./Ultimate.py --spec /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/properties/unreach-call.prp --file /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 84cfde4a Calling Ultimate with: /root/.sdkman/candidates/java/current/bin/java -Dosgi.configuration.area=/storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c -s /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 --- Real Ultimate output --- This is Ultimate 0.2.5-dev-84cfde4 [2024-10-11 03:01:09,249 INFO L188 SettingsManager]: Resetting all preferences to default values... [2024-10-11 03:01:09,299 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2024-10-11 03:01:09,304 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2024-10-11 03:01:09,304 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2024-10-11 03:01:09,322 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2024-10-11 03:01:09,322 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2024-10-11 03:01:09,322 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2024-10-11 03:01:09,323 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2024-10-11 03:01:09,323 INFO L153 SettingsManager]: * Use memory slicer=true [2024-10-11 03:01:09,323 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2024-10-11 03:01:09,324 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2024-10-11 03:01:09,324 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2024-10-11 03:01:09,324 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2024-10-11 03:01:09,324 INFO L153 SettingsManager]: * Use SBE=true [2024-10-11 03:01:09,325 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2024-10-11 03:01:09,328 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2024-10-11 03:01:09,328 INFO L153 SettingsManager]: * sizeof long=4 [2024-10-11 03:01:09,329 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2024-10-11 03:01:09,329 INFO L153 SettingsManager]: * sizeof POINTER=4 [2024-10-11 03:01:09,329 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2024-10-11 03:01:09,329 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2024-10-11 03:01:09,330 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2024-10-11 03:01:09,330 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2024-10-11 03:01:09,330 INFO L153 SettingsManager]: * Allow undefined functions=false [2024-10-11 03:01:09,333 INFO L153 SettingsManager]: * sizeof long double=12 [2024-10-11 03:01:09,333 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2024-10-11 03:01:09,333 INFO L153 SettingsManager]: * Use constant arrays=true [2024-10-11 03:01:09,333 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2024-10-11 03:01:09,333 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2024-10-11 03:01:09,333 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2024-10-11 03:01:09,334 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2024-10-11 03:01:09,334 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-10-11 03:01:09,334 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2024-10-11 03:01:09,334 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2024-10-11 03:01:09,334 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2024-10-11 03:01:09,334 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2024-10-11 03:01:09,334 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2024-10-11 03:01:09,335 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2024-10-11 03:01:09,335 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2024-10-11 03:01:09,335 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2024-10-11 03:01:09,335 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2024-10-11 03:01:09,335 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> df3faf2d1bbcaed92e1c2eddcb5ae1d2459730e99808e363d537a0bc5d54e347 [2024-10-11 03:01:09,546 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2024-10-11 03:01:09,566 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2024-10-11 03:01:09,569 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2024-10-11 03:01:09,570 INFO L270 PluginConnector]: Initializing CDTParser... [2024-10-11 03:01:09,570 INFO L274 PluginConnector]: CDTParser initialized [2024-10-11 03:01:09,571 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2024-10-11 03:01:10,735 INFO L533 CDTParser]: Created temporary CDT project at NULL [2024-10-11 03:01:10,911 INFO L384 CDTParser]: Found 1 translation units. [2024-10-11 03:01:10,912 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c [2024-10-11 03:01:10,925 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/data/2fbe4ad21/8b42809243f6460281704ef99abf7a33/FLAG52c73b713 [2024-10-11 03:01:10,937 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/data/2fbe4ad21/8b42809243f6460281704ef99abf7a33 [2024-10-11 03:01:10,940 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2024-10-11 03:01:10,941 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2024-10-11 03:01:10,943 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2024-10-11 03:01:10,943 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2024-10-11 03:01:10,947 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2024-10-11 03:01:10,948 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 11.10 03:01:10" (1/1) ... [2024-10-11 03:01:10,948 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@2b330dab and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:10, skipping insertion in model container [2024-10-11 03:01:10,948 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 11.10 03:01:10" (1/1) ... [2024-10-11 03:01:10,986 INFO L175 MainTranslator]: Built tables and reachable declarations [2024-10-11 03:01:11,128 WARN L248 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2024-10-11 03:01:11,223 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-10-11 03:01:11,234 INFO L200 MainTranslator]: Completed pre-run [2024-10-11 03:01:11,242 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [49] [2024-10-11 03:01:11,243 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [58] [2024-10-11 03:01:11,243 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [96] [2024-10-11 03:01:11,245 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [304] [2024-10-11 03:01:11,246 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [405] [2024-10-11 03:01:11,246 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [472] [2024-10-11 03:01:11,246 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [522] [2024-10-11 03:01:11,247 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [888] [2024-10-11 03:01:11,251 WARN L248 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product39.cil.c[1605,1618] [2024-10-11 03:01:11,302 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-10-11 03:01:11,321 INFO L204 MainTranslator]: Completed translation [2024-10-11 03:01:11,321 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11 WrapperNode [2024-10-11 03:01:11,322 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2024-10-11 03:01:11,322 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2024-10-11 03:01:11,323 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2024-10-11 03:01:11,323 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2024-10-11 03:01:11,327 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,343 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,371 INFO L138 Inliner]: procedures = 56, calls = 102, calls flagged for inlining = 24, calls inlined = 21, statements flattened = 206 [2024-10-11 03:01:11,371 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2024-10-11 03:01:11,371 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2024-10-11 03:01:11,372 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2024-10-11 03:01:11,372 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2024-10-11 03:01:11,381 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,381 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,387 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,407 INFO L175 MemorySlicer]: Split 2 memory accesses to 1 slices as follows [2]. 