./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_productSimulator.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 798a7b37 Calling Ultimate with: /root/.sdkman/candidates/java/21.0.5-tem/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.6.800.v20240513-1750.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_productSimulator.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 45558e1c10008e5b16efe572a84fcf92b08797f54d586c51d45827b7e38254a6 --- Real Ultimate output --- This is Ultimate 0.3.0-?-798a7b3-m [2025-03-03 14:31:17,185 INFO L188 SettingsManager]: Resetting all preferences to default values... [2025-03-03 14:31:17,228 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2025-03-03 14:31:17,232 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2025-03-03 14:31:17,232 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2025-03-03 14:31:17,247 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2025-03-03 14:31:17,247 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2025-03-03 14:31:17,247 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2025-03-03 14:31:17,247 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2025-03-03 14:31:17,247 INFO L153 SettingsManager]: * Use memory slicer=true [2025-03-03 14:31:17,247 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2025-03-03 14:31:17,247 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2025-03-03 14:31:17,248 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Use SBE=true [2025-03-03 14:31:17,248 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * sizeof long=4 [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * sizeof POINTER=4 [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * sizeof long double=12 [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Behaviour of calls to undefined functions=OVERAPPROXIMATE_BEHAVIOUR [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Use constant arrays=true [2025-03-03 14:31:17,248 INFO L151 SettingsManager]: Preferences of IcfgBuilder differ from their defaults: [2025-03-03 14:31:17,248 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-03 14:31:17,249 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Compute procedure contracts=false [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2025-03-03 14:31:17,249 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 45558e1c10008e5b16efe572a84fcf92b08797f54d586c51d45827b7e38254a6 [2025-03-03 14:31:17,490 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2025-03-03 14:31:17,495 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2025-03-03 14:31:17,500 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2025-03-03 14:31:17,502 INFO L270 PluginConnector]: Initializing CDTParser... [2025-03-03 14:31:17,502 INFO L274 PluginConnector]: CDTParser initialized [2025-03-03 14:31:17,503 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_productSimulator.cil.c [2025-03-03 14:31:18,663 INFO L533 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ccb792eb8/e4bc8b6fdbd84ccfb57da8cc08dd7cf0/FLAGdc607fd0a [2025-03-03 14:31:18,931 INFO L384 CDTParser]: Found 1 translation units. [2025-03-03 14:31:18,931 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_productSimulator.cil.c [2025-03-03 14:31:18,945 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ccb792eb8/e4bc8b6fdbd84ccfb57da8cc08dd7cf0/FLAGdc607fd0a [2025-03-03 14:31:18,964 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ccb792eb8/e4bc8b6fdbd84ccfb57da8cc08dd7cf0 [2025-03-03 14:31:18,966 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2025-03-03 14:31:18,967 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2025-03-03 14:31:18,969 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2025-03-03 14:31:18,972 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2025-03-03 14:31:18,975 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2025-03-03 14:31:18,976 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.03 02:31:18" (1/1) ... [2025-03-03 14:31:18,976 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7ecc5b62 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:18, skipping insertion in model container [2025-03-03 14:31:18,978 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 03.03 02:31:18" (1/1) ... [2025-03-03 14:31:19,012 INFO L175 MainTranslator]: Built tables and reachable declarations [2025-03-03 14:31:19,171 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_productSimulator.cil.c[9333,9346] [2025-03-03 14:31:19,234 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-03 14:31:19,244 INFO L200 MainTranslator]: Completed pre-run [2025-03-03 14:31:19,250 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [49] [2025-03-03 14:31:19,252 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification4_spec.i","") [153] [2025-03-03 14:31:19,252 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [190] [2025-03-03 14:31:19,252 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [530] [2025-03-03 14:31:19,252 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [607] [2025-03-03 14:31:19,252 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [616] [2025-03-03 14:31:19,253 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [982] [2025-03-03 14:31:19,253 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [1085] [2025-03-03 14:31:19,278 WARN L250 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_productSimulator.cil.c[9333,9346] [2025-03-03 14:31:19,318 INFO L210 PostProcessor]: Analyzing one entry point: main [2025-03-03 14:31:19,337 INFO L204 MainTranslator]: Completed translation [2025-03-03 14:31:19,337 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19 WrapperNode [2025-03-03 14:31:19,338 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2025-03-03 14:31:19,339 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2025-03-03 14:31:19,340 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2025-03-03 14:31:19,340 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2025-03-03 14:31:19,344 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,361 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,384 INFO L138 Inliner]: procedures = 63, calls = 121, calls flagged for inlining = 29, calls inlined = 26, statements flattened = 295 [2025-03-03 14:31:19,385 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2025-03-03 14:31:19,386 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2025-03-03 14:31:19,386 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2025-03-03 14:31:19,386 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2025-03-03 14:31:19,392 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,392 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,394 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,411 INFO L175 MemorySlicer]: Split 2 memory accesses to 1 slices as follows [2]. 100 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2]. The 0 writes are split as follows [0]. [2025-03-03 14:31:19,411 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,412 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,418 INFO L184 PluginConnector]: Executing the observer ReplaceArrayAssignments from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,419 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,420 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,421 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,422 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2025-03-03 14:31:19,423 INFO L112 PluginConnector]: ------------------------IcfgBuilder---------------------------- [2025-03-03 14:31:19,423 INFO L270 PluginConnector]: Initializing IcfgBuilder... [2025-03-03 14:31:19,423 INFO L274 PluginConnector]: IcfgBuilder initialized [2025-03-03 14:31:19,423 INFO L184 PluginConnector]: Executing the observer IcfgBuilderObserver from plugin IcfgBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (1/1) ... [2025-03-03 14:31:19,427 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2025-03-03 14:31:19,436 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-03 14:31:19,446 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2025-03-03 14:31:19,449 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2025-03-03 14:31:19,464 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure activatePump__before__methaneQuery [2025-03-03 14:31:19,465 INFO L138 BoogieDeclarations]: Found implementation of procedure activatePump__before__methaneQuery [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2025-03-03 14:31:19,465 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2025-03-03 14:31:19,465 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__highWaterSensor [2025-03-03 14:31:19,465 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__highWaterSensor [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2025-03-03 14:31:19,465 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__methaneAlarm [2025-03-03 14:31:19,465 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__methaneAlarm [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__before__lowWaterSensor [2025-03-03 14:31:19,465 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__before__lowWaterSensor [2025-03-03 14:31:19,465 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2025-03-03 14:31:19,466 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2025-03-03 14:31:19,466 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2025-03-03 14:31:19,466 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2025-03-03 14:31:19,466 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2025-03-03 14:31:19,466 INFO L130 BoogieDeclarations]: Found specification of procedure select_one [2025-03-03 14:31:19,466 INFO L138 BoogieDeclarations]: Found implementation of procedure select_one [2025-03-03 14:31:19,466 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2025-03-03 14:31:19,466 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2025-03-03 14:31:19,466 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2025-03-03 14:31:19,466 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2025-03-03 14:31:19,538 INFO L256 CfgBuilder]: Building ICFG [2025-03-03 14:31:19,540 INFO L286 CfgBuilder]: Building CFG for each procedure with an implementation [2025-03-03 14:31:19,628 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1073-1: isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~10#1; [2025-03-03 14:31:19,629 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L485-1: isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~3#1; [2025-03-03 14:31:19,635 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1094: #res := ~retValue_acc~12; [2025-03-03 14:31:19,684 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L430-1: isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~2#1; [2025-03-03 14:31:19,684 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1059-1: getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~9#1; [2025-03-03 14:31:19,812 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1127-1: valid_product_#res#1 := valid_product_~retValue_acc~13#1; [2025-03-03 14:31:19,812 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L150-1: main_#res#1 := main_~retValue_acc~0#1; [2025-03-03 14:31:19,846 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1082-1: isLowWaterSensorDry_#res#1 := isLowWaterSensorDry_~retValue_acc~11#1; [2025-03-03 14:31:19,846 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L504-1: isLowWaterLevel_#res#1 := isLowWaterLevel_~retValue_acc~4#1; [2025-03-03 14:31:19,855 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L421: #res#1 := ~retValue_acc~1#1; [2025-03-03 14:31:19,856 INFO L1325 $ProcedureCfgBuilder]: dead code at ProgramPoint L1027-1: isMethaneLevelCritical_#res#1 := isMethaneLevelCritical_~retValue_acc~8#1; [2025-03-03 14:31:19,872 INFO L? ?]: Removed 55 outVars from TransFormulas that were not future-live. [2025-03-03 14:31:19,872 INFO L307 CfgBuilder]: Performing block encoding [2025-03-03 14:31:19,882 INFO L331 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2025-03-03 14:31:19,883 INFO L336 CfgBuilder]: Removed 0 assume(true) statements. [2025-03-03 14:31:19,883 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 03.03 02:31:19 BoogieIcfgContainer [2025-03-03 14:31:19,883 INFO L131 PluginConnector]: ------------------------ END IcfgBuilder---------------------------- [2025-03-03 14:31:19,884 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2025-03-03 14:31:19,884 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2025-03-03 14:31:19,888 INFO L274 PluginConnector]: TraceAbstraction initialized [2025-03-03 14:31:19,888 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 03.03 02:31:18" (1/3) ... [2025-03-03 14:31:19,888 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2472fbb1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.03 02:31:19, skipping insertion in model container [2025-03-03 14:31:19,889 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 03.03 02:31:19" (2/3) ... [2025-03-03 14:31:19,889 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2472fbb1 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 03.03 02:31:19, skipping insertion in model container [2025-03-03 14:31:19,889 