82 statements into 1 equivalence classes. [2025-02-05 15:51:15,187 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 82 of 82 statements. [2025-02-05 15:51:15,190 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:15,190 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:15,271 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:15,272 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:15,273 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1320929226] [2025-02-05 15:51:15,273 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1320929226] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:15,273 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:15,273 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-02-05 15:51:15,273 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1900967041] [2025-02-05 15:51:15,273 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:15,273 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-02-05 15:51:15,273 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:15,274 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-02-05 15:51:15,274 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:15,274 INFO L87 Difference]: Start difference. First operand 347 states and 473 transitions. Second operand has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-02-05 15:51:15,308 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:15,310 INFO L93 Difference]: Finished difference Result 676 states and 965 transitions. [2025-02-05 15:51:15,311 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-02-05 15:51:15,311 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 82 [2025-02-05 15:51:15,311 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:15,314 INFO L225 Difference]: With dead ends: 676 [2025-02-05 15:51:15,315 INFO L226 Difference]: Without dead ends: 351 [2025-02-05 15:51:15,316 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:15,318 INFO L435 NwaCegarLoop]: 165 mSDtfsCounter, 0 mSDsluCounter, 324 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 489 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:15,318 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 489 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-02-05 15:51:15,319 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 351 states. [2025-02-05 15:51:15,342 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 351 to 351. [2025-02-05 15:51:15,343 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 351 states, 249 states have (on average 1.321285140562249) internal successors, (329), 282 states have internal predecessors, (329), 64 states have call successors, (64), 37 states have call predecessors, (64), 37 states have return successors, (84), 59 states have call predecessors, (84), 64 states have call successors, (84) [2025-02-05 15:51:15,346 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 351 states to 351 states and 477 transitions. [2025-02-05 15:51:15,346 INFO L78 Accepts]: Start accepts. Automaton has 351 states and 477 transitions. Word has length 82 [2025-02-05 15:51:15,346 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:15,347 INFO L471 AbstractCegarLoop]: Abstraction has 351 states and 477 transitions. [2025-02-05 15:51:15,347 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-02-05 15:51:15,347 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 477 transitions. [2025-02-05 15:51:15,348 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 83 [2025-02-05 15:51:15,348 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:15,348 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:15,348 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2025-02-05 15:51:15,348 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:15,349 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:15,349 INFO L85 PathProgramCache]: Analyzing trace with hash -318175292, now seen corresponding path program 1 times [2025-02-05 15:51:15,349 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:15,349 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [918370575] [2025-02-05 15:51:15,349 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:15,349 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:15,357 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 82 statements into 1 equivalence classes. [2025-02-05 15:51:15,362 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 82 of 82 statements. [2025-02-05 15:51:15,362 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:15,362 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:15,421 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:15,421 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:15,421 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [918370575] [2025-02-05 15:51:15,421 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [918370575] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:15,421 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:15,421 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-02-05 15:51:15,421 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [611339097] [2025-02-05 15:51:15,421 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:15,421 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-02-05 15:51:15,421 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:15,422 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-02-05 15:51:15,422 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:15,422 INFO L87 Difference]: Start difference. First operand 351 states and 477 transitions. Second operand has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2025-02-05 15:51:15,593 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:15,593 INFO L93 Difference]: Finished difference Result 1085 states and 1540 transitions. [2025-02-05 15:51:15,594 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-02-05 