100 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2]. The 0 writes are split as follows [0]. [2024-10-11 03:01:11,408 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,408 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,414 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,418 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,421 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,422 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,423 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2024-10-11 03:01:11,424 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2024-10-11 03:01:11,424 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2024-10-11 03:01:11,424 INFO L274 PluginConnector]: RCFGBuilder initialized [2024-10-11 03:01:11,425 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (1/1) ... [2024-10-11 03:01:11,430 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-10-11 03:01:11,440 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 [2024-10-11 03:01:11,457 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2024-10-11 03:01:11,460 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2024-10-11 03:01:11,498 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2024-10-11 03:01:11,498 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2024-10-11 03:01:11,498 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2024-10-11 03:01:11,498 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2024-10-11 03:01:11,498 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2024-10-11 03:01:11,499 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2024-10-11 03:01:11,499 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2024-10-11 03:01:11,499 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2024-10-11 03:01:11,499 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2024-10-11 03:01:11,499 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2024-10-11 03:01:11,500 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2024-10-11 03:01:11,500 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2024-10-11 03:01:11,500 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2024-10-11 03:01:11,501 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2024-10-11 03:01:11,501 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2024-10-11 03:01:11,501 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2024-10-11 03:01:11,501 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2024-10-11 03:01:11,501 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2024-10-11 03:01:11,502 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2024-10-11 03:01:11,502 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2024-10-11 03:01:11,598 INFO L238 CfgBuilder]: Building ICFG [2024-10-11 03:01:11,601 INFO L264 CfgBuilder]: Building CFG for each procedure with an implementation [2024-10-11 03:01:11,852 INFO L? ?]: Removed 42 outVars from TransFormulas that were not future-live. [2024-10-11 03:01:11,853 INFO L287 CfgBuilder]: Performing block encoding [2024-10-11 03:01:11,896 INFO L309 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2024-10-11 03:01:11,896 INFO L314 CfgBuilder]: Removed 2 assume(true) statements. [2024-10-11 03:01:11,896 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 11.10 03:01:11 BoogieIcfgContainer [2024-10-11 03:01:11,896 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2024-10-11 03:01:11,900 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2024-10-11 03:01:11,900 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2024-10-11 03:01:11,902 INFO L274 PluginConnector]: TraceAbstraction initialized [2024-10-11 03:01:11,902 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 11.10 03:01:10" (1/3) ... [2024-10-11 03:01:11,903 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2bb89f89 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 11.10 03:01:11, skipping insertion in model container [2024-10-11 03:01:11,903 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 11.10 03:01:11" (2/3) ... [2024-10-11 03:01:11,904 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2bb89f89 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 11.10 03:01:11, skipping insertion in model container [2024-10-11 03:01:11,904 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 11.10 03:01:11" (3/3) ... [2024-10-11 03:01:11,905 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product39.cil.c [2024-10-11 03:01:11,918 INFO L209 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2024-10-11 03:01:11,918 INFO L149 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2024-10-11 03:01:11,968 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2024-10-11 03:01:11,974 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@41faa736, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2024-10-11 03:01:11,975 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2024-10-11 03:01:11,978 INFO L276 IsEmpty]: Start isEmpty. Operand has 75 states, 51 states have (on average 1.5294117647058822) internal successors, (78), 60 states have internal predecessors, (78), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2024-10-11 03:01:11,984 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2024-10-11 03:01:11,984 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:11,985 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:11,986 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:11,989 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:11,990 INFO L85 PathProgramCache]: Analyzing trace with hash 190850071, now seen corresponding path program 1 times [2024-10-11 03:01:11,996 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:11,996 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [406602862] [2024-10-11 03:01:11,996 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:11,996 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:12,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,129 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2024-10-11 03:01:12,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,134 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2024-10-11 03:01:12,135 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,137 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-11 03:01:12,138 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:12,138 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [406602862] [2024-10-11 03:01:12,138 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [406602862] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:12,139 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:12,139 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2024-10-11 03:01:12,141 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [554505906] [2024-10-11 03:01:12,142 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:12,148 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2024-10-11 03:01:12,148 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:12,163 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2024-10-11 03:01:12,164 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2024-10-11 03:01:12,165 INFO L87 Difference]: Start difference. First operand has 75 states, 51 states have (on average 1.5294117647058822) internal successors, (78), 60 states have internal predecessors, (78), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 7.5) internal successors, (15), 2 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-11 03:01:12,216 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:12,217 INFO L93 Difference]: Finished difference Result 148 states and 213 transitions. [2024-10-11 03:01:12,218 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2024-10-11 03:01:12,219 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.5) internal successors, (15), 2 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 22 [2024-10-11 03:01:12,219 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:12,227 INFO L225 Difference]: With dead ends: 148 [2024-10-11 03:01:12,227 INFO L226 Difference]: Without dead ends: 70 [2024-10-11 03:01:12,231 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2024-10-11 03:01:12,234 INFO L432 NwaCegarLoop]: 86 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 15 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 86 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 15 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:12,234 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 86 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 15 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-10-11 03:01:12,248 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 70 states. [2024-10-11 03:01:12,269 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 70 to 70. [2024-10-11 03:01:12,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 70 states, 48 states have (on average 1.4166666666666667) internal successors, (68), 56 states have internal predecessors, (68), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2024-10-11 03:01:12,273 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 70 states to 70 states and 95 transitions. [2024-10-11 03:01:12,275 INFO L78 Accepts]: Start accepts. Automaton has 70 states and 95 transitions. Word has length 22 [2024-10-11 03:01:12,276 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:12,276 INFO L471 AbstractCegarLoop]: Abstraction has 70 states and 95 transitions. [2024-10-11 03:01:12,276 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.5) internal successors, (15), 2 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-11 03:01:12,277 INFO L276 IsEmpty]: Start isEmpty. Operand 70 states and 95 transitions. [2024-10-11 03:01:12,279 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2024-10-11 03:01:12,280 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:12,280 