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 03.03 02:31:19" (3/3) ... [2025-03-03 14:31:19,890 INFO L128 eAbstractionObserver]: Analyzing ICFG minepump_spec4_productSimulator.cil.c [2025-03-03 14:31:19,902 INFO L216 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2025-03-03 14:31:19,903 INFO L151 ceAbstractionStarter]: Applying trace abstraction to ICFG minepump_spec4_productSimulator.cil.c that has 12 procedures, 137 locations, 1 initial locations, 2 loop locations, and 1 error locations. [2025-03-03 14:31:19,950 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2025-03-03 14:31:19,960 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@4756b2d0, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2025-03-03 14:31:19,961 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2025-03-03 14:31:19,964 INFO L276 IsEmpty]: Start isEmpty. Operand has 137 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 112 states have internal predecessors, (130), 28 states have call successors, (28), 11 states have call predecessors, (28), 11 states have return successors, (28), 23 states have call predecessors, (28), 28 states have call successors, (28) [2025-03-03 14:31:19,970 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2025-03-03 14:31:19,970 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:19,970 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:19,971 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:19,974 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:19,975 INFO L85 PathProgramCache]: Analyzing trace with hash 120397226, now seen corresponding path program 1 times [2025-03-03 14:31:19,980 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:19,981 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1135875245] [2025-03-03 14:31:19,982 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:19,983 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:20,043 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 49 statements into 1 equivalence classes. [2025-03-03 14:31:20,077 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 49 of 49 statements. [2025-03-03 14:31:20,077 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:20,077 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:20,157 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:20,158 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:20,158 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1135875245] [2025-03-03 14:31:20,159 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1135875245] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:20,159 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:20,159 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2025-03-03 14:31:20,160 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [239566055] [2025-03-03 14:31:20,160 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:20,163 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2025-03-03 14:31:20,163 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:20,175 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2025-03-03 14:31:20,176 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-03-03 14:31:20,177 INFO L87 Difference]: Start difference. First operand has 137 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 112 states have internal predecessors, (130), 28 states have call successors, (28), 11 states have call predecessors, (28), 11 states have return successors, (28), 23 states have call predecessors, (28), 28 states have call successors, (28) Second operand has 2 states, 2 states have (on average 12.5) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:20,210 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:20,212 INFO L93 Difference]: Finished difference Result 251 states and 347 transitions. [2025-03-03 14:31:20,212 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2025-03-03 14:31:20,213 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 12.5) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) Word has length 49 [2025-03-03 14:31:20,214 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:20,219 INFO L225 Difference]: With dead ends: 251 [2025-03-03 14:31:20,220 INFO L226 Difference]: Without dead ends: 128 [2025-03-03 14:31:20,222 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2025-03-03 14:31:20,224 INFO L435 NwaCegarLoop]: 182 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 182 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:20,225 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 182 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:31:20,234 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 128 states. [2025-03-03 14:31:20,252 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 128 to 128. [2025-03-03 14:31:20,253 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 128 states, 89 states have (on average 1.3258426966292134) internal successors, (118), 104 states have internal predecessors, (118), 28 states have call successors, (28), 11 states have call predecessors, (28), 10 states have return successors, (27), 22 states have call predecessors, (27), 27 states have call successors, (27) [2025-03-03 14:31:20,258 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 128 states to 128 states and 173 transitions. [2025-03-03 14:31:20,260 INFO L78 Accepts]: Start accepts. Automaton has 128 states and 173 transitions. Word has length 49 [2025-03-03 14:31:20,262 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:20,263 INFO L471 AbstractCegarLoop]: Abstraction has 128 states and 173 transitions. [2025-03-03 14:31:20,263 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 12.5) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:20,263 INFO L276 IsEmpty]: Start isEmpty. Operand 128 states and 173 transitions. [2025-03-03 14:31:20,264 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2025-03-03 14:31:20,265 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:20,265 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:20,265 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2025-03-03 14:31:20,265 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:20,265 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:20,267 INFO L85 PathProgramCache]: Analyzing trace with hash -1917652350, now seen corresponding path program 1 times [2025-03-03 14:31:20,267 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:20,267 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [169031889] [2025-03-03 14:31:20,267 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:20,267 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:20,282 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 50 statements into 1 equivalence classes. [2025-03-03 14:31:20,305 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 50 of 50 statements. [2025-03-03 14:31:20,306 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:20,306 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:20,401 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:20,402 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:20,402 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [169031889] [2025-03-03 14:31:20,402 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [169031889] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:20,402 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:20,402 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-03-03 14:31:20,402 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1041919964] [2025-03-03 14:31:20,402 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:20,403 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-03-03 14:31:20,403 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:20,404 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-03-03 14:31:20,404 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:31:20,404 INFO L87 Difference]: Start difference. First operand 128 states and 173 transitions. Second operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:20,428 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:20,429 INFO L93 Difference]: Finished difference Result 201 states and 272 transitions. [2025-03-03 14:31:20,431 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-03-03 14:31:20,431 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) Word has length 50 [2025-03-03 14:31:20,431 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:20,432 INFO L225 Difference]: With dead ends: 201 [2025-03-03 14:31:20,432 INFO L226 Difference]: Without dead ends: 119 [2025-03-03 14:31:20,433 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:31:20,433 INFO L435 NwaCegarLoop]: 160 mSDtfsCounter, 20 mSDsluCounter, 135 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 24 SdHoareTripleChecker+Valid, 295 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:20,433 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [24 Valid, 295 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:31:20,434 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 119 states. [2025-03-03 14:31:20,450 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 119 to 119. [2025-03-03 14:31:20,450 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 119 states, 83 states have (on average 1.3373493975903614) internal successors, (111), 98 states have internal predecessors, (111), 25 states have call successors, (25), 10 states have call predecessors, (25), 10 states have return successors, (25), 20 states have call predecessors, (25), 25 states have call successors, (25) [2025-03-03 14:31:20,451 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 119 states to 119 states and 161 transitions. [2025-03-03 14:31:20,451 INFO L78 Accepts]: Start accepts. Automaton has 119 states and 161 transitions. Word has length 50 [2025-03-03 14:31:20,452 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:20,452 INFO L471 AbstractCegarLoop]: Abstraction has 119 states and 161 transitions. [2025-03-03 14:31:20,452 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (8), 2 states have call predecessors, (8), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:20,452 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 161 transitions. [2025-03-03 14:31:20,453 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 55 [2025-03-03 14:31:20,453 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:20,453 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:20,453 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2025-03-03 14:31:20,453 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:20,453 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:20,453 INFO L85 PathProgramCache]: Analyzing trace with hash -2702584, now seen corresponding path program 1 times [2025-03-03 14:31:20,453 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:20,454 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1533628665] [2025-03-03 14:31:20,454 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:20,454 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:20,465 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 54 statements into 1 equivalence classes. [2025-03-03 14:31:20,483 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 54 of 54 statements. [2025-03-03 14:31:20,487 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:20,487 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:20,617 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:20,618 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:20,618 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1533628665] [2025-03-03 14:31:20,618 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1533628665] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:20,618 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:20,618 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2025-03-03 14:31:20,618 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1066858501] [2025-03-03 14:31:20,618 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:20,619 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2025-03-03 14:31:20,619 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:20,620 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2025-03-03 14:31:20,621 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=12, Invalid=30, Unknown=0, NotChecked=0, Total=42 [2025-03-03 14:31:20,622 INFO L87 Difference]: Start difference. First operand 119 states and 161 transitions. Second operand has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 7 states have internal predecessors, (31), 2 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:21,015 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:21,016 INFO L93 Difference]: Finished difference Result 446 states and 616 transitions. [2025-03-03 14:31:21,016 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2025-03-03 14:31:21,016 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 7 states have internal predecessors, (31), 2 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) Word has length 54 [2025-03-03 14:31:21,017 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:21,019 INFO L225 Difference]: With dead ends: 446 [2025-03-03 14:31:21,019 INFO L226 Difference]: Without dead ends: 349 [2025-03-03 14:31:21,020 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=31, Invalid=59, Unknown=0, NotChecked=0, Total=90 [2025-03-03 14:31:21,020 INFO L435 NwaCegarLoop]: 172 mSDtfsCounter, 550 mSDsluCounter, 590 mSDsCounter, 0 mSdLazyCounter, 253 mSolverCounterSat, 145 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 550 SdHoareTripleChecker+Valid, 762 SdHoareTripleChecker+Invalid, 398 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 145 IncrementalHoareTripleChecker+Valid, 253 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:21,021 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [550 Valid, 762 Invalid, 398 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [145 Valid, 253 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2025-03-03 14:31:21,021 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 349 states. [2025-03-03 14:31:21,048 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 349 to 247. [2025-03-03 14:31:21,048 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 247 states, 175 states have (on average 1.3885714285714286) internal successors, (243), 207 states have internal predecessors, (243), 48 states have call successors, (48), 23 states have call predecessors, (48), 23 states have return successors, (49), 36 states have call predecessors, (49), 48 states have call successors, (49) [2025-03-03 14:31:21,050 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 247 states to 247 states and 340 transitions. [2025-03-03 14:31:21,050 INFO L78 Accepts]: Start accepts. Automaton has 247 states and 340 transitions. Word has length 54 [2025-03-03 14:31:21,050 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:21,050 INFO L471 AbstractCegarLoop]: Abstraction has 247 states and 340 transitions. [2025-03-03 14:31:21,050 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 7 states have internal predecessors, (31), 2 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:21,051 INFO L276 IsEmpty]: Start isEmpty. Operand 247 states and 340 transitions. [2025-03-03 14:31:21,053 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 59 [2025-03-03 14:31:21,055 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:21,055 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:21,055 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2025-03-03 14:31:21,055 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:21,055 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:21,056 INFO L85 PathProgramCache]: Analyzing trace with hash 675116492, now seen corresponding path program 1 times [2025-03-03 14:31:21,056 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:21,056 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [497522665] [2025-03-03 14:31:21,056 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:21,056 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:21,067 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 58 statements into 1 equivalence classes. [2025-03-03 14:31:21,077 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 58 of 58 statements. [2025-03-03 14:31:21,078 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:21,078 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:21,295 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:21,296 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:21,296 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [497522665] [2025-03-03 14:31:21,296 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [497522665] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:21,296 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:21,296 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2025-03-03 14:31:21,296 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [874026359] [2025-03-03 14:31:21,296 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:21,296 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2025-03-03 14:31:21,296 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:21,297 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2025-03-03 14:31:21,297 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=56, Unknown=0, NotChecked=0, Total=72 [2025-03-03 14:31:21,297 INFO L87 Difference]: Start difference. First operand 247 states and 340 transitions. Second operand has 9 states, 9 states have (on average 3.888888888888889) internal successors, (35), 9 states have internal predecessors, (35), 2 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:21,627 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:21,628 INFO L93 Difference]: Finished difference Result 897 states and 1311 transitions. [2025-03-03 14:31:21,628 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2025-03-03 14:31:21,628 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 3.888888888888889) internal successors, (35), 9 states have internal predecessors, (35), 2 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) Word has length 58 [2025-03-03 14:31:21,628 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:21,637 INFO L225 Difference]: With dead ends: 897 [2025-03-03 14:31:21,637 INFO L226 Difference]: Without dead ends: 672 [2025-03-03 14:31:21,639 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 19 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=59, Invalid=181, Unknown=0, NotChecked=0, Total=240 [2025-03-03 14:31:21,640 INFO L435 NwaCegarLoop]: 154 mSDtfsCounter, 306 mSDsluCounter, 982 mSDsCounter, 0 mSdLazyCounter, 291 mSolverCounterSat, 98 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 306 SdHoareTripleChecker+Valid, 1136 SdHoareTripleChecker+Invalid, 389 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 98 IncrementalHoareTripleChecker+Valid, 291 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:21,641 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [306 Valid, 1136 Invalid, 389 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [98 Valid, 291 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2025-03-03 14:31:21,642 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 672 states. [2025-03-03 14:31:21,698 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 672 to 666. [2025-03-03 14:31:21,700 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 666 states, 472 states have (on average 1.3834745762711864) internal successors, (653), 563 states have internal predecessors, (653), 129 states have call successors, (129), 64 states have call predecessors, (129), 64 states have return successors, (161), 93 states have call predecessors, (161), 129 states have call successors, (161) [2025-03-03 14:31:21,704 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 666 states to 666 states and 943 transitions. [2025-03-03 14:31:21,705 INFO L78 Accepts]: Start accepts. Automaton has 666 states and 943 transitions. Word has length 58 [2025-03-03 14:31:21,705 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:21,705 INFO L471 AbstractCegarLoop]: Abstraction has 666 states and 943 transitions. [2025-03-03 14:31:21,705 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 3.888888888888889) internal successors, (35), 9 states have internal predecessors, (35), 2 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:21,705 INFO L276 IsEmpty]: Start isEmpty. Operand 666 states and 943 transitions. [2025-03-03 14:31:21,712 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 61 [2025-03-03 14:31:21,712 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:21,712 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:21,712 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2025-03-03 14:31:21,712 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:21,713 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:21,713 INFO L85 PathProgramCache]: Analyzing trace with hash -1072279537, now seen corresponding path program 1 times [2025-03-03 14:31:21,714 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:21,714 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1552883737] [2025-03-03 14:31:21,714 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:21,714 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:21,727 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 60 statements into 1 equivalence classes. [2025-03-03 14:31:21,736 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 60 of 60 statements. [2025-03-03 14:31:21,740 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:21,741 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:21,799 INFO L134 CoverageAnalysis]: Checked inductivity of 45 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:21,800 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:21,800 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1552883737] [2025-03-03 14:31:21,800 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1552883737] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:21,800 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:21,800 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2025-03-03 14:31:21,800 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1405037190] [2025-03-03 14:31:21,801 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:21,801 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-03-03 14:31:21,801 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:21,801 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-03-03 14:31:21,802 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:31:21,802 INFO L87 Difference]: Start difference. First operand 666 states and 943 transitions. Second operand has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 3 states have internal predecessors, (37), 1 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:21,867 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:21,869 INFO L93 Difference]: Finished difference Result 1554 states and 2318 transitions. [2025-03-03 14:31:21,870 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-03-03 14:31:21,870 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 3 states have internal predecessors, (37), 1 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) Word has length 60 [2025-03-03 14:31:21,870 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:21,877 INFO L225 Difference]: With dead ends: 1554 [2025-03-03 14:31:21,878 INFO L226 Difference]: Without dead ends: 910 [2025-03-03 14:31:21,880 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2025-03-03 14:31:21,881 INFO L435 NwaCegarLoop]: 159 mSDtfsCounter, 100 mSDsluCounter, 92 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 10 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 100 SdHoareTripleChecker+Valid, 251 SdHoareTripleChecker+Invalid, 23 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 10 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:21,882 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [100 Valid, 251 Invalid, 23 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [10 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:31:21,883 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 910 states. [2025-03-03 14:31:21,948 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 910 to 897. [2025-03-03 14:31:21,950 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 897 states, 659 states have (on average 1.3338391502276177) internal successors, (879), 744 states have internal predecessors, (879), 141 states have call successors, (141), 92 states have call predecessors, (141), 96 states have return successors, (258), 139 states have call predecessors, (258), 141 states have call successors, (258) [2025-03-03 14:31:21,956 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 897 states to 897 states and 1278 transitions. [2025-03-03 14:31:21,958 INFO L78 Accepts]: Start accepts. Automaton has 897 states and 1278 transitions. Word has length 60 [2025-03-03 14:31:21,958 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:21,958 INFO L471 AbstractCegarLoop]: Abstraction has 897 states and 1278 transitions. [2025-03-03 14:31:21,959 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 3 states have internal predecessors, (37), 1 states have call successors, (7), 2 states have call predecessors, (7), 1 states have return successors, (6), 1 states have call predecessors, (6), 1 states have call successors, (6) [2025-03-03 14:31:21,959 INFO L276 IsEmpty]: Start isEmpty. Operand 897 states and 1278 transitions. [2025-03-03 14:31:21,962 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 84 [2025-03-03 14:31:21,962 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:21,962 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:21,962 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2025-03-03 14:31:21,962 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:21,963 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:21,963 INFO L85 PathProgramCache]: Analyzing trace with hash 1952624049, now seen corresponding path program 1 times [2025-03-03 14:31:21,963 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:21,963 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [301808474] [2025-03-03 14:31:21,963 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:21,963 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:21,972 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 83 statements into 1 equivalence classes. [2025-03-03 14:31:21,982 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 83 of 83 statements. [2025-03-03 14:31:21,983 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:21,983 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:22,063 INFO L134 CoverageAnalysis]: Checked inductivity of 63 backedges. 