15:51:15,594 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 82 [2025-02-05 15:51:15,594 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:15,599 INFO L225 Difference]: With dead ends: 1085 [2025-02-05 15:51:15,599 INFO L226 Difference]: Without dead ends: 756 [2025-02-05 15:51:15,600 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-02-05 15:51:15,602 INFO L435 NwaCegarLoop]: 265 mSDtfsCounter, 206 mSDsluCounter, 232 mSDsCounter, 0 mSdLazyCounter, 97 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 206 SdHoareTripleChecker+Valid, 497 SdHoareTripleChecker+Invalid, 102 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 97 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:15,603 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [206 Valid, 497 Invalid, 102 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 97 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-02-05 15:51:15,604 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 756 states. [2025-02-05 15:51:15,655 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 756 to 744. [2025-02-05 15:51:15,656 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 744 states, 532 states have (on average 1.3176691729323309) internal successors, (701), 599 states have internal predecessors, (701), 130 states have call successors, (130), 79 states have call predecessors, (130), 81 states have return successors, (208), 122 states have call predecessors, (208), 130 states have call successors, (208) [2025-02-05 15:51:15,661 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 744 states to 744 states and 1039 transitions. [2025-02-05 15:51:15,663 INFO L78 Accepts]: Start accepts. Automaton has 744 states and 1039 transitions. Word has length 82 [2025-02-05 15:51:15,663 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:15,663 INFO L471 AbstractCegarLoop]: Abstraction has 744 states and 1039 transitions. [2025-02-05 15:51:15,664 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2025-02-05 15:51:15,664 INFO L276 IsEmpty]: Start isEmpty. Operand 744 states and 1039 transitions. [2025-02-05 15:51:15,666 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 87 [2025-02-05 15:51:15,667 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:15,667 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:15,667 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2025-02-05 15:51:15,667 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:15,668 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:15,668 INFO L85 PathProgramCache]: Analyzing trace with hash 1926934850, now seen corresponding path program 1 times [2025-02-05 15:51:15,668 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:15,668 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [673157010] [2025-02-05 15:51:15,668 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:15,668 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:15,681 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 86 statements into 1 equivalence classes. [2025-02-05 15:51:15,691 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 86 of 86 statements. [2025-02-05 15:51:15,691 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:15,691 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-02-05 15:51:15,801 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-02-05 15:51:15,802 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-02-05 15:51:15,802 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [673157010] [2025-02-05 15:51:15,802 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [673157010] provided 1 perfect and 0 imperfect interpolant sequences [2025-02-05 15:51:15,802 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-02-05 15:51:15,803 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2025-02-05 15:51:15,803 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1786014289] [2025-02-05 15:51:15,803 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-02-05 15:51:15,803 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2025-02-05 15:51:15,803 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-02-05 15:51:15,803 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2025-02-05 15:51:15,804 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2025-02-05 15:51:15,804 INFO L87 Difference]: Start difference. First operand 744 states and 1039 transitions. Second operand has 6 states, 6 states have (on average 8.833333333333334) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (11), 3 states have call predecessors, (11), 2 states have call successors, (11) [2025-02-05 15:51:16,000 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-02-05 15:51:16,000 INFO L93 Difference]: Finished difference Result 2166 states and 3086 transitions. [2025-02-05 15:51:16,001 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2025-02-05 15:51:16,001 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 8.833333333333334) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (11), 3 states have call predecessors, (11), 2 states have call successors, (11) Word has length 86 [2025-02-05 15:51:16,002 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-02-05 15:51:16,012 INFO L225 Difference]: With dead ends: 2166 [2025-02-05 15:51:16,012 INFO L226 Difference]: Without dead ends: 1444 [2025-02-05 15:51:16,016 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2025-02-05 15:51:16,016 INFO L435 NwaCegarLoop]: 165 mSDtfsCounter, 123 mSDsluCounter, 567 mSDsCounter, 0 mSdLazyCounter, 81 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 125 SdHoareTripleChecker+Valid, 732 SdHoareTripleChecker+Invalid, 83 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 81 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-02-05 15:51:16,017 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [125 Valid, 732 Invalid, 83 