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:12,280 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2024-10-11 03:01:12,281 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:12,281 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:12,281 INFO L85 PathProgramCache]: Analyzing trace with hash 471814718, now seen corresponding path program 1 times [2024-10-11 03:01:12,281 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:12,282 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [737525489] [2024-10-11 03:01:12,282 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:12,282 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:12,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,360 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2024-10-11 03:01:12,361 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,363 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2024-10-11 03:01:12,364 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,365 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-11 03:01:12,366 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:12,366 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [737525489] [2024-10-11 03:01:12,366 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [737525489] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:12,366 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:12,366 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-10-11 03:01:12,366 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1638121631] [2024-10-11 03:01:12,367 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:12,368 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-10-11 03:01:12,368 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:12,369 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-10-11 03:01:12,370 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-11 03:01:12,370 INFO L87 Difference]: Start difference. First operand 70 states and 95 transitions. Second operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-11 03:01:12,397 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:12,398 INFO L93 Difference]: Finished difference Result 110 states and 148 transitions. [2024-10-11 03:01:12,398 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-10-11 03:01:12,398 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 23 [2024-10-11 03:01:12,398 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:12,399 INFO L225 Difference]: With dead ends: 110 [2024-10-11 03:01:12,399 INFO L226 Difference]: Without dead ends: 62 [2024-10-11 03:01:12,400 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-11 03:01:12,401 INFO L432 NwaCegarLoop]: 72 mSDtfsCounter, 14 mSDsluCounter, 55 mSDsCounter, 0 mSdLazyCounter, 21 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 127 SdHoareTripleChecker+Invalid, 21 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 21 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:12,401 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [18 Valid, 127 Invalid, 21 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 21 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-10-11 03:01:12,402 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 62 states. [2024-10-11 03:01:12,408 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 62 to 62. [2024-10-11 03:01:12,408 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 62 states, 43 states have (on average 1.441860465116279) internal successors, (62), 51 states have internal predecessors, (62), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2024-10-11 03:01:12,409 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 62 states to 62 states and 84 transitions. [2024-10-11 03:01:12,409 INFO L78 Accepts]: Start accepts. Automaton has 62 states and 84 transitions. Word has length 23 [2024-10-11 03:01:12,409 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:12,409 INFO L471 AbstractCegarLoop]: Abstraction has 62 states and 84 transitions. [2024-10-11 03:01:12,410 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-11 03:01:12,410 INFO L276 IsEmpty]: Start isEmpty. Operand 62 states and 84 transitions. [2024-10-11 03:01:12,410 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2024-10-11 03:01:12,410 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:12,411 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:12,411 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2024-10-11 03:01:12,411 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:12,411 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:12,411 INFO L85 PathProgramCache]: Analyzing trace with hash -1985947031, now seen corresponding path program 1 times [2024-10-11 03:01:12,412 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:12,412 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1735823679] [2024-10-11 03:01:12,412 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:12,412 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:12,426 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,474 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-11 03:01:12,480 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,487 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2024-10-11 03:01:12,492 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,493 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-11 03:01:12,494 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:12,494 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1735823679] [2024-10-11 03:01:12,497 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1735823679] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:12,497 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:12,497 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-10-11 03:01:12,497 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [465398872] [2024-10-11 03:01:12,497 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:12,498 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-10-11 03:01:12,498 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:12,498 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-10-11 03:01:12,498 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-11 03:01:12,499 INFO L87 Difference]: Start difference. First operand 62 states and 84 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2024-10-11 03:01:12,552 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:12,556 INFO L93 Difference]: Finished difference Result 182 states and 249 transitions. [2024-10-11 03:01:12,556 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-10-11 03:01:12,556 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 26 [2024-10-11 03:01:12,557 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:12,558 INFO L225 Difference]: With dead ends: 182 [2024-10-11 03:01:12,558 INFO L226 Difference]: Without dead ends: 122 [2024-10-11 03:01:12,559 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-11 03:01:12,559 INFO L432 NwaCegarLoop]: 84 mSDtfsCounter, 68 mSDsluCounter, 70 mSDsCounter, 0 mSdLazyCounter, 27 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 154 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 27 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:12,560 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [68 Valid, 154 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 27 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-10-11 03:01:12,562 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 122 states. [2024-10-11 03:01:12,578 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 122 to 119. [2024-10-11 03:01:12,578 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 119 states, 82 states have (on average 1.451219512195122) internal successors, (119), 97 states have internal predecessors, (119), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2024-10-11 03:01:12,580 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 119 states to 119 states and 163 transitions. [2024-10-11 03:01:12,580 INFO L78 Accepts]: Start accepts. Automaton has 119 states and 163 transitions. Word has length 26 [2024-10-11 03:01:12,580 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:12,580 INFO L471 AbstractCegarLoop]: Abstraction has 119 states and 163 transitions. [2024-10-11 03:01:12,580 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2024-10-11 03:01:12,581 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 163 transitions. [2024-10-11 03:01:12,582 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2024-10-11 03:01:12,582 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:12,582 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:12,582 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2024-10-11 03:01:12,582 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:12,583 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:12,583 INFO L85 PathProgramCache]: Analyzing trace with hash -2104489746, now seen corresponding path program 1 times [2024-10-11 