11 proven. 0 refuted. 0 times theorem prover too weak. 52 trivial. 0 not checked. [2025-03-03 14:31:22,063 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:22,063 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [301808474] [2025-03-03 14:31:22,063 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [301808474] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:22,063 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:22,063 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-03 14:31:22,063 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [632534304] [2025-03-03 14:31:22,064 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:22,064 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-03 14:31:22,064 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:22,065 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-03 14:31:22,065 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-03 14:31:22,065 INFO L87 Difference]: Start difference. First operand 897 states and 1278 transitions. Second operand has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2025-03-03 14:31:22,152 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:22,153 INFO L93 Difference]: Finished difference Result 899 states and 1279 transitions. [2025-03-03 14:31:22,153 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-03 14:31:22,153 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) Word has length 83 [2025-03-03 14:31:22,154 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:22,159 INFO L225 Difference]: With dead ends: 899 [2025-03-03 14:31:22,159 INFO L226 Difference]: Without dead ends: 897 [2025-03-03 14:31:22,160 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 8 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2025-03-03 14:31:22,161 INFO L435 NwaCegarLoop]: 157 mSDtfsCounter, 110 mSDsluCounter, 403 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 6 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 110 SdHoareTripleChecker+Valid, 560 SdHoareTripleChecker+Invalid, 40 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 6 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:22,162 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [110 Valid, 560 Invalid, 40 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [6 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:31:22,164 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 897 states. [2025-03-03 14:31:22,217 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 897 to 897. [2025-03-03 14:31:22,220 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 897 states, 659 states have (on average 1.3292867981790593) internal successors, (876), 744 states have internal predecessors, (876), 141 states have call successors, (141), 92 states have call predecessors, (141), 96 states have return successors, (258), 139 states have call predecessors, (258), 141 states have call successors, (258) [2025-03-03 14:31:22,225 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 897 states to 897 states and 1275 transitions. [2025-03-03 14:31:22,226 INFO L78 Accepts]: Start accepts. Automaton has 897 states and 1275 transitions. Word has length 83 [2025-03-03 14:31:22,227 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:22,227 INFO L471 AbstractCegarLoop]: Abstraction has 897 states and 1275 transitions. [2025-03-03 14:31:22,227 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 9.8) internal successors, (49), 5 states have internal predecessors, (49), 2 states have call successors, (10), 2 states have call predecessors, (10), 2 states have return successors, (9), 2 states have call predecessors, (9), 2 states have call successors, (9) [2025-03-03 14:31:22,227 INFO L276 IsEmpty]: Start isEmpty. Operand 897 states and 1275 transitions. [2025-03-03 14:31:22,232 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 121 [2025-03-03 14:31:22,232 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:22,232 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:22,232 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2025-03-03 14:31:22,233 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:22,233 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:22,234 INFO L85 PathProgramCache]: Analyzing trace with hash -725843198, now seen corresponding path program 1 times [2025-03-03 14:31:22,234 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:22,234 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1400546984] [2025-03-03 14:31:22,234 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:22,234 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:22,244 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 120 statements into 1 equivalence classes. [2025-03-03 14:31:22,254 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 120 of 120 statements. [2025-03-03 14:31:22,254 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:22,254 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:22,287 INFO L134 CoverageAnalysis]: Checked inductivity of 73 backedges. 18 proven. 0 refuted. 0 times theorem prover too weak. 55 trivial. 0 not checked. [2025-03-03 14:31:22,288 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:22,288 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1400546984] [2025-03-03 14:31:22,288 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1400546984] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:22,288 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:22,288 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2025-03-03 14:31:22,288 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1086283927] [2025-03-03 14:31:22,288 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:22,288 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-03 14:31:22,288 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:22,288 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-03 14:31:22,288 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-03 14:31:22,289 INFO L87 Difference]: Start difference. First operand 897 states and 1275 transitions. Second operand has 4 states, 4 states have (on average 18.5) internal successors, (74), 4 states have internal predecessors, (74), 4 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2025-03-03 14:31:22,427 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:22,428 INFO L93 Difference]: Finished difference Result 1391 states and 1973 transitions. [2025-03-03 14:31:22,428 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-03 14:31:22,428 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 18.5) internal successors, (74), 4 states have internal predecessors, (74), 4 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) Word has length 120 [2025-03-03 14:31:22,429 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:22,432 INFO L225 Difference]: With dead ends: 1391 [2025-03-03 14:31:22,433 INFO L226 Difference]: Without dead ends: 516 [2025-03-03 14:31:22,435 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 2 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2025-03-03 14:31:22,436 INFO L435 NwaCegarLoop]: 198 mSDtfsCounter, 185 mSDsluCounter, 137 mSDsCounter, 0 mSdLazyCounter, 65 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 185 SdHoareTripleChecker+Valid, 335 SdHoareTripleChecker+Invalid, 69 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 65 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:22,436 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [185 Valid, 335 Invalid, 69 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 65 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-03-03 14:31:22,437 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 516 states. [2025-03-03 14:31:22,462 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 516 to 510. [2025-03-03 14:31:22,463 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 510 states, 378 states have (on average 1.3148148148148149) internal successors, (497), 424 states have internal predecessors, (497), 78 states have call successors, (78), 51 states have call predecessors, (78), 53 states have return successors, (133), 78 states have call predecessors, (133), 78 states have call successors, (133) [2025-03-03 14:31:22,466 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 510 states to 510 states and 708 transitions. [2025-03-03 14:31:22,467 INFO L78 Accepts]: Start accepts. Automaton has 510 states and 708 transitions. Word has length 120 [2025-03-03 14:31:22,467 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:22,467 INFO L471 AbstractCegarLoop]: Abstraction has 510 states and 708 transitions. [2025-03-03 14:31:22,467 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 18.5) internal successors, (74), 4 states have internal predecessors, (74), 4 states have call successors, (15), 2 states have call predecessors, (15), 2 states have return successors, (14), 3 states have call predecessors, (14), 4 states have call successors, (14) [2025-03-03 14:31:22,468 INFO L276 IsEmpty]: Start isEmpty. Operand 510 states and 708 transitions. [2025-03-03 14:31:22,470 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 109 [2025-03-03 14:31:22,470 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:22,470 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:22,470 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2025-03-03 14:31:22,470 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:22,471 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:22,471 INFO L85 PathProgramCache]: Analyzing trace with hash 1820123848, now seen corresponding path program 1 times [2025-03-03 14:31:22,473 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:22,473 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [635982998] [2025-03-03 14:31:22,473 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:22,474 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:22,483 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 108 statements into 1 equivalence classes. [2025-03-03 14:31:22,492 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 108 of 108 statements. [2025-03-03 14:31:22,492 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:22,493 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:22,555 INFO L134 CoverageAnalysis]: Checked inductivity of 62 backedges. 3 proven. 0 refuted. 0 times theorem prover too weak. 59 trivial. 0 not checked. [2025-03-03 14:31:22,556 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:22,556 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [635982998] [2025-03-03 14:31:22,556 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [635982998] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:22,556 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2025-03-03 14:31:22,557 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2025-03-03 14:31:22,557 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1756134490] [2025-03-03 14:31:22,557 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:22,557 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2025-03-03 14:31:22,557 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:22,558 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2025-03-03 14:31:22,558 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-03 14:31:22,558 INFO L87 Difference]: Start difference. First operand 510 states and 708 transitions. Second operand has 5 states, 5 states have (on average 12.8) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2025-03-03 14:31:22,596 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:22,596 INFO L93 Difference]: Finished difference Result 1007 states and 1479 transitions. [2025-03-03 14:31:22,597 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2025-03-03 14:31:22,597 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 12.8) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) Word has length 108 [2025-03-03 14:31:22,597 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:22,600 INFO L225 Difference]: With dead ends: 1007 [2025-03-03 14:31:22,601 INFO L226 Difference]: Without dead ends: 519 [2025-03-03 14:31:22,603 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2025-03-03 14:31:22,604 INFO L435 NwaCegarLoop]: 158 mSDtfsCounter, 0 mSDsluCounter, 467 mSDsCounter, 0 mSdLazyCounter, 18 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 625 SdHoareTripleChecker+Invalid, 18 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 18 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:22,604 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 625 Invalid, 18 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 18 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:31:22,605 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 519 states. [2025-03-03 14:31:22,631 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 519 to 519. [2025-03-03 14:31:22,631 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 