./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 798a7b37 Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash e237a09aaa1bc75b51620084d47086dcaad161f8c8500bd0b8b901d1a9d4bb0a --- Real Ultimate output --- This is Ultimate 0.3.0-?-798a7b3-m [2025-03-03 14:29:04,515 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-03-03 14:29:04,568 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2025-03-03 14:29:04,574 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-03-03 14:29:04,577 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-03-03 14:29:04,597 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-03-03 14:29:04,598 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-03-03 14:29:04,598 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-03-03 14:29:04,598 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-03-03 14:29:04,599 INFO L153 SettingsManager]: * Use memory slicer=true [2025-03-03 14:29:04,599 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-03-03 14:29:04,600 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-03-03 14:29:04,600 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-03-03 14:29:04,600 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-03-03 14:29:04,600 INFO L153 SettingsManager]: * Use SBE=true [2025-03-03 14:29:04,600 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * sizeof long=4 [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * sizeof long double=12 [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-03-03 14:29:04,601 INFO L153 SettingsManager]: * Use constant arrays=true [2025-03-03 14:29:04,601 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-03-03 14:29:04,602 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-03-03 14:29:04,602 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-03-03 14:29:04,602 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-03-03 14:29:04,602 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-03 14:29:04,602 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-03-03 14:29:04,602 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-03-03 14:29:04,602 INFO L153 SettingsManager]: * Compute procedure contracts=false [2025-03-03 14:29:04,602 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2025-03-03 14:29:04,603 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2025-03-03 14:29:04,603 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2025-03-03 14:29:04,603 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-03-03 14:29:04,603 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-03-03 14:29:04,603 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-03-03 14:29:04,603 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-03-03 14:29:04,603 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> e237a09aaa1bc75b51620084d47086dcaad161f8c8500bd0b8b901d1a9d4bb0a [2025-03-03 14:29:04,828 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-03-03 14:29:04,837 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-03-03 14:29:04,839 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-03-03 14:29:04,839 INFO L270 PluginConnector]: Initializing CDTParser... [2025-03-03 14:29:04,840 INFO L274 PluginConnector]: CDTParser initialized [2025-03-03 14:29:04,840 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c [2025-03-03 14:29:06,027 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/41575b010/2db5d357b5c44ba1911d18cf023507c1/FLAG7c720eb6c [2025-03-03 14:29:06,313 INFO L384 CDTParser]: Found 1 translation units. [2025-03-03 14:29:06,313 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c [2025-03-03 14:29:06,325 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/41575b010/2db5d357b5c44ba1911d18cf023507c1/FLAG7c720eb6c [2025-03-03 14:29:06,345 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/41575b010/2db5d357b5c44ba1911d18cf023507c1 [2025-03-03 14:29:06,347 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-03-03 14:29:06,349 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-03-03 14:29:06,350 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-03-03 14:29:06,350 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-03-03 14:29:06,355 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-03-03 14:29:06,355 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,356 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@b083aa2 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06, skipping insertion in model container [2025-03-03 14:29:06,356 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,386 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-03 14:29:06,614 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c[20217,20230] [2025-03-03 14:29:06,621 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-03 14:29:06,632 INFO L200 MainTranslator]: Completed pre-run [2025-03-03 14:29:06,638 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [49] [2025-03-03 14:29:06,639 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [140] [2025-03-03 14:29:06,639 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [481] [2025-03-03 14:29:06,639 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [847] [2025-03-03 14:29:06,640 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification1_spec.i","") [895] [2025-03-03 14:29:06,640 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [922] [2025-03-03 14:29:06,640 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [1026] [2025-03-03 14:29:06,640 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1035] [2025-03-03 14:29:06,687 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_productSimulator.cil.c[20217,20230] [2025-03-03 14:29:06,690 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-03 14:29:06,704 INFO L204 MainTranslator]: Completed translation [2025-03-03 14:29:06,704 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06 WrapperNode [2025-03-03 14:29:06,705 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-03-03 14:29:06,705 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2025-03-03 14:29:06,705 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2025-03-03 14:29:06,705 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2025-03-03 14:29:06,709 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,720 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,739 INFO L138 Inliner]: procedures = 63, calls = 121, calls flagged for inlining = 27, calls inlined = 24, statements flattened = 274 [2025-03-03 14:29:06,739 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2025-03-03 14:29:06,740 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2025-03-03 14:29:06,740 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2025-03-03 14:29:06,740 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2025-03-03 14:29:06,746 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,746 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,752 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,769 INFO L175 MemorySlicer]: Split 2 memory accesses to 1 slices as follows [2]. 100 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2]. The 0 writes are split as follows [0]. [2025-03-03 14:29:06,769 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,769 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,776 INFO L184 PluginConnector]: Executing the observer ReplaceArrayAssignments from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,777 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,778 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,779 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,780 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2025-03-03 14:29:06,781 INFO L112 PluginConnector]: ------------------------IcfgBuilder---------------------------- [2025-03-03 14:29:06,781 INFO L270 PluginConnector]: Initializing IcfgBuilder... [2025-03-03 14:29:06,781 INFO L274 PluginConnector]: IcfgBuilder initialized [2025-03-03 14:29:06,781 INFO L184 PluginConnector]: Executing the observer IcfgBuilderObserver from plugin IcfgBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (1/1) ... [2025-03-03 14:29:06,785 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-03 14:29:06,794 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-03 14:29:06,807 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2025-03-03 14:29:06,812 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure activatePump__before__methaneQuery [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure activatePump__before__methaneQuery [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__highWaterSensor [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__highWaterSensor [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__methaneAlarm [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__methaneAlarm [2025-03-03 14:29:06,828 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__lowWaterSensor [2025-03-03 14:29:06,828 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__lowWaterSensor [2025-03-03 14:29:06,829 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2025-03-03 14:29:06,829 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2025-03-03 14:29:06,829 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2025-03-03 14:29:06,829 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2025-03-03 14:29:06,829 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2025-03-03 14:29:06,829 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2025-03-03 14:29:06,829 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2025-03-03 14:29:06,829 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2025-03-03 14:29:06,829 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2025-03-03 14:29:06,829 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2025-03-03 14:29:06,829 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2025-03-03 14:29:06,894 INFO L256 CfgBuilder]: Building ICFG [2025-03-03 14:29:06,896 INFO L286 CfgBuilder]: Building CFG for each procedure with an implementation [2025-03-03 14:29:06,977 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1014-1: isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; [2025-03-03 14:29:06,977 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L436-1: isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; [2025-03-03 14:29:06,981 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L859: #res := ~retValue_acc~7; [2025-03-03 14:29:06,994 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L968: #res := ~retValue_acc~9; [2025-03-03 14:29:07,061 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L381-1: isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; [2025-03-03 14:29:07,150 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L892-1: valid_product_#res#1 := valid_product_~retValue_acc~8#1; [2025-03-03 14:29:07,151 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1128-1: main_#res#1 := main_~retValue_acc~13#1; [2025-03-03 14:29:07,194 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1023-1: isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~12#1; [2025-03-03 14:29:07,194 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L455-1: isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~3#1; [2025-03-03 14:29:07,199 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L372: #res := ~retValue_acc~0; [2025-03-03 14:29:07,215 INFO L? ?]: Removed 52 outVars from TransFormulas that were not future-live. [2025-03-03 14:29:07,215 INFO L307 CfgBuilder]: Performing block encoding [2025-03-03 14:29:07,224 INFO L331 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2025-03-03 14:29:07,225 INFO L336 CfgBuilder]: Removed 0 assume(true) statements. [2025-03-03 14:29:07,225 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 03.03 02:29:07 BoogieIcfgContainer [2025-03-03 14:29:07,225 INFO L131 PluginConnector]: ------------------------ END IcfgBuilder---------------------------- [2025-03-03 14:29:07,227 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2025-03-03 14:29:07,227 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2025-03-03 14:29:07,230 INFO L274 PluginConnector]: TraceAbstraction initialized [2025-03-03 14:29:07,230 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 03.03 02:29:06" (1/3) ... [2025-03-03 14:29:07,231 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1996f205 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.03 02:29:07, skipping insertion in model container [2025-03-03 14:29:07,231 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:29:06" (2/3) ... [2025-03-03 14:29:07,231 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1996f205 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.03 02:29:07, skipping insertion in model container [2025-03-03 14:29:07,231 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 03.03 02:29:07" (3/3) ... [2025-03-03 14:29:07,232 INFO L128 eAbstractionObserver]: Analyzing ICFG minepump_spec1_productSimulator.cil.c [2025-03-03 14:29:07,244 INFO L216 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2025-03-03 14:29:07,245 INFO L151 ceAbstractionStarter]: Applying trace abstraction to ICFG minepump_spec1_productSimulator.cil.c that has 13 procedures, 142 locations, 1 initial locations, 2 loop locations, and 1 error locations. [2025-03-03 14:29:07,295 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2025-03-03 14:29:07,303 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@1e4d716a, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2025-03-03 14:29:07,303 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2025-03-03 14:29:07,306 INFO L276 IsEmpty]: Start isEmpty. Operand has 142 states, 98 states have (on average 1.346938775510204) internal successors, (132), 114 states have internal predecessors, (132), 30 states have call successors, (30), 12 states have call predecessors, (30), 12 states have return successors, (30), 25 states have call predecessors, (30), 30 states have call successors, (30) [2025-03-03 14:29:07,312 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2025-03-03 14:29:07,312 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:07,313 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:07,313 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:07,316 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:07,317 INFO L85 PathProgramCache]: Analyzing trace with hash 645628972, now seen corresponding path program 1 times [2025-03-03 14:29:07,322 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:07,324 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [66517931] [2025-03-03 14:29:07,325 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:07,325 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:07,392 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 53 statements into 1 equivalence classes. [2025-03-03 14:29:07,432 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 53 of 53 statements. [2025-03-03 14:29:07,433 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:07,433 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:07,501 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:07,503 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:07,503 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [66517931] [2025-03-03 14:29:07,503 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [66517931] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:07,504 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:07,504 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2025-03-03 14:29:07,505 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1663973059] [2025-03-03 14:29:07,506 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:07,509 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2025-03-03 14:29:07,510 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:07,526 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2025-03-03 14:29:07,527 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-03-03 14:29:07,529 INFO L87 Difference]: Start difference. First operand has 142 states, 98 states have (on average 1.346938775510204) internal successors, (132), 114 states have internal predecessors, (132), 30 states have call successors, (30), 12 states have call predecessors, (30), 12 states have return successors, (30), 25 states have call predecessors, (30), 30 states have call successors, (30) Second operand has 2 states, 2 states have (on average 13.5) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:07,563 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:07,564 INFO L93 Difference]: Finished difference Result 261 states and 359 transitions. [2025-03-03 14:29:07,564 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2025-03-03 14:29:07,568 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 13.5) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 53 [2025-03-03 14:29:07,568 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:07,575 INFO L225 Difference]: With dead ends: 261 [2025-03-03 14:29:07,576 INFO L226 Difference]: Without dead ends: 133 [2025-03-03 14:29:07,581 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-03-03 14:29:07,585 INFO L435 NwaCegarLoop]: 188 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 188 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:07,586 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 188 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:29:07,597 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 133 states. [2025-03-03 14:29:07,623 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 133 to 133. [2025-03-03 14:29:07,625 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 133 states, 91 states have (on average 1.3186813186813187) internal successors, (120), 106 states have internal predecessors, (120), 30 states have call successors, (30), 12 states have call predecessors, (30), 11 states have return successors, (29), 24 states have call predecessors, (29), 29 states have call successors, (29) [2025-03-03 14:29:07,630 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 133 states to 133 states and 179 transitions. [2025-03-03 14:29:07,634 INFO L78 Accepts]: Start accepts. Automaton has 133 states and 179 transitions. Word has length 53 [2025-03-03 14:29:07,636 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:07,636 INFO L471 AbstractCegarLoop]: Abstraction has 133 states and 179 transitions. [2025-03-03 14:29:07,636 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 13.5) internal successors, (27), 2 states have internal predecessors, (27), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:07,636 INFO L276 IsEmpty]: Start isEmpty. Operand 133 states and 179 transitions. [2025-03-03 14:29:07,639 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2025-03-03 14:29:07,640 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:07,641 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:07,641 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2025-03-03 14:29:07,641 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:07,642 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:07,642 INFO L85 PathProgramCache]: Analyzing trace with hash 504472483, now seen corresponding path program 1 times [2025-03-03 14:29:07,642 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:07,642 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1700125239] [2025-03-03 14:29:07,642 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:07,642 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:07,665 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 54 statements into 1 equivalence classes. [2025-03-03 14:29:07,691 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 54 of 54 statements. [2025-03-03 14:29:07,695 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:07,695 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:07,803 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:07,803 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:07,803 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1700125239] [2025-03-03 14:29:07,803 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1700125239] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:07,806 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:07,806 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-03-03 14:29:07,807 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [469857900] [2025-03-03 14:29:07,807 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:07,807 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-03-03 14:29:07,807 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:07,808 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-03-03 14:29:07,808 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:29:07,808 INFO L87 Difference]: Start difference. First operand 133 states and 179 transitions. Second operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:07,852 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:07,852 INFO L93 Difference]: Finished difference Result 211 states and 284 transitions. [2025-03-03 14:29:07,852 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-03-03 14:29:07,853 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 54 [2025-03-03 14:29:07,853 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:07,854 INFO L225 Difference]: With dead ends: 211 [2025-03-03 14:29:07,854 INFO L226 Difference]: Without dead ends: 124 [2025-03-03 14:29:07,855 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:29:07,856 INFO L435 NwaCegarLoop]: 166 mSDtfsCounter, 20 mSDsluCounter, 141 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 307 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:07,856 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 307 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:29:07,856 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 124 states. [2025-03-03 14:29:07,864 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 124 to 124. [2025-03-03 14:29:07,864 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 124 states, 85 states have (on average 1.3294117647058823) internal successors, (113), 100 states have internal predecessors, (113), 27 states have call successors, (27), 11 states have call predecessors, (27), 11 states have return successors, (27), 22 states have call predecessors, (27), 27 states have call successors, (27) [2025-03-03 14:29:07,866 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 124 states to 124 states and 167 transitions. [2025-03-03 14:29:07,866 INFO L78 Accepts]: Start accepts. Automaton has 124 states and 167 transitions. Word has length 54 [2025-03-03 14:29:07,867 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:07,867 INFO L471 AbstractCegarLoop]: Abstraction has 124 states and 167 transitions. [2025-03-03 14:29:07,867 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (9), 2 states have call predecessors, (9), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:07,867 INFO L276 IsEmpty]: Start isEmpty. Operand 124 states and 167 transitions. [2025-03-03 14:29:07,868 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 59 [2025-03-03 14:29:07,868 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:07,868 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:07,868 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2025-03-03 14:29:07,868 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:07,868 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:07,869 INFO L85 PathProgramCache]: Analyzing trace with hash 1902163242, now seen corresponding path program 1 times [2025-03-03 14:29:07,869 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:07,869 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [884074297] [2025-03-03 14:29:07,869 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:07,869 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:07,882 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 58 statements into 1 equivalence classes. [2025-03-03 14:29:07,896 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 58 of 58 statements. [2025-03-03 14:29:07,896 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:07,896 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:08,001 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:08,001 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:08,001 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [884074297] [2025-03-03 14:29:08,001 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [884074297] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:08,001 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:08,001 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-03-03 14:29:08,001 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1375463433] [2025-03-03 14:29:08,002 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:08,002 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-03-03 14:29:08,002 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:08,002 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-03-03 14:29:08,002 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:29:08,002 INFO L87 Difference]: Start difference. First operand 124 states and 167 transitions. Second operand has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:08,036 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:08,036 INFO L93 Difference]: Finished difference Result 326 states and 446 transitions. [2025-03-03 14:29:08,037 