03:01:12,583 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:12,583 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1708455110] [2024-10-11 03:01:12,583 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:12,583 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:12,603 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,703 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2024-10-11 03:01:12,704 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,706 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2024-10-11 03:01:12,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,726 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2024-10-11 03:01:12,726 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:12,726 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1708455110] [2024-10-11 03:01:12,726 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1708455110] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:12,726 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:12,727 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2024-10-11 03:01:12,727 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1553809057] [2024-10-11 03:01:12,727 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:12,727 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2024-10-11 03:01:12,727 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:12,728 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2024-10-11 03:01:12,728 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-10-11 03:01:12,728 INFO L87 Difference]: Start difference. First operand 119 states and 163 transitions. Second operand has 6 states, 5 states have (on average 4.8) internal successors, (24), 5 states have internal predecessors, (24), 2 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2024-10-11 03:01:12,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:12,894 INFO L93 Difference]: Finished difference Result 316 states and 441 transitions. [2024-10-11 03:01:12,894 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-10-11 03:01:12,894 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 4.8) internal successors, (24), 5 states have internal predecessors, (24), 2 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 29 [2024-10-11 03:01:12,895 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:12,896 INFO L225 Difference]: With dead ends: 316 [2024-10-11 03:01:12,896 INFO L226 Difference]: Without dead ends: 199 [2024-10-11 03:01:12,897 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2024-10-11 03:01:12,899 INFO L432 NwaCegarLoop]: 73 mSDtfsCounter, 58 mSDsluCounter, 244 mSDsCounter, 0 mSdLazyCounter, 108 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 60 SdHoareTripleChecker+Valid, 317 SdHoareTripleChecker+Invalid, 117 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 108 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:12,901 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [60 Valid, 317 Invalid, 117 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 108 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-10-11 03:01:12,902 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 199 states. [2024-10-11 03:01:12,935 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 199 to 198. [2024-10-11 03:01:12,936 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 198 states, 139 states have (on average 1.3741007194244603) internal successors, (191), 154 states have internal predecessors, (191), 32 states have call successors, (32), 26 states have call predecessors, (32), 26 states have return successors, (40), 29 states have call predecessors, (40), 32 states have call successors, (40) [2024-10-11 03:01:12,937 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 198 states to 198 states and 263 transitions. [2024-10-11 03:01:12,938 INFO L78 Accepts]: Start accepts. Automaton has 198 states and 263 transitions. Word has length 29 [2024-10-11 03:01:12,938 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:12,938 INFO L471 AbstractCegarLoop]: Abstraction has 198 states and 263 transitions. [2024-10-11 03:01:12,939 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 4.8) internal successors, (24), 5 states have internal predecessors, (24), 2 states have call successors, (3), 1 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2024-10-11 03:01:12,939 INFO L276 IsEmpty]: Start isEmpty. Operand 198 states and 263 transitions. [2024-10-11 03:01:12,940 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2024-10-11 03:01:12,940 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:12,941 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:12,941 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2024-10-11 03:01:12,941 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:12,949 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:12,949 INFO L85 PathProgramCache]: Analyzing trace with hash -531412959, now seen corresponding path program 1 times [2024-10-11 03:01:12,949 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:12,949 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1162069486] [2024-10-11 03:01:12,949 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:12,949 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:12,961 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,990 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-11 03:01:12,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:12,994 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2024-10-11 03:01:12,996 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,010 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2024-10-11 03:01:13,011 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,012 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-11 03:01:13,012 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:13,012 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1162069486] [2024-10-11 03:01:13,012 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1162069486] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:13,012 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:13,012 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-10-11 03:01:13,013 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [825103114] [2024-10-11 03:01:13,013 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:13,013 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-10-11 03:01:13,013 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:13,013 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-10-11 03:01:13,013 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-10-11 03:01:13,014 INFO L87 Difference]: Start difference. First operand 198 states and 263 transitions. Second operand has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-11 03:01:13,166 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:13,166 INFO L93 Difference]: Finished difference Result 438 states and 589 transitions. [2024-10-11 03:01:13,167 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-10-11 03:01:13,167 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 38 [2024-10-11 03:01:13,167 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:13,168 INFO L225 Difference]: With dead ends: 438 [2024-10-11 03:01:13,169 INFO L226 Difference]: Without dead ends: 242 [2024-10-11 03:01:13,170 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2024-10-11 03:01:13,170 INFO L432 NwaCegarLoop]: 63 mSDtfsCounter, 45 mSDsluCounter, 139 mSDsCounter, 0 mSdLazyCounter, 118 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 49 SdHoareTripleChecker+Valid, 202 SdHoareTripleChecker+Invalid, 131 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 118 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:13,171 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [49 Valid, 202 Invalid, 131 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 118 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-10-11 03:01:13,171 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 242 states. [2024-10-11 03:01:13,187 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 242 to 240. [2024-10-11 03:01:13,188 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 240 states, 171 states have (on average 1.3508771929824561) internal successors, (231), 186 states have internal predecessors, (231), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2024-10-11 03:01:13,189 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 240 states to 240 states and 317 transitions. [2024-10-11 03:01:13,189 INFO L78 Accepts]: Start accepts. Automaton has 240 states and 317 transitions. Word has length 38 [2024-10-11 03:01:13,189 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:13,189 INFO L471 AbstractCegarLoop]: Abstraction has 240 states and 317 transitions. [2024-10-11 03:01:13,189 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-11 03:01:13,190 INFO L276 IsEmpty]: Start isEmpty. Operand 240 states and 317 