519 states, 387 states have (on average 1.3074935400516796) internal successors, (506), 433 states have internal predecessors, (506), 78 states have call successors, (78), 51 states have call predecessors, (78), 53 states have return successors, (133), 78 states have call predecessors, (133), 78 states have call successors, (133) [2025-03-03 14:31:22,634 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 519 states to 519 states and 717 transitions. [2025-03-03 14:31:22,635 INFO L78 Accepts]: Start accepts. Automaton has 519 states and 717 transitions. Word has length 108 [2025-03-03 14:31:22,635 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:22,635 INFO L471 AbstractCegarLoop]: Abstraction has 519 states and 717 transitions. [2025-03-03 14:31:22,636 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 12.8) internal successors, (64), 5 states have internal predecessors, (64), 2 states have call successors, (11), 1 states have call predecessors, (11), 2 states have return successors, (11), 2 states have call predecessors, (11), 2 states have call successors, (11) [2025-03-03 14:31:22,636 INFO L276 IsEmpty]: Start isEmpty. Operand 519 states and 717 transitions. [2025-03-03 14:31:22,638 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 128 [2025-03-03 14:31:22,638 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:22,638 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:22,639 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2025-03-03 14:31:22,639 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:22,639 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:22,639 INFO L85 PathProgramCache]: Analyzing trace with hash -1881924747, now seen corresponding path program 1 times [2025-03-03 14:31:22,639 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:22,639 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [219596468] [2025-03-03 14:31:22,639 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:22,640 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:22,666 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 127 statements into 1 equivalence classes. [2025-03-03 14:31:22,672 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 127 of 127 statements. [2025-03-03 14:31:22,673 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:22,673 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:22,786 INFO L134 CoverageAnalysis]: Checked inductivity of 87 backedges. 14 proven. 13 refuted. 0 times theorem prover too weak. 60 trivial. 0 not checked. [2025-03-03 14:31:22,787 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:22,787 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [219596468] [2025-03-03 14:31:22,787 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [219596468] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-03 14:31:22,787 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [957555087] [2025-03-03 14:31:22,787 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:22,787 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-03 14:31:22,787 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-03 14:31:22,789 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-03 14:31:22,791 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2025-03-03 14:31:22,853 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 127 statements into 1 equivalence classes. [2025-03-03 14:31:22,893 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 127 of 127 statements. [2025-03-03 14:31:22,893 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:22,894 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:22,898 INFO L256 TraceCheckSpWp]: Trace formula consists of 434 conjuncts, 7 conjuncts are in the unsatisfiable core [2025-03-03 14:31:22,903 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-03 14:31:23,118 INFO L134 CoverageAnalysis]: Checked inductivity of 87 backedges. 42 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:23,118 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-03 14:31:23,119 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [957555087] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:23,119 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2025-03-03 14:31:23,119 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [7] total 13 [2025-03-03 14:31:23,119 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1364982670] [2025-03-03 14:31:23,119 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:23,119 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2025-03-03 14:31:23,119 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:23,120 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2025-03-03 14:31:23,120 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=27, Invalid=129, Unknown=0, NotChecked=0, Total=156 [2025-03-03 14:31:23,120 INFO L87 Difference]: Start difference. First operand 519 states and 717 transitions. Second operand has 8 states, 8 states have (on average 10.75) internal successors, (86), 8 states have internal predecessors, (86), 6 states have call successors, (16), 5 states have call predecessors, (16), 5 states have return successors, (15), 5 states have call predecessors, (15), 6 states have call successors, (15) [2025-03-03 14:31:23,854 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:23,854 INFO L93 Difference]: Finished difference Result 1504 states and 2222 transitions. [2025-03-03 14:31:23,854 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2025-03-03 14:31:23,854 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.75) internal successors, (86), 8 states have internal predecessors, (86), 6 states have call successors, (16), 5 states have call predecessors, (16), 5 states have return successors, (15), 5 states have call predecessors, (15), 6 states have call successors, (15) Word has length 127 [2025-03-03 14:31:23,854 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:23,860 INFO L225 Difference]: With dead ends: 1504 [2025-03-03 14:31:23,860 INFO L226 Difference]: Without dead ends: 1148 [2025-03-03 14:31:23,862 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 143 GetRequests, 127 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 18 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=57, Invalid=249, Unknown=0, NotChecked=0, Total=306 [2025-03-03 14:31:23,862 INFO L435 NwaCegarLoop]: 157 mSDtfsCounter, 642 mSDsluCounter, 540 mSDsCounter, 0 mSdLazyCounter, 813 mSolverCounterSat, 239 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 681 SdHoareTripleChecker+Valid, 697 SdHoareTripleChecker+Invalid, 1052 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 239 IncrementalHoareTripleChecker+Valid, 813 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.6s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:23,863 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [681 Valid, 697 Invalid, 1052 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [239 Valid, 813 Invalid, 0 Unknown, 0 Unchecked, 0.6s Time] [2025-03-03 14:31:23,864 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1148 states. [2025-03-03 14:31:23,916 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1148 to 1134. [2025-03-03 14:31:23,918 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1134 states, 859 states have (on average 1.3061699650756693) internal successors, (1122), 947 states have internal predecessors, (1122), 158 states have call successors, (158), 109 states have call predecessors, (158), 116 states have return successors, (329), 164 states have call predecessors, (329), 158 states have call successors, (329) [2025-03-03 14:31:23,924 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1134 states to 1134 states and 1609 transitions. [2025-03-03 14:31:23,925 INFO L78 Accepts]: Start accepts. Automaton has 1134 states and 1609 transitions. Word has length 127 [2025-03-03 14:31:23,926 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:23,926 INFO L471 AbstractCegarLoop]: Abstraction has 1134 states and 1609 transitions. [2025-03-03 14:31:23,926 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 10.75) internal successors, (86), 8 states have internal predecessors, (86), 6 states have call successors, (16), 5 states have call predecessors, (16), 5 states have return successors, (15), 5 states have call predecessors, (15), 6 states have call successors, (15) [2025-03-03 14:31:23,926 INFO L276 IsEmpty]: Start isEmpty. Operand 1134 states and 1609 transitions. [2025-03-03 14:31:23,928 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 111 [2025-03-03 14:31:23,928 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:23,928 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:23,935 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2025-03-03 14:31:24,129 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-03 14:31:24,130 INFO L396 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:24,130 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:24,130 INFO L85 PathProgramCache]: Analyzing trace with hash -1702471516, now seen corresponding path program 1 times [2025-03-03 14:31:24,130 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:24,130 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2002485923] [2025-03-03 14:31:24,130 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:24,130 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:24,137 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 110 statements into 1 equivalence classes. [2025-03-03 14:31:24,141 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 110 of 110 statements. [2025-03-03 14:31:24,142 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:24,142 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:24,212 INFO L134 CoverageAnalysis]: Checked inductivity of 69 backedges. 13 proven. 4 refuted. 0 times theorem prover too weak. 52 trivial. 0 not checked. [2025-03-03 14:31:24,213 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:24,213 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2002485923] [2025-03-03 14:31:24,213 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2002485923] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-03 14:31:24,213 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1104784536] [2025-03-03 14:31:24,213 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:24,213 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-03 14:31:24,213 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-03 14:31:24,215 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-03 14:31:24,217 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2025-03-03 14:31:24,259 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 110 statements into 1 equivalence classes. [2025-03-03 14:31:24,291 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 110 of 110 statements. [2025-03-03 14:31:24,291 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:24,291 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:24,293 INFO L256 TraceCheckSpWp]: Trace formula consists of 388 conjuncts, 3 conjuncts are in the unsatisfiable core [2025-03-03 14:31:24,295 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-03 14:31:24,358 INFO L134 CoverageAnalysis]: Checked inductivity of 69 backedges. 24 proven. 