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-03-03 14:29:08,037 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 58 [2025-03-03 14:29:08,038 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:08,039 INFO L225 Difference]: With dead ends: 326 [2025-03-03 14:29:08,040 INFO L226 Difference]: Without dead ends: 224 [2025-03-03 14:29:08,040 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:29:08,041 INFO L435 NwaCegarLoop]: 187 mSDtfsCounter, 134 mSDsluCounter, 135 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 134 SdHoareTripleChecker+Valid, 322 SdHoareTripleChecker+Invalid, 6 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:08,041 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [134 Valid, 322 Invalid, 6 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:29:08,042 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 224 states. [2025-03-03 14:29:08,060 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 224 to 221. [2025-03-03 14:29:08,061 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 221 states, 151 states have (on average 1.3642384105960266) internal successors, (206), 180 states have internal predecessors, (206), 48 states have call successors, (48), 21 states have call predecessors, (48), 21 states have return successors, (48), 37 states have call predecessors, (48), 48 states have call successors, (48) [2025-03-03 14:29:08,063 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 221 states to 221 states and 302 transitions. [2025-03-03 14:29:08,064 INFO L78 Accepts]: Start accepts. Automaton has 221 states and 302 transitions. Word has length 58 [2025-03-03 14:29:08,065 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:08,065 INFO L471 AbstractCegarLoop]: Abstraction has 221 states and 302 transitions. [2025-03-03 14:29:08,065 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 11.0) internal successors, (33), 3 states have internal predecessors, (33), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:08,065 INFO L276 IsEmpty]: Start isEmpty. Operand 221 states and 302 transitions. [2025-03-03 14:29:08,066 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 63 [2025-03-03 14:29:08,069 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:08,069 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:08,069 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2025-03-03 14:29:08,069 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:08,070 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:08,070 INFO L85 PathProgramCache]: Analyzing trace with hash 924323374, now seen corresponding path program 1 times [2025-03-03 14:29:08,070 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:08,070 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1366513659] [2025-03-03 14:29:08,070 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:08,070 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:08,087 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 62 statements into 1 equivalence classes. [2025-03-03 14:29:08,100 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 62 of 62 statements. [2025-03-03 14:29:08,100 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:08,100 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:08,196 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:08,196 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:08,196 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1366513659] [2025-03-03 14:29:08,196 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1366513659] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:08,196 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:08,196 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-03 14:29:08,196 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [950338490] [2025-03-03 14:29:08,196 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:08,196 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-03 14:29:08,196 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:08,197 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-03 14:29:08,197 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-03 14:29:08,197 INFO L87 Difference]: Start difference. First operand 221 states and 302 transitions. Second operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (8), 1 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:08,291 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:08,291 INFO L93 Difference]: Finished difference Result 541 states and 771 transitions. [2025-03-03 14:29:08,292 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-03 14:29:08,292 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (8), 1 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 62 [2025-03-03 14:29:08,292 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:08,295 INFO L225 Difference]: With dead ends: 541 [2025-03-03 14:29:08,295 INFO L226 Difference]: Without dead ends: 342 [2025-03-03 14:29:08,298 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2025-03-03 14:29:08,299 INFO L435 NwaCegarLoop]: 165 mSDtfsCounter, 130 mSDsluCounter, 426 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 11 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 130 SdHoareTripleChecker+Valid, 591 SdHoareTripleChecker+Invalid, 45 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 11 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:08,299 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [130 Valid, 591 Invalid, 45 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [11 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:29:08,300 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 342 states. [2025-03-03 14:29:08,333 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 342 to 341. [2025-03-03 14:29:08,335 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 341 states, 239 states have (on average 1.3347280334728033) internal successors, (319), 272 states have internal predecessors, (319), 64 states have call successors, (64), 37 states have call predecessors, (64), 37 states have return successors, (84), 59 states have call predecessors, (84), 64 states have call successors, (84) [2025-03-03 14:29:08,337 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 341 states to 341 states and 467 transitions. [2025-03-03 14:29:08,338 INFO L78 Accepts]: Start accepts. Automaton has 341 states and 467 transitions. Word has length 62 [2025-03-03 14:29:08,339 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:08,339 INFO L471 AbstractCegarLoop]: Abstraction has 341 states and 467 transitions. [2025-03-03 14:29:08,339 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (8), 1 states have call predecessors, (8), 1 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2025-03-03 14:29:08,339 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 467 transitions. [2025-03-03 14:29:08,341 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 83 [2025-03-03 14:29:08,342 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:08,343 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:08,343 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2025-03-03 14:29:08,343 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:08,343 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:08,343 INFO L85 PathProgramCache]: Analyzing trace with hash 160277991, now seen corresponding path program 1 times [2025-03-03 14:29:08,343 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:08,343 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1961371343] [2025-03-03 14:29:08,343 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:08,344 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:08,356 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 82 statements into 1 equivalence classes. [2025-03-03 14:29:08,363 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 82 of 82 statements. [2025-03-03 14:29:08,366 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:08,367 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:08,503 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:08,503 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:08,504 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1961371343] [2025-03-03 14:29:08,504 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1961371343] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:08,504 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:08,504 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-03 