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 81 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-02-05 15:51:16,019 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1444 states. [2025-02-05 15:51:16,092 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1444 to 1444. [2025-02-05 15:51:16,095 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1444 states, 1028 states have (on average 1.3054474708171206) internal successors, (1342), 1161 states have internal predecessors, (1342), 254 states have call successors, (254), 157 states have call predecessors, (254), 161 states have return successors, (420), 238 states have call predecessors, (420), 254 states have call successors, (420) [2025-02-05 15:51:16,103 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1444 states to 1444 states and 2016 transitions. [2025-02-05 15:51:16,105 INFO L78 Accepts]: Start accepts. Automaton has 1444 states and 2016 transitions. Word has length 86 [2025-02-05 15:51:16,106 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-02-05 15:51:16,106 INFO L471 AbstractCegarLoop]: Abstraction has 1444 states and 2016 transitions. [2025-02-05 15:51:16,106 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 8.833333333333334) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (11), 3 states have call predecessors, (11), 2 states have call successors, (11) [2025-02-05 15:51:16,106 INFO L276 IsEmpty]: Start isEmpty. Operand 1444 states and 2016 transitions. [2025-02-05 15:51:16,109 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 91 [2025-02-05 15:51:16,109 INFO L210 NwaCegarLoop]: Found error trace [2025-02-05 15:51:16,109 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:16,110 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2025-02-05 15:51:16,110 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-02-05 15:51:16,111 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-02-05 15:51:16,111 INFO L85 PathProgramCache]: Analyzing trace with hash -1676691935, now seen corresponding path program 1 times [2025-02-05 15:51:16,111 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-02-05 15:51:16,111 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [789886878] [2025-02-05 15:51:16,111 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-02-05 15:51:16,111 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-02-05 15:51:16,121 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 90 statements into 1 equivalence classes. [2025-02-05 15:51:16,133 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 90 of 90 statements. [2025-02-05 15:51:16,134 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:16,134 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-02-05 15:51:16,134 INFO L348 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2025-02-05 15:51:16,138 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 90 statements into 1 equivalence classes. [2025-02-05 15:51:16,148 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 90 of 90 statements. [2025-02-05 15:51:16,150 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-02-05 15:51:16,150 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-02-05 15:51:16,178 INFO L130 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2025-02-05 15:51:16,178 INFO L340 BasicCegarLoop]: Counterexample is feasible [2025-02-05 15:51:16,179 INFO L782 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2025-02-05 15:51:16,180 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2025-02-05 15:51:16,183 INFO L422 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-02-05 15:51:16,254 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2025-02-05 15:51:16,259 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 05.02 03:51:16 BoogieIcfgContainer [2025-02-05 15:51:16,260 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2025-02-05 15:51:16,261 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2025-02-05 15:51:16,261 INFO L270 PluginConnector]: Initializing Witness Printer... [2025-02-05 15:51:16,261 INFO L274 PluginConnector]: Witness Printer initialized [2025-02-05 15:51:16,261 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 05.02 03:51:13" (3/4) ... [2025-02-05 15:51:16,262 INFO L140 WitnessPrinter]: Generating witness for reachability counterexample [2025-02-05 15:51:16,346 INFO L127 tionWitnessGenerator]: Generated YAML witness of length 69. [2025-02-05 15:51:16,417 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/witness.graphml [2025-02-05 15:51:16,421 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/witness.yml [2025-02-05 15:51:16,421 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2025-02-05 15:51:16,421 INFO L158 Benchmark]: Toolchain (without parser) took 3346.75ms. Allocated memory was 142.6MB in the beginning and 176.2MB in the end (delta: 33.6MB). Free memory was 112.4MB in the beginning and 124.0MB in the end (delta: -11.6MB). Peak memory consumption was 17.2MB. Max. memory is 16.1GB. [2025-02-05 15:51:16,422 INFO L158 Benchmark]: CDTParser took 0.42ms. Allocated memory is still 201.3MB. Free memory is still 123.2MB. There was no memory consumed. Max. memory is 16.1GB. [2025-02-05 15:51:16,422 INFO L158 Benchmark]: CACSL2BoogieTranslator took 369.44ms. Allocated memory is still 142.6MB. Free memory was 112.4MB in the beginning and 92.5MB in the end (delta: 19.9MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-02-05 15:51:16,422 INFO L158 Benchmark]: Boogie Procedure Inliner took 30.18ms. Allocated memory is still 142.6MB. Free memory was 92.5MB in the beginning and 90.4MB in the end (delta: 2.1MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2025-02-05 15:51:16,422 INFO L158 Benchmark]: Boogie Preprocessor took 30.34ms. Allocated memory is still 142.6MB. Free memory was 90.4MB in the beginning and 88.6MB in the end (delta: 1.8MB). There was no memory consumed. Max. memory