transitions. [2024-10-11 03:01:13,190 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2024-10-11 03:01:13,191 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:13,191 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:13,191 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2024-10-11 03:01:13,191 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:13,191 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:13,191 INFO L85 PathProgramCache]: Analyzing trace with hash -1811276637, now seen corresponding path program 1 times [2024-10-11 03:01:13,191 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:13,191 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1643153722] [2024-10-11 03:01:13,191 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:13,191 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:13,199 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,235 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-11 03:01:13,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,240 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2024-10-11 03:01:13,242 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,256 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2024-10-11 03:01:13,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,258 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-11 03:01:13,258 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:13,258 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1643153722] [2024-10-11 03:01:13,258 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1643153722] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:13,258 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:13,258 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2024-10-11 03:01:13,259 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1208994336] [2024-10-11 03:01:13,259 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:13,259 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2024-10-11 03:01:13,259 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:13,259 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2024-10-11 03:01:13,259 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-10-11 03:01:13,260 INFO L87 Difference]: Start difference. First operand 240 states and 317 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2024-10-11 03:01:13,544 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:13,544 INFO L93 Difference]: Finished difference Result 490 states and 659 transitions. [2024-10-11 03:01:13,545 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2024-10-11 03:01:13,545 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 38 [2024-10-11 03:01:13,545 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:13,547 INFO L225 Difference]: With dead ends: 490 [2024-10-11 03:01:13,547 INFO L226 Difference]: Without dead ends: 252 [2024-10-11 03:01:13,548 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 8 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=35, Invalid=75, Unknown=0, NotChecked=0, Total=110 [2024-10-11 03:01:13,549 INFO L432 NwaCegarLoop]: 69 mSDtfsCounter, 142 mSDsluCounter, 209 mSDsCounter, 0 mSdLazyCounter, 181 mSolverCounterSat, 37 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 149 SdHoareTripleChecker+Valid, 278 SdHoareTripleChecker+Invalid, 218 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 37 IncrementalHoareTripleChecker+Valid, 181 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:13,550 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [149 Valid, 278 Invalid, 218 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [37 Valid, 181 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2024-10-11 03:01:13,551 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 252 states. [2024-10-11 03:01:13,567 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 252 to 244. [2024-10-11 03:01:13,568 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 244 states, 175 states have (on average 1.3428571428571427) internal successors, (235), 190 states have internal predecessors, (235), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2024-10-11 03:01:13,569 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 244 states to 244 states and 321 transitions. [2024-10-11 03:01:13,569 INFO L78 Accepts]: Start accepts. Automaton has 244 states and 321 transitions. Word has length 38 [2024-10-11 03:01:13,569 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:13,570 INFO L471 AbstractCegarLoop]: Abstraction has 244 states and 321 transitions. [2024-10-11 03:01:13,570 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2024-10-11 03:01:13,570 INFO L276 IsEmpty]: Start isEmpty. Operand 244 states and 321 transitions. [2024-10-11 03:01:13,571 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2024-10-11 03:01:13,571 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:13,571 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:13,571 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2024-10-11 03:01:13,571 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:13,572 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:13,572 INFO L85 PathProgramCache]: Analyzing trace with hash 895342757, now seen corresponding path program 1 times [2024-10-11 03:01:13,572 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:13,572 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1857380418] [2024-10-11 03:01:13,572 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:13,572 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:13,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,645 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-11 03:01:13,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,654 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2024-10-11 03:01:13,656 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,666 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2024-10-11 03:01:13,667 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:13,668 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-11 03:01:13,668 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:13,668 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1857380418] [2024-10-11 03:01:13,668 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1857380418] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:13,668 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:13,668 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-10-11 03:01:13,668 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [315984099] [2024-10-11 03:01:13,668 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:13,669 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-10-11 03:01:13,669 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:13,670 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-10-11 03:01:13,670 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-10-11 03:01:13,670 INFO L87 Difference]: Start difference. First operand 244 states and 321 transitions. Second operand has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-11 03:01:13,922 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:13,923 INFO L93 Difference]: Finished difference Result 811 states and 1139 transitions. [2024-10-11 03:01:13,923 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-10-11 03:01:13,923 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 38 [2024-10-11 03:01:13,923 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:13,930 INFO L225 Difference]: With dead ends: 811 [2024-10-11 03:01:13,934 INFO L226 Difference]: Without dead ends: 569 [2024-10-11 03:01:13,935 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2024-10-11 03:01:13,936 INFO L432 NwaCegarLoop]: 120 mSDtfsCounter, 184 mSDsluCounter, 165 mSDsCounter, 0 mSdLazyCounter, 229 mSolverCounterSat, 59 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 191 SdHoareTripleChecker+Valid, 285 SdHoareTripleChecker+Invalid, 288 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 59 IncrementalHoareTripleChecker+Valid, 229 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:13,937 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [191 Valid, 285 Invalid, 288 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [59 Valid, 229 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2024-10-11 03:01:13,938 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 569 states. [2024-10-11 03:01:13,995 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 569 to 561. [2024-10-11 03:01:13,999 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 561 states, 400 states have (on average 1.3225) internal successors, (529), 429 states have internal predecessors, (529), 90 states have call successors, (90), 71 states have call predecessors, (90), 70 states have return successors, (140), 84 states have call predecessors, (140), 90 states have call successors, (140) [2024-10-11 03:01:14,002 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 561 