14:29:08,505 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [677577758] [2025-03-03 14:29:08,505 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:08,505 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-03 14:29:08,506 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:08,506 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-03 14:29:08,506 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-03 14:29:08,506 INFO L87 Difference]: Start difference. First operand 341 states and 467 transitions. Second operand has 5 states, 5 states have (on average 10.2) internal successors, (51), 5 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-03-03 14:29:08,559 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:08,561 INFO L93 Difference]: Finished difference Result 666 states and 955 transitions. [2025-03-03 14:29:08,561 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-03 14:29:08,561 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 10.2) internal successors, (51), 5 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 82 [2025-03-03 14:29:08,561 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:08,563 INFO L225 Difference]: With dead ends: 666 [2025-03-03 14:29:08,564 INFO L226 Difference]: Without dead ends: 347 [2025-03-03 14:29:08,568 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-03 14:29:08,569 INFO L435 NwaCegarLoop]: 164 mSDtfsCounter, 0 mSDsluCounter, 485 mSDsCounter, 0 mSdLazyCounter, 18 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 649 SdHoareTripleChecker+Invalid, 18 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 18 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:08,569 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 649 Invalid, 18 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 18 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:29:08,570 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 347 states. [2025-03-03 14:29:08,592 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 347 to 347. [2025-03-03 14:29:08,593 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 347 states, 245 states have (on average 1.3265306122448979) internal successors, (325), 278 states have internal predecessors, (325), 64 states have call successors, (64), 37 states have call predecessors, (64), 37 states have return successors, (84), 59 states have call predecessors, (84), 64 states have call successors, (84) [2025-03-03 14:29:08,596 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 347 states to 347 states and 473 transitions. [2025-03-03 14:29:08,596 INFO L78 Accepts]: Start accepts. Automaton has 347 states and 473 transitions. Word has length 82 [2025-03-03 14:29:08,597 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:08,597 INFO L471 AbstractCegarLoop]: Abstraction has 347 states and 473 transitions. [2025-03-03 14:29:08,597 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 10.2) internal successors, (51), 5 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-03-03 14:29:08,597 INFO L276 IsEmpty]: Start isEmpty. Operand 347 states and 473 transitions. [2025-03-03 14:29:08,599 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 83 [2025-03-03 14:29:08,599 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:08,599 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:08,599 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2025-03-03 14:29:08,599 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:08,600 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:08,600 INFO L85 PathProgramCache]: Analyzing trace with hash 191297798, now seen corresponding path program 1 times [2025-03-03 14:29:08,600 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:08,600 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2086654432] [2025-03-03 14:29:08,600 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:08,600 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:08,612 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 82 statements into 1 equivalence classes. [2025-03-03 14:29:08,621 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 82 of 82 statements. [2025-03-03 14:29:08,622 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:08,622 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:08,679 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:08,680 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:08,680 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2086654432] [2025-03-03 14:29:08,680 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2086654432] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:08,680 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:08,680 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-03-03 14:29:08,680 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1793163575] [2025-03-03 14:29:08,681 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:08,681 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-03 14:29:08,682 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:08,682 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-03 14:29:08,682 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-03 14:29:08,682 INFO L87 Difference]: Start difference. First operand 347 states and 473 transitions. Second operand has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-03-03 14:29:08,715 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:08,716 INFO L93 Difference]: Finished difference Result 676 states and 965 transitions. [2025-03-03 14:29:08,716 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-03 14:29:08,716 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) Word has length 82 [2025-03-03 14:29:08,716 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:08,718 INFO L225 Difference]: With dead ends: 676 [2025-03-03 14:29:08,718 INFO L226 Difference]: Without dead ends: 351 [2025-03-03 14:29:08,720 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-03 14:29:08,722 INFO L435 NwaCegarLoop]: 165 mSDtfsCounter, 0 mSDsluCounter, 324 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 489 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:08,722 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 489 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:29:08,724 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 351 states. [2025-03-03 14:29:08,742 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 351 to 351. [2025-03-03 14:29:08,743 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 351 states, 249 states have (on average 1.321285140562249) internal successors, (329), 282 states have internal predecessors, (329), 64 states have call successors, (64), 37 states have call predecessors, (64), 37 states have return successors, (84), 59 states have call predecessors, (84), 64 states have call successors, (84) [2025-03-03 14:29:08,746 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 351 states to 351 states and 477 transitions. [2025-03-03 14:29:08,746 INFO L78 Accepts]: Start accepts. Automaton has 351 states and 477 transitions. Word has length 82 [2025-03-03 14:29:08,747 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:08,747 INFO L471 AbstractCegarLoop]: Abstraction has 351 states and 477 transitions. [2025-03-03 14:29:08,747 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (10), 2 states have call predecessors, (10), 2 states have call successors, (10) [2025-03-03 14:29:08,747 INFO L276 IsEmpty]: Start isEmpty. Operand 351 states and 477 transitions. [2025-03-03 14:29:08,749 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 83 [2025-03-03 14:29:08,749 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:08,749 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:08,750 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2025-03-03 14:29:08,750 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:08,750 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:08,750 INFO L85 PathProgramCache]: Analyzing trace with hash -318175292, now seen corresponding path program 1 times [2025-03-03 14:29:08,750 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:08,750 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [689196926] [2025-03-03 14:29:08,750 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:08,751 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:08,761 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 82 statements into 1 equivalence classes. [2025-03-03 14:29:08,767 