is 16.1GB. [2025-02-05 15:51:16,422 INFO L158 Benchmark]: IcfgBuilder took 465.62ms. Allocated memory is still 142.6MB. Free memory was 88.6MB in the beginning and 65.7MB in the end (delta: 22.9MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-02-05 15:51:16,425 INFO L158 Benchmark]: TraceAbstraction took 2286.12ms. Allocated memory was 142.6MB in the beginning and 176.2MB in the end (delta: 33.6MB). Free memory was 65.2MB in the beginning and 138.0MB in the end (delta: -72.8MB). Peak memory consumption was 34.0MB. Max. memory is 16.1GB. [2025-02-05 15:51:16,425 INFO L158 Benchmark]: Witness Printer took 160.13ms. Allocated memory is still 176.2MB. Free memory was 138.0MB in the beginning and 124.0MB in the end (delta: 14.0MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2025-02-05 15:51:16,426 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.42ms. Allocated memory is still 201.3MB. Free memory is still 123.2MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 369.44ms. Allocated memory is still 142.6MB. Free memory was 112.4MB in the beginning and 92.5MB in the end (delta: 19.9MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 30.18ms. Allocated memory is still 142.6MB. Free memory was 92.5MB in the beginning and 90.4MB in the end (delta: 2.1MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Preprocessor took 30.34ms. Allocated memory is still 142.6MB. Free memory was 90.4MB in the beginning and 88.6MB in the end (delta: 1.8MB). There was no memory consumed. Max. memory is 16.1GB. * IcfgBuilder took 465.62ms. Allocated memory is still 142.6MB. Free memory was 88.6MB in the beginning and 65.7MB in the end (delta: 22.9MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 2286.12ms. Allocated memory was 142.6MB in the beginning and 176.2MB in the end (delta: 33.6MB). Free memory was 65.2MB in the beginning and 138.0MB in the end (delta: -72.8MB). Peak memory consumption was 34.0MB. Max. memory is 16.1GB. * Witness Printer took 160.13ms. Allocated memory is still 176.2MB. Free memory was 138.0MB in the beginning and 124.0MB in the end (delta: 14.0MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [49] - GenericResultAtLocation [Line: 140]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [140] - GenericResultAtLocation [Line: 481]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [481] - GenericResultAtLocation [Line: 847]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [847] - GenericResultAtLocation [Line: 895]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification1_spec.i","") [895] - GenericResultAtLocation [Line: 922]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [922] - GenericResultAtLocation [Line: 1026]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [1026] - GenericResultAtLocation [Line: 1035]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1035] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - CounterExampleResult [Line: 1031]: a call to reach_error is reachable a call to reach_error is reachable We found a FailurePath: [L50] int __SELECTED_FEATURE_base ; [L51] int __SELECTED_FEATURE_highWaterSensor ; [L52] int __SELECTED_FEATURE_lowWaterSensor ; [L53] int __SELECTED_FEATURE_methaneQuery ; [L54] int __SELECTED_FEATURE_methaneAlarm ; [L55] int __SELECTED_FEATURE_stopCommand ; [L56] int __SELECTED_FEATURE_startCommand ; [L57] int __GUIDSL_ROOT_PRODUCTION ; [L150] int pumpRunning = 0; [L151] int systemActive = 1; [L651] static struct __ACC__ERR *head = (struct __ACC__ERR *)0; [L924] int waterLevel = 1; [L925] int methaneLevelCritical = 0; [L1036] int cleanupTimeShifts = 4; VAL [__GUIDSL_ROOT_PRODUCTION=0, __SELECTED_FEATURE_base=0, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1109] int retValue_acc ; [L1110] int tmp ; [L1114] CALL select_helpers() [L882] __GUIDSL_ROOT_PRODUCTION = 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=0, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1114] RET select_helpers() [L1115] CALL select_features() [L867] __SELECTED_FEATURE_base = 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L868] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=16, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L868] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L868] __SELECTED_FEATURE_highWaterSensor = select_one() [L869] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L869] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L869] __SELECTED_FEATURE_lowWaterSensor = select_one() [L870] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L870] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L870] __SELECTED_FEATURE_methaneQuery = select_one() [L871] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L871] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L871] __SELECTED_FEATURE_methaneAlarm = select_one() [L872] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L872] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L872] __SELECTED_FEATURE_stopCommand = select_one() [L873] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L873] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L873] __SELECTED_FEATURE_startCommand = select_one() [L1115] RET select_features() [L1116] CALL, EXPR valid_product() [L887] int retValue_acc ; [L890] retValue_acc = __SELECTED_FEATURE_base [L891] return (retValue_acc); VAL [\result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1116] RET, EXPR valid_product() [L1116] tmp = valid_product() [L1118] COND TRUE \read(tmp) [L1120] FCALL setup() [L1121] CALL runTest() [L1103] CALL test() [L65] int splverifierCounter ; [L66] int tmp ; [L67] int tmp___0 ; [L68] int tmp___1 ; [L69] int tmp___2 ; [L72] splverifierCounter = 0 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L74] COND TRUE 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L76] COND TRUE splverifierCounter < 4 [L82] tmp = __VERIFIER_nondet_int() [L84] COND TRUE \read(tmp) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L86] CALL waterRise() VAL [\old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L942] COND TRUE waterLevel < 2 [L943] waterLevel = waterLevel + 1 VAL [\old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L86] RET waterRise() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L92] tmp___0 = __VERIFIER_nondet_int() [L94] COND TRUE \read(tmp___0) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L96] CALL changeMethaneLevel() VAL [\old(methaneLevelCritical)=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L954] COND FALSE !