states to 561 states and 759 transitions. [2024-10-11 03:01:14,003 INFO L78 Accepts]: Start accepts. Automaton has 561 states and 759 transitions. Word has length 38 [2024-10-11 03:01:14,003 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:14,004 INFO L471 AbstractCegarLoop]: Abstraction has 561 states and 759 transitions. [2024-10-11 03:01:14,004 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-11 03:01:14,004 INFO L276 IsEmpty]: Start isEmpty. Operand 561 states and 759 transitions. [2024-10-11 03:01:14,009 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2024-10-11 03:01:14,009 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:14,009 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:14,009 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2024-10-11 03:01:14,010 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:14,010 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:14,010 INFO L85 PathProgramCache]: Analyzing trace with hash 1632286155, now seen corresponding path program 1 times [2024-10-11 03:01:14,010 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:14,010 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [415914479] [2024-10-11 03:01:14,010 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:14,010 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:14,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,097 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2024-10-11 03:01:14,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,105 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2024-10-11 03:01:14,106 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,112 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2024-10-11 03:01:14,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,129 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2024-10-11 03:01:14,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,132 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-11 03:01:14,132 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:14,133 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [415914479] [2024-10-11 03:01:14,133 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [415914479] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:14,133 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:14,133 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2024-10-11 03:01:14,133 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [800223300] [2024-10-11 03:01:14,133 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:14,133 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2024-10-11 03:01:14,134 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:14,134 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2024-10-11 03:01:14,134 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2024-10-11 03:01:14,134 INFO L87 Difference]: Start difference. First operand 561 states and 759 transitions. Second operand has 8 states, 8 states have (on average 4.0) internal successors, (32), 6 states have internal predecessors, (32), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2024-10-11 03:01:14,468 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:14,469 INFO L93 Difference]: Finished difference Result 1194 states and 1642 transitions. [2024-10-11 03:01:14,469 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2024-10-11 03:01:14,469 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 4.0) internal successors, (32), 6 states have internal predecessors, (32), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 42 [2024-10-11 03:01:14,469 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:14,472 INFO L225 Difference]: With dead ends: 1194 [2024-10-11 03:01:14,472 INFO L226 Difference]: Without dead ends: 635 [2024-10-11 03:01:14,474 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 10 SyntacticMatches, 1 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=99, Invalid=207, Unknown=0, NotChecked=0, Total=306 [2024-10-11 03:01:14,474 INFO L432 NwaCegarLoop]: 72 mSDtfsCounter, 273 mSDsluCounter, 177 mSDsCounter, 0 mSdLazyCounter, 315 mSolverCounterSat, 97 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 278 SdHoareTripleChecker+Valid, 249 SdHoareTripleChecker+Invalid, 412 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 97 IncrementalHoareTripleChecker+Valid, 315 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:14,474 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [278 Valid, 249 Invalid, 412 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [97 Valid, 315 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2024-10-11 03:01:14,475 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 635 states. [2024-10-11 03:01:14,509 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 635 to 633. [2024-10-11 03:01:14,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 633 states, 452 states have (on average 1.3008849557522124) internal successors, (588), 489 states have internal predecessors, (588), 100 states have call successors, (100), 71 states have call predecessors, (100), 80 states have return successors, (172), 96 states have call predecessors, (172), 100 states have call successors, (172) [2024-10-11 03:01:14,512 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 633 states to 633 states and 860 transitions. [2024-10-11 03:01:14,514 INFO L78 Accepts]: Start accepts. Automaton has 633 states and 860 transitions. Word has length 42 [2024-10-11 03:01:14,515 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:14,515 INFO L471 AbstractCegarLoop]: Abstraction has 633 states and 860 transitions. [2024-10-11 03:01:14,515 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 4.0) internal successors, (32), 6 states have internal predecessors, (32), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2024-10-11 03:01:14,515 INFO L276 IsEmpty]: Start isEmpty. Operand 633 states and 860 transitions. [2024-10-11 03:01:14,516 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 67 [2024-10-11 03:01:14,516 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:14,517 INFO L215 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:14,517 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2024-10-11 03:01:14,517 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:14,517 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:14,517 INFO L85 PathProgramCache]: Analyzing trace with hash -1091612530, now seen corresponding path program 1 times [2024-10-11 03:01:14,517 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:14,517 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [669989561] [2024-10-11 03:01:14,517 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:14,517 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:14,530 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,564 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2024-10-11 03:01:14,565 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,573 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2024-10-11 03:01:14,577 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,594 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2024-10-11 03:01:14,595 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,607 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2024-10-11 03:01:14,609 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,611 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2024-10-11 03:01:14,612 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,613 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2024-10-11 03:01:14,613 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,614 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 15 proven. 