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 82 of 82 statements. [2025-03-03 14:29:08,769 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:08,769 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:08,879 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:08,879 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:08,879 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [689196926] [2025-03-03 14:29:08,879 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [689196926] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:08,879 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:08,879 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-03-03 14:29:08,880 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [133996455] [2025-03-03 14:29:08,880 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:08,880 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-03 14:29:08,880 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:08,880 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-03 14:29:08,881 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-03 14:29:08,881 INFO L87 Difference]: Start difference. First operand 351 states and 477 transitions. Second operand has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2025-03-03 14:29:09,038 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:09,038 INFO L93 Difference]: Finished difference Result 1085 states and 1540 transitions. [2025-03-03 14:29:09,038 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-03 14:29:09,039 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) Word has length 82 [2025-03-03 14:29:09,039 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:09,044 INFO L225 Difference]: With dead ends: 1085 [2025-03-03 14:29:09,045 INFO L226 Difference]: Without dead ends: 756 [2025-03-03 14:29:09,046 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-03 14:29:09,047 INFO L435 NwaCegarLoop]: 265 mSDtfsCounter, 206 mSDsluCounter, 232 mSDsCounter, 0 mSdLazyCounter, 97 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 206 SdHoareTripleChecker+Valid, 497 SdHoareTripleChecker+Invalid, 102 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 97 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:09,048 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [206 Valid, 497 Invalid, 102 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 97 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-03-03 14:29:09,049 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 756 states. [2025-03-03 14:29:09,091 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 756 to 744. [2025-03-03 14:29:09,093 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 744 states, 532 states have (on average 1.3176691729323309) internal successors, (701), 599 states have internal predecessors, (701), 130 states have call successors, (130), 79 states have call predecessors, (130), 81 states have return successors, (208), 122 states have call predecessors, (208), 130 states have call successors, (208) [2025-03-03 14:29:09,099 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 744 states to 744 states and 1039 transitions. [2025-03-03 14:29:09,101 INFO L78 Accepts]: Start accepts. Automaton has 744 states and 1039 transitions. Word has length 82 [2025-03-03 14:29:09,101 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:09,101 INFO L471 AbstractCegarLoop]: Abstraction has 744 states and 1039 transitions. [2025-03-03 14:29:09,102 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 12.75) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (11), 2 states have call predecessors, (11), 2 states have return successors, (10), 3 states have call predecessors, (10), 4 states have call successors, (10) [2025-03-03 14:29:09,102 INFO L276 IsEmpty]: Start isEmpty. Operand 744 states and 1039 transitions. [2025-03-03 14:29:09,104 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 87 [2025-03-03 14:29:09,105 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:09,105 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:09,105 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2025-03-03 14:29:09,105 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:09,105 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:09,109 INFO L85 PathProgramCache]: Analyzing trace with hash 1926934850, now seen corresponding path program 1 times [2025-03-03 14:29:09,110 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:09,110 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1762854873] [2025-03-03 14:29:09,110 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:09,110 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:09,118 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 86 statements into 1 equivalence classes. [2025-03-03 14:29:09,132 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 86 of 86 statements. [2025-03-03 14:29:09,133 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:09,133 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:29:09,234 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:29:09,235 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:29:09,235 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1762854873] [2025-03-03 14:29:09,235 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1762854873] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:29:09,235 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:29:09,235 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2025-03-03 14:29:09,235 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1507236244] [2025-03-03 14:29:09,236 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:29:09,236 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2025-03-03 14:29:09,236 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:29:09,236 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2025-03-03 14:29:09,237 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2025-03-03 14:29:09,237 INFO L87 Difference]: Start difference. First operand 744 states and 1039 transitions. Second operand has 6 states, 6 states have (on average 8.833333333333334) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (11), 3 states have call predecessors, (11), 2 states have call successors, (11) [2025-03-03 14:29:09,433 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:29:09,433 INFO L93 Difference]: Finished difference Result 2166 states and 3086 transitions. [2025-03-03 14:29:09,434 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2025-03-03 14:29:09,434 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 8.833333333333334) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (11), 3 states have call predecessors, (11), 2 states have call successors, (11) Word has length 86 [2025-03-03 14:29:09,435 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:29:09,443 INFO L225 Difference]: With dead ends: 2166 [2025-03-03 14:29:09,443 INFO L226 Difference]: Without dead ends: 1444 [2025-03-03 14:29:09,447 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2025-03-03 14:29:09,447 INFO L435 NwaCegarLoop]: 165 mSDtfsCounter, 123 mSDsluCounter, 567 mSDsCounter, 0 mSdLazyCounter, 81 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 125 SdHoareTripleChecker+Valid, 732 SdHoareTripleChecker+Invalid, 83 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 81 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-03 14:29:09,447 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [125 Valid, 732 Invalid, 83 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 81 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-03-03 14:29:09,450 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1444 states. [2025-03-03 14:29:09,523 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1444 to 1444. [2025-03-03 14:29:09,526 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1444 states, 1028 states have (on average 1.3054474708171206) internal successors, (1342), 1161 states have internal predecessors, (1342), 254 states have call successors, (254), 157 states have call predecessors, (254), 161 states have return successors, (420), 238 states have call predecessors, (420), 254 states have call successors, (420) [2025-03-03 14:29:09,534 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1444 states to 1444 states and 2016 transitions. [2025-03-03 14:29:09,536 INFO L78 Accepts]: Start accepts. Automaton has 1444 states and 2016 transitions. Word has length 86 [2025-03-03 14:29:09,536 