0 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:24,359 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-03 14:31:24,359 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1104784536] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:24,359 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2025-03-03 14:31:24,359 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [7] total 8 [2025-03-03 14:31:24,359 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [128686076] [2025-03-03 14:31:24,359 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:24,359 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2025-03-03 14:31:24,359 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:24,360 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2025-03-03 14:31:24,360 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2025-03-03 14:31:24,360 INFO L87 Difference]: Start difference. First operand 1134 states and 1609 transitions. Second operand has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (14), 3 states have call predecessors, (14), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2025-03-03 14:31:24,422 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:24,422 INFO L93 Difference]: Finished difference Result 2342 states and 3405 transitions. [2025-03-03 14:31:24,423 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2025-03-03 14:31:24,423 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (14), 3 states have call predecessors, (14), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) Word has length 110 [2025-03-03 14:31:24,423 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:24,429 INFO L225 Difference]: With dead ends: 2342 [2025-03-03 14:31:24,429 INFO L226 Difference]: Without dead ends: 1230 [2025-03-03 14:31:24,433 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 118 GetRequests, 112 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=13, Invalid=43, Unknown=0, NotChecked=0, Total=56 [2025-03-03 14:31:24,433 INFO L435 NwaCegarLoop]: 226 mSDtfsCounter, 88 mSDsluCounter, 87 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 88 SdHoareTripleChecker+Valid, 313 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:24,433 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [88 Valid, 313 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:31:24,434 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1230 states. [2025-03-03 14:31:24,494 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1230 to 1212. [2025-03-03 14:31:24,496 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1212 states, 923 states have (on average 1.3011917659804983) internal successors, (1201), 1011 states have internal predecessors, (1201), 164 states have call successors, (164), 120 states have call predecessors, (164), 124 states have return successors, (323), 163 states have call predecessors, (323), 164 states have call successors, (323) [2025-03-03 14:31:24,501 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1212 states to 1212 states and 1688 transitions. [2025-03-03 14:31:24,503 INFO L78 Accepts]: Start accepts. Automaton has 1212 states and 1688 transitions. Word has length 110 [2025-03-03 14:31:24,503 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:24,503 INFO L471 AbstractCegarLoop]: Abstraction has 1212 states and 1688 transitions. [2025-03-03 14:31:24,503 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 24.333333333333332) internal successors, (73), 3 states have internal predecessors, (73), 3 states have call successors, (14), 3 states have call predecessors, (14), 3 states have return successors, (13), 3 states have call predecessors, (13), 3 states have call successors, (13) [2025-03-03 14:31:24,503 INFO L276 IsEmpty]: Start isEmpty. Operand 1212 states and 1688 transitions. [2025-03-03 14:31:24,505 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 113 [2025-03-03 14:31:24,505 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:24,506 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:24,512 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2025-03-03 14:31:24,710 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2025-03-03 14:31:24,710 INFO L396 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:24,710 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:24,711 INFO L85 PathProgramCache]: Analyzing trace with hash -1692806478, now seen corresponding path program 1 times [2025-03-03 14:31:24,711 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:24,711 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2083662051] [2025-03-03 14:31:24,711 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:24,711 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:24,718 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 112 statements into 1 equivalence classes. [2025-03-03 14:31:24,722 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 112 of 112 statements. [2025-03-03 14:31:24,722 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:24,722 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:24,798 INFO L134 CoverageAnalysis]: Checked inductivity of 71 backedges. 13 proven. 5 refuted. 0 times theorem prover too weak. 53 trivial. 0 not checked. [2025-03-03 14:31:24,798 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:24,798 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2083662051] [2025-03-03 14:31:24,798 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2083662051] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-03 14:31:24,799 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [300675629] [2025-03-03 14:31:24,799 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:24,799 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-03 14:31:24,799 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-03 14:31:24,801 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-03 14:31:24,802 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Waiting until timeout for monitored process [2025-03-03 14:31:24,849 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 112 statements into 1 equivalence classes. [2025-03-03 14:31:24,881 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 112 of 112 statements. [2025-03-03 14:31:24,881 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:24,882 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:24,883 INFO L256 TraceCheckSpWp]: Trace formula consists of 389 conjuncts, 4 conjuncts are in the unsatisfiable core [2025-03-03 14:31:24,885 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-03 14:31:24,904 INFO L134 CoverageAnalysis]: Checked inductivity of 71 backedges. 17 proven. 0 refuted. 0 times theorem prover too weak. 54 trivial. 0 not checked. [2025-03-03 14:31:24,904 INFO L308 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2025-03-03 14:31:24,904 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [300675629] provided 1 perfect and 0 imperfect interpolant sequences [2025-03-03 14:31:24,904 INFO L185 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2025-03-03 14:31:24,904 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [7] total 9 [2025-03-03 14:31:24,904 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [516000474] [2025-03-03 14:31:24,904 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2025-03-03 14:31:24,904 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2025-03-03 14:31:24,904 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:24,905 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2025-03-03 14:31:24,905 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=55, Unknown=0, NotChecked=0, Total=72 [2025-03-03 14:31:24,905 INFO L87 Difference]: Start difference. First operand 1212 states and 1688 transitions. Second operand has 4 states, 4 states have (on average 17.25) internal successors, (69), 4 states have internal predecessors, (69), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2025-03-03 14:31:24,955 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:24,955 INFO L93 Difference]: Finished difference Result 2097 states and 3013 transitions. [2025-03-03 14:31:24,955 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2025-03-03 14:31:24,956 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 17.25) internal successors, (69), 4 states have internal predecessors, (69), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) Word has length 112 [2025-03-03 14:31:24,956 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:24,962 INFO L225 Difference]: With dead ends: 2097 [2025-03-03 14:31:24,962 INFO L226 Difference]: Without dead ends: 1061 [2025-03-03 14:31:24,965 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 120 GetRequests, 113 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=55, Unknown=0, NotChecked=0, Total=72 [2025-03-03 14:31:24,966 INFO L435 NwaCegarLoop]: 159 mSDtfsCounter, 0 mSDsluCounter, 312 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 471 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:24,966 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 471 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2025-03-03 14:31:24,967 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1061 states. [2025-03-03 14:31:25,007 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1061 to 1061. [2025-03-03 14:31:25,009 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1061 states, 807 states have (on average 1.3023543990086741) internal successors, (1051), 883 states have internal predecessors, (1051), 147 states have call successors, (147), 106 states have call predecessors, (147), 106 states have return successors, (255), 138 states have call predecessors, (255), 147 states have call successors, (255) [2025-03-03 14:31:25,013 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1061 states to 1061 states and 1453 transitions. [2025-03-03 14:31:25,015 INFO L78 Accepts]: Start accepts. Automaton has 1061 states and 1453 transitions. Word has length 112 [2025-03-03 14:31:25,015 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:25,016 INFO L471 AbstractCegarLoop]: Abstraction has 1061 states and 1453 transitions. [2025-03-03 14:31:25,016 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 17.25) internal successors, (69), 4 states have internal predecessors, (69), 2 states have call successors, (14), 2 states have call predecessors, (14), 2 states have return successors, (13), 2 states have call predecessors, (13), 2 states have call successors, (13) [2025-03-03 14:31:25,016 INFO L276 IsEmpty]: Start isEmpty. Operand 1061 states and 1453 transitions. [2025-03-03 14:31:25,018 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 117 [2025-03-03 14:31:25,018 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:25,018 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:25,024 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (4)] Forceful destruction successful, exit code 0 [2025-03-03 14:31:25,218 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable10,4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-03 14:31:25,219 INFO L396 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:25,219 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:25,219 INFO L85 PathProgramCache]: Analyzing trace with hash -254574162, now seen corresponding path program 1 times [2025-03-03 14:31:25,219 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:25,219 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [976751684] [2025-03-03 14:31:25,219 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:25,219 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:25,235 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 116 statements into 1 equivalence classes. [2025-03-03 14:31:25,241 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 116 of 116 statements. [2025-03-03 14:31:25,241 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:25,241 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:25,385 INFO L134 CoverageAnalysis]: Checked inductivity of 71 backedges. 13 proven. 9 refuted. 0 times theorem prover too weak. 49 trivial. 0 not checked. [2025-03-03 14:31:25,385 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2025-03-03 14:31:25,385 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [976751684] [2025-03-03 14:31:25,385 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [976751684] provided 0 perfect and 1 imperfect interpolant sequences [2025-03-03 14:31:25,385 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [2039312173] [2025-03-03 14:31:25,385 INFO L97 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2025-03-03 14:31:25,385 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-03 14:31:25,385 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2025-03-03 14:31:25,387 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2025-03-03 14:31:25,389 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Waiting until timeout for monitored process [2025-03-03 14:31:25,438 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 116 statements into 1 equivalence classes. [2025-03-03 14:31:25,472 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 116 of 116 statements. [2025-03-03 14:31:25,472 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:25,472 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is unsat [2025-03-03 14:31:25,474 INFO L256 TraceCheckSpWp]: Trace formula consists of 398 conjuncts, 8 conjuncts are in the unsatisfiable core [2025-03-03 14:31:25,476 INFO L279 TraceCheckSpWp]: Computing forward predicates... [2025-03-03 14:31:25,555 INFO L134 CoverageAnalysis]: Checked inductivity of 71 backedges. 17 proven. 9 refuted. 0 times theorem prover too weak. 45 trivial. 0 not checked. [2025-03-03 14:31:25,555 INFO L312 TraceCheckSpWp]: Computing backward predicates... [2025-03-03 14:31:25,683 INFO L134 CoverageAnalysis]: Checked inductivity of 71 backedges. 13 proven. 9 refuted. 0 times theorem prover too weak. 49 trivial. 