0 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2024-10-11 03:01:14,614 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:14,614 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [669989561] [2024-10-11 03:01:14,614 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [669989561] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-11 03:01:14,614 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-11 03:01:14,614 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2024-10-11 03:01:14,614 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [463531739] [2024-10-11 03:01:14,614 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-11 03:01:14,615 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2024-10-11 03:01:14,615 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:14,615 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2024-10-11 03:01:14,615 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2024-10-11 03:01:14,616 INFO L87 Difference]: Start difference. First operand 633 states and 860 transitions. Second operand has 7 states, 6 states have (on average 8.5) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2024-10-11 03:01:14,879 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:14,880 INFO L93 Difference]: Finished difference Result 741 states and 998 transitions. [2024-10-11 03:01:14,880 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2024-10-11 03:01:14,880 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 6 states have (on average 8.5) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) Word has length 66 [2024-10-11 03:01:14,881 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:14,883 INFO L225 Difference]: With dead ends: 741 [2024-10-11 03:01:14,883 INFO L226 Difference]: Without dead ends: 308 [2024-10-11 03:01:14,884 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2024-10-11 03:01:14,884 INFO L432 NwaCegarLoop]: 77 mSDtfsCounter, 204 mSDsluCounter, 165 mSDsCounter, 0 mSdLazyCounter, 271 mSolverCounterSat, 54 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 213 SdHoareTripleChecker+Valid, 242 SdHoareTripleChecker+Invalid, 325 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 54 IncrementalHoareTripleChecker+Valid, 271 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:14,886 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [213 Valid, 242 Invalid, 325 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [54 Valid, 271 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2024-10-11 03:01:14,886 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 308 states. [2024-10-11 03:01:14,910 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 308 to 306. [2024-10-11 03:01:14,910 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 306 states, 219 states have (on average 1.2557077625570776) internal successors, (275), 235 states have internal predecessors, (275), 47 states have call successors, (47), 35 states have call predecessors, (47), 39 states have return successors, (82), 46 states have call predecessors, (82), 47 states have call successors, (82) [2024-10-11 03:01:14,911 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 306 states to 306 states and 404 transitions. [2024-10-11 03:01:14,912 INFO L78 Accepts]: Start accepts. Automaton has 306 states and 404 transitions. Word has length 66 [2024-10-11 03:01:14,912 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:14,913 INFO L471 AbstractCegarLoop]: Abstraction has 306 states and 404 transitions. [2024-10-11 03:01:14,913 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 6 states have (on average 8.5) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2024-10-11 03:01:14,913 INFO L276 IsEmpty]: Start isEmpty. Operand 306 states and 404 transitions. [2024-10-11 03:01:14,914 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 75 [2024-10-11 03:01:14,915 INFO L207 NwaCegarLoop]: Found error trace [2024-10-11 03:01:14,915 INFO L215 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:14,915 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2024-10-11 03:01:14,915 INFO L396 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-11 03:01:14,915 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-11 03:01:14,916 INFO L85 PathProgramCache]: Analyzing trace with hash 1366570793, now seen corresponding path program 1 times [2024-10-11 03:01:14,916 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-11 03:01:14,916 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1635617214] [2024-10-11 03:01:14,916 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:14,916 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-11 03:01:14,928 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:14,999 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2024-10-11 03:01:15,001 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,014 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2024-10-11 03:01:15,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,034 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2024-10-11 03:01:15,035 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,041 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2024-10-11 03:01:15,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,046 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2024-10-11 03:01:15,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,056 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 56 [2024-10-11 03:01:15,057 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,058 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2024-10-11 03:01:15,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,059 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 67 [2024-10-11 03:01:15,059 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,060 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 6 proven. 15 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2024-10-11 03:01:15,060 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-11 03:01:15,060 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1635617214] [2024-10-11 03:01:15,061 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1635617214] provided 0 perfect and 1 imperfect interpolant sequences [2024-10-11 03:01:15,061 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [350628909] [2024-10-11 03:01:15,061 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-11 03:01:15,061 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-10-11 03:01:15,061 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 [2024-10-11 03:01:15,063 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-10-11 03:01:15,064 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2024-10-11 03:01:15,132 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-11 03:01:15,135 INFO L255 TraceCheckSpWp]: Trace formula consists of 273 conjuncts, 7 conjuncts are in the unsatisfiable core [2024-10-11 03:01:15,141 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-10-11 03:01:15,273 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 20 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2024-10-11 03:01:15,274 INFO L311 TraceCheckSpWp]: Computing backward predicates... [2024-10-11 03:01:15,406 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 15 proven. 6 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2024-10-11 03:01:15,406 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [350628909] provided 0 perfect and 2 imperfect interpolant sequences [2024-10-11 03:01:15,406 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2024-10-11 03:01:15,406 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2024-10-11 03:01:15,406 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [131472997] [2024-10-11 03:01:15,406 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2024-10-11 03:01:15,407 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2024-10-11 03:01:15,407 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-11 03:01:15,407 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2024-10-11 03:01:15,408 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2024-10-11 03:01:15,408 INFO L87 Difference]: Start difference. First operand 306 states and 404 transitions. Second operand has 15 states, 12 states have (on average 7.916666666666667) internal successors, (95), 10 states have internal predecessors, (95), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2024-10-11 03:01:16,109 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-11 03:01:16,110 INFO L93 Difference]: Finished difference Result 688 states and 925 transitions. [2024-10-11 03:01:16,110 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 27 states. [2024-10-11 03:01:16,110 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 12 states have (on average 7.916666666666667) internal successors, (95), 10 states have internal predecessors, (95), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) Word has length 74 [2024-10-11 03:01:16,110 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-11 03:01:16,111 INFO L225 Difference]: With dead ends: 688 [2024-10-11 03:01:16,111 INFO L226 Difference]: Without dead ends: 0 [2024-10-11 03:01:16,113 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 207 GetRequests, 166 SyntacticMatches, 4 SemanticMatches, 37 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 339 ImplicationChecksByTransitivity, 0.4s TimeCoverageRelationStatistics Valid=345, Invalid=1137, Unknown=0, NotChecked=0, Total=1482 [2024-10-11 03:01:16,115 INFO L432 NwaCegarLoop]: 106 mSDtfsCounter, 309 mSDsluCounter, 468 mSDsCounter, 0 mSdLazyCounter, 733 mSolverCounterSat, 141 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 312 SdHoareTripleChecker+Valid, 574 SdHoareTripleChecker+Invalid, 874 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 141 IncrementalHoareTripleChecker+Valid, 733 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2024-10-11 03:01:16,116 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [312 Valid, 574 Invalid, 874 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [141 Valid, 733 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2024-10-11 03:01:16,116 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2024-10-11 