(\read(methaneLevelCritical)) [L957] methaneLevelCritical = 1 VAL [\old(methaneLevelCritical)=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L96] RET changeMethaneLevel() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L102] tmp___2 = __VERIFIER_nondet_int() [L104] COND FALSE !(\read(tmp___2)) [L114] tmp___1 = __VERIFIER_nondet_int() [L116] COND FALSE !(\read(tmp___1)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L129] CALL timeShift() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L158] COND FALSE !(\read(pumpRunning)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L165] COND TRUE \read(systemActive) [L167] CALL processEnvironment() [L301] COND FALSE !(\read(__SELECTED_FEATURE_methaneAlarm)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L308] CALL processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L258] COND FALSE !(\read(__SELECTED_FEATURE_lowWaterSensor)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L265] CALL processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L215] COND TRUE \read(__SELECTED_FEATURE_highWaterSensor) [L217] CALL processEnvironment__role__highWaterSensor() [L187] int tmp ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L190] COND TRUE ! pumpRunning [L192] CALL, EXPR isHighWaterLevel() [L421] int retValue_acc ; [L422] int tmp ; [L423] int tmp___0 ; [L427] CALL, EXPR isHighWaterSensorDry() [L1004] int retValue_acc ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L1007] COND FALSE !(waterLevel < 2) [L1011] retValue_acc = 0 [L1012] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L427] RET, EXPR isHighWaterSensorDry() [L427] tmp = isHighWaterSensorDry() [L429] COND FALSE !(\read(tmp)) [L432] tmp___0 = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, tmp___0=1, waterLevel=2] [L434] retValue_acc = tmp___0 [L435] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L192] RET, EXPR isHighWaterLevel() [L192] tmp = isHighWaterLevel() [L194] COND TRUE \read(tmp) [L196] CALL activatePump() [L343] COND FALSE !(\read(__SELECTED_FEATURE_methaneQuery)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L350] CALL activatePump__before__methaneQuery() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L318] pumpRunning = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L350] RET activatePump__before__methaneQuery() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L196] RET activatePump() [L217] RET processEnvironment__role__highWaterSensor() [L265] RET processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L308] RET processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L167] RET processEnvironment() [L173] CALL __utac_acc__Specification1_spec__1() [L898] int tmp ; [L899] int tmp___0 ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L903] CALL, EXPR isMethaneLevelCritical() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L963] int retValue_acc ; [L966] retValue_acc = methaneLevelCritical [L967] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L903] RET, EXPR isMethaneLevelCritical() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L903] tmp = isMethaneLevelCritical() [L905] COND TRUE \read(tmp) [L907] CALL, EXPR isPumpRunning() [L376] int retValue_acc ; [L379] retValue_acc = pumpRunning [L380] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L907] RET, EXPR isPumpRunning() [L907] tmp___0 = isPumpRunning() [L909] COND TRUE \read(tmp___0) [L911] CALL __automaton_fail() [L1031] reach_error() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] - StatisticsResult: Ultimate Automizer benchmark data CFG has 13 procedures, 142 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 2.2s, OverallIterations: 9, TraceHistogramMax: 6, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 0.7s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 619 SdHoareTripleChecker+Valid, 0.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 613 mSDsluCounter, 3771 SdHoareTripleChecker+Invalid, 0.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2310 mSDsCounter, 20 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 246 IncrementalHoareTripleChecker+Invalid, 266 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 20 mSolverCounterUnsat, 1461 mSDtfsCounter, 246 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 38 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1444occurred in iteration=8, InterpolantAutomatonStates: 33, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 8 MinimizatonAttempts, 16 StatesRemovedByMinimization, 3 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.7s InterpolantComputationTime, 649 NumberOfCodeBlocks, 649 NumberOfCodeBlocksAsserted, 9 NumberOfCheckSat, 551 ConstructedInterpolants, 0 QuantifiedInterpolants, 816 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 8 InterpolantComputations, 8 PerfectInterpolantSequences, 360/360 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available, ConComCheckerStatistics: No data available RESULT: Ultimate proved your program to be incorrect! [2025-02-05 15:51:16,443 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate-jdk21/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Writing human readable error path to file UltimateCounterExample.errorpath Result: FALSE