0 not checked. [2025-03-03 14:31:25,683 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [2039312173] provided 0 perfect and 2 imperfect interpolant sequences [2025-03-03 14:31:25,684 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2025-03-03 14:31:25,684 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6, 6] total 8 [2025-03-03 14:31:25,684 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [318998317] [2025-03-03 14:31:25,684 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2025-03-03 14:31:25,684 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2025-03-03 14:31:25,684 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2025-03-03 14:31:25,685 INFO L144 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2025-03-03 14:31:25,685 INFO L146 InterpolantAutomaton]: CoverageRelationStatistics Valid=16, Invalid=40, Unknown=0, NotChecked=0, Total=56 [2025-03-03 14:31:25,685 INFO L87 Difference]: Start difference. First operand 1061 states and 1453 transitions. Second operand has 8 states, 8 states have (on average 10.875) internal successors, (87), 8 states have internal predecessors, (87), 3 states have call successors, (18), 3 states have call predecessors, (18), 3 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2025-03-03 14:31:25,897 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2025-03-03 14:31:25,897 INFO L93 Difference]: Finished difference Result 1847 states and 2563 transitions. [2025-03-03 14:31:25,898 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2025-03-03 14:31:25,898 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 10.875) internal successors, (87), 8 states have internal predecessors, (87), 3 states have call successors, (18), 3 states have call predecessors, (18), 3 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) Word has length 116 [2025-03-03 14:31:25,898 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2025-03-03 14:31:25,904 INFO L225 Difference]: With dead ends: 1847 [2025-03-03 14:31:25,905 INFO L226 Difference]: Without dead ends: 1047 [2025-03-03 14:31:25,907 INFO L434 NwaCegarLoop]: 0 DeclaredPredicates, 241 GetRequests, 226 SyntacticMatches, 5 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 19 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=92, Unknown=0, NotChecked=0, Total=132 [2025-03-03 14:31:25,908 INFO L435 NwaCegarLoop]: 223 mSDtfsCounter, 200 mSDsluCounter, 855 mSDsCounter, 0 mSdLazyCounter, 105 mSolverCounterSat, 18 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 200 SdHoareTripleChecker+Valid, 1078 SdHoareTripleChecker+Invalid, 123 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 18 IncrementalHoareTripleChecker+Valid, 105 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2025-03-03 14:31:25,908 INFO L436 NwaCegarLoop]: SdHoareTripleChecker [200 Valid, 1078 Invalid, 123 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [18 Valid, 105 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2025-03-03 14:31:25,909 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1047 states. [2025-03-03 14:31:25,979 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1047 to 996. [2025-03-03 14:31:25,981 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 996 states, 752 states have (on average 1.2898936170212767) internal successors, (970), 826 states have internal predecessors, (970), 142 states have call successors, (142), 101 states have call predecessors, (142), 101 states have return successors, (250), 130 states have call predecessors, (250), 142 states have call successors, (250) [2025-03-03 14:31:25,985 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 996 states to 996 states and 1362 transitions. [2025-03-03 14:31:25,987 INFO L78 Accepts]: Start accepts. Automaton has 996 states and 1362 transitions. Word has length 116 [2025-03-03 14:31:25,987 INFO L84 Accepts]: Finished accepts. word is rejected. [2025-03-03 14:31:25,987 INFO L471 AbstractCegarLoop]: Abstraction has 996 states and 1362 transitions. [2025-03-03 14:31:25,988 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 10.875) internal successors, (87), 8 states have internal predecessors, (87), 3 states have call successors, (18), 3 states have call predecessors, (18), 3 states have return successors, (18), 3 states have call predecessors, (18), 3 states have call successors, (18) [2025-03-03 14:31:25,988 INFO L276 IsEmpty]: Start isEmpty. Operand 996 states and 1362 transitions. [2025-03-03 14:31:25,991 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 151 [2025-03-03 14:31:25,991 INFO L210 NwaCegarLoop]: Found error trace [2025-03-03 14:31:25,991 INFO L218 NwaCegarLoop]: trace histogram [6, 6, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:25,997 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (5)] Ended with exit code 0 [2025-03-03 14:31:26,195 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11,5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2025-03-03 14:31:26,195 INFO L396 AbstractCegarLoop]: === Iteration 13 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2025-03-03 14:31:26,195 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2025-03-03 14:31:26,196 INFO L85 PathProgramCache]: Analyzing trace with hash 1017247196, now seen corresponding path program 2 times [2025-03-03 14:31:26,196 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2025-03-03 14:31:26,196 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [301954513] [2025-03-03 14:31:26,196 INFO L95 rtionOrderModulation]: Changing assertion order to OUTSIDE_LOOP_FIRST1 [2025-03-03 14:31:26,196 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2025-03-03 14:31:26,205 INFO L108 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 partitioned 150 statements into 2 equivalence classes. [2025-03-03 14:31:26,215 INFO L111 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) and asserted 150 of 150 statements. [2025-03-03 14:31:26,215 INFO L114 AnnotateAndAsserter]: Assert order OUTSIDE_LOOP_FIRST1 issued 2 check-sat command(s) [2025-03-03 14:31:26,215 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-03-03 14:31:26,215 INFO L348 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2025-03-03 14:31:26,218 INFO L108 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY partitioned 150 statements into 1 equivalence classes. [2025-03-03 14:31:26,225 INFO L111 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) and asserted 150 of 150 statements. [2025-03-03 14:31:26,226 INFO L114 AnnotateAndAsserter]: Assert order NOT_INCREMENTALLY issued 1 check-sat command(s) [2025-03-03 14:31:26,226 INFO L115 AnnotateAndAsserter]: Conjunction of SSA is sat [2025-03-03 14:31:26,278 INFO L130 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2025-03-03 14:31:26,279 INFO L340 BasicCegarLoop]: Counterexample is feasible [2025-03-03 14:31:26,279 INFO L782 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2025-03-03 14:31:26,280 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable12 [2025-03-03 14:31:26,282 INFO L422 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2025-03-03 14:31:26,349 INFO L170 ceAbstractionStarter]: Computing trace abstraction results [2025-03-03 14:31:26,350 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 03.03 02:31:26 BoogieIcfgContainer [2025-03-03 14:31:26,350 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2025-03-03 14:31:26,351 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2025-03-03 14:31:26,351 INFO L270 PluginConnector]: Initializing Witness Printer... [2025-03-03 14:31:26,351 INFO L274 PluginConnector]: Witness Printer initialized [2025-03-03 14:31:26,351 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.icfgbuilder CFG 03.03 02:31:19" (3/4) ... [2025-03-03 14:31:26,352 INFO L140 WitnessPrinter]: Generating witness for reachability counterexample [2025-03-03 14:31:26,475 INFO L127 tionWitnessGenerator]: Generated YAML witness of length 126. [2025-03-03 14:31:26,568 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2025-03-03 14:31:26,569 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2025-03-03 14:31:26,569 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2025-03-03 14:31:26,569 INFO L158 Benchmark]: Toolchain (without parser) took 7602.37ms. Allocated memory was 167.8MB in the beginning and 276.8MB in the end (delta: 109.1MB). Free memory was 121.8MB in the beginning and 129.6MB in the end (delta: -7.8MB). Peak memory consumption was 97.5MB. Max. memory is 16.1GB. [2025-03-03 14:31:26,569 INFO L158 Benchmark]: CDTParser took 1.01ms. Allocated memory is still 201.3MB. Free memory is still 121.4MB. There was no memory consumed. Max. memory is 16.1GB. [2025-03-03 14:31:26,569 INFO L158 Benchmark]: CACSL2BoogieTranslator took 369.13ms. Allocated memory is still 167.8MB. Free memory was 121.8MB in the beginning and 102.1MB in the end (delta: 19.7MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-03 14:31:26,570 INFO L158 Benchmark]: Boogie Procedure Inliner took 46.54ms. Allocated memory is still 167.8MB. Free memory was 102.1MB in the beginning and 99.8MB in the end (delta: 2.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2025-03-03 14:31:26,570 INFO L158 Benchmark]: Boogie Preprocessor took 36.44ms. Allocated memory is still 167.8MB. Free memory was 99.8MB in the beginning and 98.1MB in the end (delta: 1.7MB). There was no memory consumed. Max. memory is 16.1GB. [2025-03-03 14:31:26,570 INFO L158 Benchmark]: IcfgBuilder took 460.56ms. Allocated memory is still 167.8MB. Free memory was 98.1MB in the beginning and 75.0MB in the end (delta: 23.1MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-03 14:31:26,570 INFO L158 Benchmark]: TraceAbstraction took 6466.04ms. Allocated memory was 167.8MB in the beginning and 276.8MB in the end (delta: 109.1MB). Free memory was 74.2MB in the beginning and 148.8MB in the end (delta: -74.6MB). Peak memory consumption was 30.4MB. Max. memory is 16.1GB. [2025-03-03 14:31:26,570 INFO L158 Benchmark]: Witness Printer took 217.88ms. Allocated memory is still 276.8MB. Free memory was 148.8MB in the beginning and 129.6MB in the end (delta: 19.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2025-03-03 14:31:26,571 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 1.01ms. Allocated memory is still 201.3MB. Free memory is still 121.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 369.13ms. Allocated memory is still 167.8MB. Free memory was 121.8MB in the beginning and 102.1MB in the end (delta: 19.7MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 46.54ms. Allocated memory is still 167.8MB. Free memory was 102.1MB in the beginning and 99.8MB in the end (delta: 2.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Preprocessor took 36.44ms. Allocated memory is still 167.8MB. Free memory was 99.8MB in the beginning and 98.1MB in the end (delta: 1.7MB). There was no memory consumed. Max. memory is 16.1GB. * IcfgBuilder took 460.56ms. Allocated memory is still 167.8MB. Free memory was 98.1MB in the beginning and 75.0MB in the end (delta: 23.1MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 6466.04ms. Allocated memory was 167.8MB in the beginning and 276.8MB in the end (delta: 109.1MB). Free memory was 74.2MB in the beginning and 148.8MB in the end (delta: -74.6MB). Peak memory consumption was 30.4MB. Max. memory is 16.1GB. * Witness Printer took 217.88ms. Allocated memory is still 276.8MB. Free memory was 148.8MB in the beginning and 129.6MB in the end (delta: 19.2MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [49] - GenericResultAtLocation [Line: 153]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification4_spec.i","") [153] - GenericResultAtLocation [Line: 190]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [190] - GenericResultAtLocation [Line: 530]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [530] - GenericResultAtLocation [Line: 607]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [607] - GenericResultAtLocation [Line: 616]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [616] - GenericResultAtLocation [Line: 982]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [982] - GenericResultAtLocation [Line: 1085]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [1085] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - CounterExampleResult [Line: 612]: a call to reach_error is reachable a call to reach_error is reachable We found a FailurePath: [L50] int cleanupTimeShifts = 4; [L155] int __SELECTED_FEATURE_base ; [L156] int __SELECTED_FEATURE_highWaterSensor ; [L157] int __SELECTED_FEATURE_lowWaterSensor ; [L158] int __SELECTED_FEATURE_methaneQuery ; [L159] int __SELECTED_FEATURE_methaneAlarm ; [L160] int __SELECTED_FEATURE_stopCommand ; [L161] int __SELECTED_FEATURE_startCommand ; [L162] int __GUIDSL_ROOT_PRODUCTION ; [L200] int pumpRunning = 0; [L201] int systemActive = 1; [L786] static struct __ACC__ERR *head = (struct __ACC__ERR *)0; [L983] int waterLevel = 1; [L984] int methaneLevelCritical = 0; VAL [__GUIDSL_ROOT_PRODUCTION=0, __SELECTED_FEATURE_base=0, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L131] int retValue_acc ; [L132] int tmp ; [L136] CALL select_helpers() [L1117] __GUIDSL_ROOT_PRODUCTION = 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=0, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L136] RET select_helpers() [L137] CALL select_features() [L1102] __SELECTED_FEATURE_base = 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1103] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1088] int retValue_acc ; [L1089] int choice = __VERIFIER_nondet_int(); [L1092] retValue_acc = choice [L1093] return (retValue_acc); VAL [\result=16, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1103] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=0, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1103] __SELECTED_FEATURE_highWaterSensor = select_one() [L1104] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1088] int retValue_acc ; [L1089] int choice = __VERIFIER_nondet_int(); [L1092] retValue_acc = choice [L1093] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1104] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1104] __SELECTED_FEATURE_lowWaterSensor = select_one() [L1105] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1088] int retValue_acc ; [L1089] int choice = __VERIFIER_nondet_int(); [L1092] retValue_acc = choice [L1093] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1105] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1105] __SELECTED_FEATURE_methaneQuery = select_one() [L1106] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1088] int retValue_acc ; [L1089] int choice = __VERIFIER_nondet_int(); [L1092] retValue_acc = choice [L1093] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1106] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1106] __SELECTED_FEATURE_methaneAlarm = select_one() [L1107] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1088] int retValue_acc ; [L1089] int choice = __VERIFIER_nondet_int(); [L1092] retValue_acc = choice [L1093] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1107] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1107] __SELECTED_FEATURE_stopCommand = select_one() [L1108] CALL, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1088] int retValue_acc ; [L1089] int choice = __VERIFIER_nondet_int(); [L1092] retValue_acc = choice [L1093] return (retValue_acc); VAL [\result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1108] RET, EXPR select_one() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1108] __SELECTED_FEATURE_startCommand = select_one() [L137] RET select_features() [L138] CALL, EXPR valid_product() [L1122] int retValue_acc ; [L1125] retValue_acc = __SELECTED_FEATURE_base [L1126] return (retValue_acc); VAL [\result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L138] RET, EXPR valid_product() [L138] tmp = valid_product() [L140] COND TRUE \read(tmp) [L142] FCALL setup() [L143] CALL runTest() [L122] CALL test() [L532] int splverifierCounter ; [L533] int tmp ; [L534] int tmp___0 ; [L535] int tmp___1 ; [L536] int tmp___2 ; [L539] splverifierCounter = 0 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L541] COND TRUE 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L543] COND TRUE splverifierCounter < 4 [L549] tmp = __VERIFIER_nondet_int() [L551] COND TRUE \read(tmp) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=1] [L553] CALL waterRise() VAL [\old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=1] [L1001] COND TRUE waterLevel < 2 [L1002] waterLevel = waterLevel + 1 VAL [\old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L553] RET waterRise() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L559] tmp___0 = __VERIFIER_nondet_int() [L561] COND FALSE !(\read(tmp___0)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L569] tmp___2 = __VERIFIER_nondet_int() [L571] COND FALSE !(\read(tmp___2)) [L581] tmp___1 = __VERIFIER_nondet_int() [L583] COND FALSE !(\read(tmp___1)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, splverifierCounter=0, systemActive=1, waterLevel=2] [L596] CALL timeShift() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L207] COND FALSE !(\read(pumpRunning)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L214] COND TRUE \read(systemActive) [L216] CALL processEnvironment() [L350] COND FALSE !(\read(__SELECTED_FEATURE_methaneAlarm)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L357] CALL processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L307] COND FALSE !(\read(__SELECTED_FEATURE_lowWaterSensor)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L314] CALL processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L264] COND TRUE \read(__SELECTED_FEATURE_highWaterSensor) [L266] CALL processEnvironment__role__highWaterSensor() [L236] int tmp ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L239] COND TRUE ! pumpRunning [L241] CALL, EXPR isHighWaterLevel() [L470] int retValue_acc ; [L471] int tmp ; [L472] int tmp___0 ; [L476] CALL, EXPR isHighWaterSensorDry() [L1063] int retValue_acc ; VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L1066] COND FALSE !(waterLevel < 2) [L1070] retValue_acc = 0 [L1071] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L476] RET, EXPR isHighWaterSensorDry() [L476] tmp = isHighWaterSensorDry() [L478] COND FALSE !(\read(tmp)) [L481] tmp___0 = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, tmp___0=1, waterLevel=2] [L483] retValue_acc = tmp___0 [L484] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L241] RET, EXPR isHighWaterLevel() [L241] tmp = isHighWaterLevel() [L243] COND TRUE \read(tmp) [L245] CALL activatePump() [L392] COND FALSE !(\read(__SELECTED_FEATURE_methaneQuery)) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L399] CALL activatePump__before__methaneQuery() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=0, systemActive=1, waterLevel=2] [L367] pumpRunning = 1 VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=2] [L399] RET activatePump__before__methaneQuery() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=2] [L245] RET activatePump() [L266] RET processEnvironment__role__highWaterSensor() [L314] RET processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=2] [L357] RET processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=2] [L216] RET processEnvironment() [L222] CALL __utac_acc__Specification4_spec__1() [L166] int tmp ; [L167] int tmp___0 ; [L171] CALL, EXPR getWaterLevel() [L1054] int retValue_acc ; [L1057] retValue_acc = waterLevel [L1058] return (retValue_acc); VAL [\old(pumpRunning)=0, \old(waterLevel)=2, \result=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=2] [L171] RET, EXPR getWaterLevel() [L171] tmp = getWaterLevel() [L173] COND FALSE !(tmp == 0) VAL [\old(pumpRunning)=0, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=2] [L222] RET __utac_acc__Specification4_spec__1() [L596] RET timeShift() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=2] [L541] COND TRUE 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=2] [L543] COND TRUE splverifierCounter < 4 [L549] tmp = __VERIFIER_nondet_int() [L551] COND FALSE !(\read(tmp)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=2] [L559] tmp___0 = __VERIFIER_nondet_int() [L561] COND FALSE !(\read(tmp___0)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=2] [L569] tmp___2 = __VERIFIER_nondet_int() [L571] COND FALSE !(\read(tmp___2)) [L581] tmp___1 = __VERIFIER_nondet_int() [L583] COND FALSE !(\read(tmp___1)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=2] [L596] CALL timeShift() VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=2] [L207] COND TRUE \read(pumpRunning) [L209] CALL lowerWaterLevel() [L989] COND TRUE waterLevel > 0 [L990] waterLevel = waterLevel - 1 VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L209] RET lowerWaterLevel() [L214] COND TRUE \read(systemActive) [L216] CALL processEnvironment() [L350] COND FALSE !(\read(__SELECTED_FEATURE_methaneAlarm)) VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L357] CALL processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L307] COND FALSE !(\read(__SELECTED_FEATURE_lowWaterSensor)) VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L314] CALL processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L264] COND TRUE \read(__SELECTED_FEATURE_highWaterSensor) [L266] CALL processEnvironment__role__highWaterSensor() [L236] int tmp ; VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L239] COND FALSE !(! pumpRunning) VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L254] FCALL processEnvironment__before__highWaterSensor() VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L266] RET processEnvironment__role__highWaterSensor() [L314] RET processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L357] RET processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L216] RET processEnvironment() [L222] CALL __utac_acc__Specification4_spec__1() [L166] int tmp ; [L167] int tmp___0 ; [L171] CALL, EXPR getWaterLevel() [L1054] int retValue_acc ; [L1057] retValue_acc = waterLevel [L1058] return (retValue_acc); VAL [\old(pumpRunning)=1, \old(waterLevel)=2, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L171] RET, EXPR getWaterLevel() [L171] tmp = getWaterLevel() [L173] COND FALSE !(tmp == 0) VAL [\old(pumpRunning)=1, \old(waterLevel)=2, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L222] RET __utac_acc__Specification4_spec__1() [L596] RET timeShift() VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=1] [L541] COND TRUE 1 VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=1] [L543] COND TRUE splverifierCounter < 4 [L549] tmp = __VERIFIER_nondet_int() [L551] COND FALSE !(\read(tmp)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=1] [L559] tmp___0 = __VERIFIER_nondet_int() [L561] COND FALSE !(\read(tmp___0)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=1] [L569] tmp___2 = __VERIFIER_nondet_int() [L571] COND FALSE !(\read(tmp___2)) [L581] tmp___1 = __VERIFIER_nondet_int() [L583] COND FALSE !(\read(tmp___1)) VAL [__GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, splverifierCounter=0, systemActive=1, waterLevel=1] [L596] CALL timeShift() VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=1] [L207] COND TRUE \read(pumpRunning) [L209] CALL lowerWaterLevel() [L989] COND TRUE waterLevel > 0 [L990] waterLevel = waterLevel - 1 VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L209] RET lowerWaterLevel() [L214] COND TRUE \read(systemActive) [L216] CALL processEnvironment() [L350] COND FALSE !(\read(__SELECTED_FEATURE_methaneAlarm)) VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L357] CALL processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L307] COND FALSE !(\read(__SELECTED_FEATURE_lowWaterSensor)) VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L314] CALL processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L264] COND TRUE \read(__SELECTED_FEATURE_highWaterSensor) [L266] CALL processEnvironment__role__highWaterSensor() [L236] int tmp ; VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L239] COND FALSE !(! pumpRunning) VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L254] FCALL processEnvironment__before__highWaterSensor() VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L266] RET processEnvironment__role__highWaterSensor() [L314] RET processEnvironment__before__lowWaterSensor() VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L357] RET processEnvironment__before__methaneAlarm() VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L216] RET processEnvironment() [L222] CALL __utac_acc__Specification4_spec__1() [L166] int tmp ; [L167] int tmp___0 ; [L171] CALL, EXPR getWaterLevel() [L1054] int retValue_acc ; [L1057] retValue_acc = waterLevel [L1058] return (retValue_acc); VAL [\old(pumpRunning)=1, \old(waterLevel)=1, \result=0, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L171] RET, EXPR getWaterLevel() [L171] tmp = getWaterLevel() [L173] COND TRUE tmp == 0 [L175] CALL, EXPR isPumpRunning() [L425] int retValue_acc ; [L428] retValue_acc = pumpRunning [L429] return (retValue_acc); VAL [\old(pumpRunning)=1, \old(waterLevel)=1, \result=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] [L175] RET, EXPR isPumpRunning() [L175] tmp___0 = isPumpRunning() [L177] COND TRUE \read(tmp___0) [L179] CALL __automaton_fail() [L612] reach_error() VAL [\old(pumpRunning)=1, \old(waterLevel)=1, __GUIDSL_ROOT_PRODUCTION=1, __SELECTED_FEATURE_base=1, __SELECTED_FEATURE_highWaterSensor=16, __SELECTED_FEATURE_lowWaterSensor=0, __SELECTED_FEATURE_methaneAlarm=0, __SELECTED_FEATURE_methaneQuery=0, __SELECTED_FEATURE_startCommand=0, __SELECTED_FEATURE_stopCommand=0, cleanupTimeShifts=4, head={0:0}, methaneLevelCritical=0, pumpRunning=1, systemActive=1, waterLevel=0] - StatisticsResult: Ultimate Automizer benchmark data CFG has 12 procedures, 137 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 6.3s, OverallIterations: 13, TraceHistogramMax: 6, PathProgramHistogramMax: 2, EmptinessCheckTime: 0.0s, AutomataDifference: 2.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 2244 SdHoareTripleChecker+Valid, 1.4s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 2201 mSDsluCounter, 6705 SdHoareTripleChecker+Invalid, 1.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 4600 mSDsCounter, 520 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1608 IncrementalHoareTripleChecker+Invalid, 2128 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 520 mSolverCounterUnsat, 2105 mSDtfsCounter, 1608 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 677 GetRequests, 599 SyntacticMatches, 5 SemanticMatches, 73 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 59 ImplicationChecksByTransitivity, 0.4s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1212occurred in iteration=10, InterpolantAutomatonStates: 68, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.6s AutomataMinimizationTime, 12 MinimizatonAttempts, 210 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.3s SatisfiabilityAnalysisTime, 1.7s InterpolantComputationTime, 1662 NumberOfCodeBlocks, 1662 NumberOfCodeBlocksAsserted, 18 NumberOfCheckSat, 1611 ConstructedInterpolants, 0 QuantifiedInterpolants, 2610 SizeOfPredicates, 2 NumberOfNonLiveVariables, 1609 ConjunctsInSsa, 22 ConjunctsInUnsatCore, 17 InterpolantComputations, 11 PerfectInterpolantSequences, 1041/1090 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available, ConComCheckerStatistics: No data available RESULT: Ultimate proved your program to be incorrect! [2025-03-03 14:31:26,587 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Writing human readable error path to file UltimateCounterExample.errorpath Result: FALSE