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:29:09,536 INFO L471 AbstractCegarLoop]: Abstraction has 1444 states and 2016 transitions. [2025-03-03 14:29:09,536 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 8.833333333333334) internal successors, (53), 5 states have internal predecessors, (53), 2 states have call successors, (12), 2 states have call predecessors, (12), 2 states have return successors, (11), 3 states have call predecessors, (11), 2 states have call successors, (11) [2025-03-03 14:29:09,536 INFO L276 IsEmpty]: Start isEmpty. Operand 1444 states and 2016 transitions. [2025-03-03 14:29:09,540 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 91 [2025-03-03 14:29:09,540 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:29:09,540 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:09,540 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2025-03-03 14:29:09,541 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:29:09,541 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:29:09,541 INFO L85 PathProgramCache]: Analyzing trace with hash -1676691935, now seen corresponding path program 1 times [2025-03-03 14:29:09,541 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:29:09,541 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [645538422] [2025-03-03 14:29:09,541 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:29:09,541 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:29:09,550 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 90 statements into 1 equivalence classes. [2025-03-03 14:29:09,560 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 90 of 90 statements. [2025-03-03 14:29:09,560 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:09,560 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-03-03 14:29:09,561 INFO L348 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2025-03-03 14:29:09,565 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 90 statements into 1 equivalence classes. [2025-03-03 14:29:09,574 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 90 of 90 statements. [2025-03-03 14:29:09,576 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:29:09,576 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-03-03 14:29:09,607 INFO L130 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2025-03-03 14:29:09,607 INFO L340 BasicCegarLoop]: Counterexample is feasible [2025-03-03 14:29:09,608 INFO L782 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2025-03-03 14:29:09,610 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2025-03-03 14:29:09,612 INFO L422 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:29:09,687 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2025-03-03 14:29:09,689 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 03.03 02:29:09 BoogieIcfgContainer [2025-03-03 14:29:09,689 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2025-03-03 14:29:09,690 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2025-03-03 14:29:09,690 INFO L270 PluginConnector]: Initializing Witness Printer... [2025-03-03 14:29:09,690 INFO L274 PluginConnector]: Witness Printer initialized [2025-03-03 14:29:09,690 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 03.03 02:29:07" (3/4) ... [2025-03-03 14:29:09,691 INFO L140 WitnessPrinter]: Generating witness for reachability counterexample [2025-03-03 14:29:09,767 INFO L127 tionWitnessGenerator]: Generated YAML witness of length 69. [2025-03-03 14:29:09,839 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2025-03-03 14:29:09,840 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2025-03-03 14:29:09,840 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2025-03-03 14:29:09,841 INFO L158 Benchmark]: Toolchain (without parser) took 3492.87ms. Allocated memory was 167.8MB in the beginning and 369.1MB in the end (delta: 201.3MB). Free memory was 122.5MB in the beginning and 317.1MB in the end (delta: -194.6MB). Peak memory consumption was 3.8MB. Max. memory is 16.1GB. [2025-03-03 14:29:09,841 INFO L158 Benchmark]: CDTParser took 0.25ms. Allocated memory is still 201.3MB. Free memory is still 117.9MB. There was no memory consumed. Max. memory is 16.1GB. [2025-03-03 14:29:09,841 INFO L158 Benchmark]: CACSL2BoogieTranslator took 354.98ms. Allocated memory is still 167.8MB. Free memory was 122.5MB in the beginning and 103.3MB in the end (delta: 19.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-03 14:29:09,841 INFO L158 Benchmark]: Boogie Procedure Inliner took 34.12ms. Allocated memory is still 167.8MB. Free memory was 102.7MB in the beginning and 101.0MB in the end (delta: 1.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2025-03-03 14:29:09,841 INFO L158 Benchmark]: Boogie Preprocessor took 40.25ms. Allocated memory is still 167.8MB. Free memory was 101.0MB in the beginning and 99.2MB in the end (delta: 1.8MB). There was no memory consumed. Max. memory is 16.1GB. [2025-03-03 14:29:09,841 INFO L158 Benchmark]: IcfgBuilder took 444.61ms. Allocated memory is still 167.8MB. Free memory was 99.2MB in the beginning and 75.8MB in the end (delta: 23.4MB). Peak memory consumption was 25.2MB. Max. memory is 16.1GB. [2025-03-03 14:29:09,841 INFO L158 Benchmark]: TraceAbstraction took 2462.39ms. Allocated memory was 167.8MB in the beginning and 369.1MB in the end (delta: 201.3MB). Free memory was 75.0MB in the beginning and 330.7MB in the end (delta: -255.7MB). Peak memory consumption was 36.3MB. Max. memory is 16.1GB. [2025-03-03 14:29:09,841 INFO L158 Benchmark]: Witness Printer took 150.45ms. Allocated memory is still 369.1MB. Free memory was 330.7MB in the beginning and 317.1MB in the end (delta: 13.6MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2025-03-03 14:29:09,842 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.25ms. Allocated memory is still 201.3MB. Free memory is still 117.9MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 354.98ms. Allocated memory is still 167.8MB. Free memory was 122.5MB in the beginning and 103.3MB in the end (delta: 19.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 34.12ms. Allocated memory is still 167.8MB. Free memory was 102.7MB in the beginning and 101.0MB in the end (delta: 1.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Preprocessor took 40.25ms. Allocated memory is still 167.8MB. Free memory was 101.0MB in the beginning and 99.2MB in the end (delta: 1.8MB). There was no memory consumed. Max. memory is 16.1GB. * IcfgBuilder took 444.61ms. Allocated memory is still 167.8MB. Free memory was 99.2MB in the beginning and 75.8MB in the end (delta: 23.4MB). Peak memory consumption was 25.2MB. Max. memory is 16.1GB. * TraceAbstraction took 2462.39ms. Allocated memory was 167.8MB in the beginning and 369.1MB in the end (delta: 201.3MB). Free memory was 75.0MB in the beginning and 330.7MB in the end (delta: -255.7MB). Peak memory consumption was 36.3MB. Max. memory is 16.1GB. * Witness Printer took 150.45ms. Allocated memory is still 369.1MB. Free memory was 330.7MB in the beginning and 317.1MB in the end (delta: 13.6MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [49] - GenericResultAtLocation [Line: 140]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [140] - GenericResultAtLocation [Line: 481]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [481] - GenericResultAtLocation [Line: 847]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [847] - GenericResultAtLocation [Line: 895]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification1_spec.i","") [895] - GenericResultAtLocation [Line: 922]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [922] - GenericResultAtLocation [Line: 1026]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [1026] - GenericResultAtLocation [Line: 1035]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [1035] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - CounterExampleResult [Line: 1031]: a call to reach_error is reachable a call to reach_error is reachable We found a FailurePath: [L50] int __SELECTED_FEATURE_base ; [L51] int __SELECTED_FEATURE_highWaterSensor ; [L52] int __SELECTED_FEATURE_lowWaterSensor ; [L53] int __SELECTED_FEATURE_methaneQuery ; [L54] int __SELECTED_FEATURE_methaneAlarm ; [L55] int __SELECTED_FEATURE_stopCommand ; [L56] int __SELECTED_FEATURE_startCommand ; [L57] int __GUIDSL_ROOT_PRODUCTION ; [L150] int pumpRunning = 0; [L151] int systemActive = 1; [L651] static struct __ACC__ERR *head = (struct __ACC__ERR *)0; [L924] int waterLevel = 1; [L925] int methaneLevelCritical = 0; [L1036] int cleanupTimeShifts = 4; VAL [__GUIDSL_ROOT_PRODUCTION=0, __SELECTED_FEATURE_base=0, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1109] int retValue_acc ; [L1110] int tmp ; [L1114] CALL select_helpers() [L882] __GUIDSL_ROOT_PRODUCTION = 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=0, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1114] RET select_helpers() [L1115] CALL select_features() [L867] __SELECTED_FEATURE_base = 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L868] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=16, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L868] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L868] __SELECTED_FEATURE_highWaterSensor = select_one() [L869] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L869] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L869] __SELECTED_FEATURE_lowWaterSensor = select_one() [L870] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L870] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L870] __SELECTED_FEATURE_methaneQuery = select_one() [L871] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L871] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L871] __SELECTED_FEATURE_methaneAlarm = select_one() [L872] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L872] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L872] __SELECTED_FEATURE_stopCommand = select_one() [L873] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L853] int retValue_acc ; [L854] int choice = __VERIFIER_nondet_int(); [L857] retValue_acc = choice [L858] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L873] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L873] __SELECTED_FEATURE_startCommand = select_one() [L1115] RET select_features() [L1116] CALL, EXPR valid_product() [L887] int retValue_acc ; [L890] retValue_acc = __SELECTED_FEATURE_base [L891] return (retValue_acc); VAL [\result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1116] RET, EXPR valid_product() [L1116] tmp = valid_product() [L1118] COND TRUE \read(tmp) [L1120] FCALL setup() [L1121] CALL runTest() [L1103] CALL test() [L65] int splverifierCounter ; [L66] int tmp ; [L67] int tmp___0 ; [L68] int tmp___1 ; [L69] int tmp___2 ; [L72] splverifierCounter = 0 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L74] COND TRUE 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L76] COND TRUE splverifierCounter < 4 [L82] tmp = __VERIFIER_nondet_int() [L84] COND TRUE \read(tmp) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L86] CALL waterRise() VAL [\old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L942] COND TRUE waterLevel < 2 [L943] waterLevel = waterLevel + 1 VAL [\old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L86] RET waterRise() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L92] tmp___0 = __VERIFIER_nondet_int() [L94] COND TRUE \read(tmp___0) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L96] CALL changeMethaneLevel() VAL [\old(methaneLevelCritical)=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L954] COND FALSE !(\read(methaneLevelCritical)) [L957] methaneLevelCritical = 1 VAL [\old(methaneLevelCritical)=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L96] RET changeMethaneLevel() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L102] tmp___2 = __VERIFIER_nondet_int() [L104] COND FALSE !(\read(tmp___2)) [L114] tmp___1 = __VERIFIER_nondet_int() [L116] COND FALSE !(\read(tmp___1)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L129] CALL timeShift() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L158] COND FALSE !(\read(pumpRunning)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L165] COND TRUE \read(systemActive) [L167] CALL processEnvironment() [L301] COND FALSE !(\read(__SELECTED_FEATURE_methaneAlarm)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L308] CALL processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L258] COND FALSE !(\read(__SELECTED_FEATURE_lowWaterSensor)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L265] CALL processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L215] COND TRUE \read(__SELECTED_FEATURE_highWaterSensor) [L217] CALL processEnvironment__role__highWaterSensor() [L187] int tmp ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L190] COND TRUE ! pumpRunning [L192] CALL, EXPR isHighWaterLevel() [L421] int retValue_acc ; [L422] int tmp ; [L423] int tmp___0 ; [L427] CALL, EXPR isHighWaterSensorDry() [L1004] int retValue_acc ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L1007] COND FALSE !(waterLevel < 2) [L1011] retValue_acc = 0 [L1012] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L427] RET, EXPR isHighWaterSensorDry() [L427] tmp = isHighWaterSensorDry() [L429] COND FALSE !(\read(tmp)) [L432] tmp___0 = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, tmp___0=1, waterLevel=2] [L434] retValue_acc = tmp___0 [L435] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L192] RET, EXPR isHighWaterLevel() [L192] tmp = isHighWaterLevel() [L194] COND TRUE \read(tmp) [L196] CALL activatePump() [L343] COND FALSE !(\read(__SELECTED_FEATURE_methaneQuery)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L350] CALL activatePump__before__methaneQuery() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=0, systemActive=1, waterLevel=2] [L318] pumpRunning = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L350] RET activatePump__before__methaneQuery() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L196] RET activatePump() [L217] RET processEnvironment__role__highWaterSensor() [L265] RET processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L308] RET processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L167] RET processEnvironment() [L173] CALL __utac_acc__Specification1_spec__1() [L898] int tmp ; [L899] int tmp___0 ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L903] CALL, EXPR isMethaneLevelCritical() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L963] int retValue_acc ; [L966] retValue_acc = methaneLevelCritical [L967] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L903] RET, EXPR isMethaneLevelCritical() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L903] tmp = isMethaneLevelCritical() [L905] COND TRUE \read(tmp) [L907] CALL, EXPR isPumpRunning() [L376] int retValue_acc ; [L379] retValue_acc = pumpRunning [L380] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] [L907] RET, EXPR isPumpRunning() [L907] tmp___0 = isPumpRunning() [L909] COND TRUE \read(tmp___0) [L911] CALL __automaton_fail() [L1031] reach_error() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=1, pumpRunning=1, systemActive=1, waterLevel=2] - StatisticsResult: Ultimate Automizer benchmark data CFG has 13 procedures, 142 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 2.3s, OverallIterations: 9, TraceHistogramMax: 6, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 0.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 619 SdHoareTripleChecker+Valid, 0.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 613 mSDsluCounter, 3775 SdHoareTripleChecker+Invalid, 0.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2310 mSDsCounter, 20 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 246 IncrementalHoareTripleChecker+Invalid, 266 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 20 mSolverCounterUnsat, 1465 mSDtfsCounter, 246 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 38 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 4 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1444occurred in iteration=8, InterpolantAutomatonStates: 33, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 8 MinimizatonAttempts, 16 StatesRemovedByMinimization, 3 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 0.8s InterpolantComputationTime, 649 NumberOfCodeBlocks, 649 NumberOfCodeBlocksAsserted, 9 NumberOfCheckSat, 551 ConstructedInterpolants, 0 QuantifiedInterpolants, 816 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 8 InterpolantComputations, 8 PerfectInterpolantSequences, 360/360 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available, ConComCheckerStatistics: No data available RESULT: Ultimate proved your program to be incorrect! [2025-03-03 14:29:09,860 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Writing human readable error path to file UltimateCounterExample.errorpath Result: FALSE