03:01:16,117 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2024-10-11 03:01:16,117 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2024-10-11 03:01:16,117 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2024-10-11 03:01:16,118 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 74 [2024-10-11 03:01:16,118 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-11 03:01:16,118 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2024-10-11 03:01:16,118 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 12 states have (on average 7.916666666666667) internal successors, (95), 10 states have internal predecessors, (95), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2024-10-11 03:01:16,118 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2024-10-11 03:01:16,119 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2024-10-11 03:01:16,121 INFO L782 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2024-10-11 03:01:16,137 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2024-10-11 03:01:16,325 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2024-10-11 03:01:16,328 INFO L407 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-11 03:01:16,329 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2024-10-11 03:01:18,947 INFO L165 ceAbstractionStarter]: Computing trace abstraction results [2024-10-11 03:01:18,961 WARN L155 FloydHoareUtils]: Requires clause for deactivatePump contained old-variable. Original clause: (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (or (and (= 2 ~waterLevel~0) (not (= 0 ~systemActive~0))) (and (= 1 ~systemActive~0) (<= ~waterLevel~0 2)))) Eliminated clause: (or (and (= 2 ~waterLevel~0) (not (= 0 ~systemActive~0))) (and (= 1 ~systemActive~0) (<= ~waterLevel~0 2))) [2024-10-11 03:01:18,972 WARN L155 FloydHoareUtils]: Requires clause for timeShift contained old-variable. Original clause: (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (let ((.cse0 (= |old(~pumpRunning~0)| 0)) (.cse1 (<= |old(~waterLevel~0)| 2)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (<= 1 |old(~pumpRunning~0)|))) (or (and .cse0 (= 0 ~systemActive~0) .cse1) (and .cse2 (<= 1 |old(~switchedOnBeforeTS~0)|) .cse1 .cse3) (and .cse2 .cse0 .cse1) (and .cse2 .cse3 (= |old(~waterLevel~0)| 2))))) Eliminated clause: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and .cse0 (= 2 ~waterLevel~0) .cse1) (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse3 .cse1 .cse2) (and .cse3 .cse2 (= 0 ~systemActive~0)))) [2024-10-11 03:01:18,980 WARN L155 FloydHoareUtils]: Requires clause for processEnvironment__wrappee__highWaterSensor contained old-variable. Original clause: (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (<= ~waterLevel~0 2))) (or (and .cse0 (= |old(~pumpRunning~0)| 0) .cse1) (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) (<= 1 |old(~pumpRunning~0)|))))) Eliminated clause: (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (<= ~waterLevel~0 2))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse0 .cse1))) [2024-10-11 03:01:18,985 WARN L155 FloydHoareUtils]: Requires clause for waterRise contained old-variable. Original clause: (and (= |old(~waterLevel~0)| ~waterLevel~0) (let ((.cse3 (= ~pumpRunning~0 0)) (.cse2 (<= |old(~waterLevel~0)| 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2) (and .cse3 .cse1 .cse2) (and .cse3 (= 0 ~systemActive~0) .cse2) (and .cse0 .cse1 (= |old(~waterLevel~0)| 2))))) Eliminated clause: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and .cse0 (= 2 ~waterLevel~0) .cse1) (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse3 .cse1 .cse2) (and .cse3 .cse2 (= 0 ~systemActive~0)))) [2024-10-11 03:01:18,996 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 11.10 03:01:18 BoogieIcfgContainer [2024-10-11 03:01:18,996 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2024-10-11 03:01:18,997 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2024-10-11 03:01:18,997 INFO L270 PluginConnector]: Initializing Witness Printer... [2024-10-11 03:01:18,997 INFO L274 PluginConnector]: Witness Printer initialized [2024-10-11 03:01:18,997 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 11.10 03:01:11" (3/4) ... [2024-10-11 03:01:18,999 INFO L139 WitnessPrinter]: Generating witness for correct program [2024-10-11 03:01:19,001 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2024-10-11 03:01:19,001 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2024-10-11 03:01:19,001 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2024-10-11 03:01:19,002 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2024-10-11 03:01:19,002 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2024-10-11 03:01:19,002 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2024-10-11 03:01:19,002 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2024-10-11 03:01:19,002 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2024-10-11 03:01:19,006 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 35 nodes and edges [2024-10-11 03:01:19,007 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 10 nodes and edges [2024-10-11 03:01:19,007 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2024-10-11 03:01:19,007 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-10-11 03:01:19,007 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-10-11 03:01:19,109 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/witness.graphml [2024-10-11 03:01:19,110 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/witness.yml [2024-10-11 03:01:19,110 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2024-10-11 03:01:19,110 INFO L158 Benchmark]: Toolchain (without parser) took 8169.26ms. Allocated memory was 159.4MB in the beginning and 192.9MB in the end (delta: 33.6MB). Free memory was 117.6MB in the beginning and 159.5MB in the end (delta: -41.9MB). Peak memory consumption was 104.4MB. Max. memory is 16.1GB. [2024-10-11 03:01:19,111 INFO L158 Benchmark]: CDTParser took 0.12ms. Allocated memory is still 100.7MB. Free memory is still 70.6MB. There was no memory consumed. Max. memory is 16.1GB. [2024-10-11 03:01:19,111 INFO L158 Benchmark]: CACSL2BoogieTranslator took 379.26ms. Allocated memory is still 159.4MB. Free memory was 117.6MB in the beginning and 96.3MB in the end (delta: 21.3MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. [2024-10-11 03:01:19,111 INFO L158 Benchmark]: Boogie Procedure Inliner took 48.57ms. Allocated memory is still 159.4MB. Free memory was 96.3MB in the beginning and 94.0MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2024-10-11 03:01:19,111 INFO L158 Benchmark]: Boogie Preprocessor took 52.07ms. Allocated memory is still 159.4MB. Free memory was 94.0MB in the beginning and 91.9MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2024-10-11 03:01:19,112 INFO L158 Benchmark]: RCFGBuilder took 472.39ms. Allocated memory is still 159.4MB. Free memory was 91.6MB in the beginning and 108.8MB in the end (delta: -17.2MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2024-10-11 03:01:19,112 INFO L158 Benchmark]: TraceAbstraction took 7096.47ms. Allocated memory was 159.4MB in the beginning and 192.9MB in the end (delta: 33.6MB). Free memory was 108.0MB in the beginning and 53.7MB in the end (delta: 54.3MB). Peak memory consumption was 99.2MB. Max. memory is 16.1GB. [2024-10-11 03:01:19,112 INFO L158 Benchmark]: Witness Printer took 113.26ms. Allocated memory is still 192.9MB. Free memory was 53.7MB in the beginning and 159.5MB in the end (delta: -105.8MB). Peak memory consumption was 8.5MB. Max. memory is 16.1GB. [2024-10-11 03:01:19,113 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.12ms. Allocated memory is still 100.7MB. Free memory is still 70.6MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 379.26ms. Allocated memory is still 159.4MB. Free memory was 117.6MB in the beginning and 96.3MB in the end (delta: 21.3MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 48.57ms. Allocated memory is still 159.4MB. Free memory was 96.3MB in the beginning and 94.0MB in the end (delta: 2.3MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 52.07ms. Allocated memory is still 159.4MB. Free memory was 94.0MB in the beginning and 91.9MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 472.39ms. Allocated memory is still 159.4MB. Free memory was 91.6MB in the beginning and 108.8MB in the end (delta: -17.2MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * TraceAbstraction took 7096.47ms. Allocated memory was 159.4MB in the beginning and 192.9MB in the end (delta: 33.6MB). Free memory was 108.0MB in the beginning and 53.7MB in the end (delta: 54.3MB). Peak memory consumption was 99.2MB. Max. memory is 16.1GB. * Witness Printer took 113.26ms. Allocated memory is still 192.9MB. Free memory was 53.7MB in the beginning and 159.5MB in the end (delta: -105.8MB). Peak memory consumption was 8.5MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [49] - GenericResultAtLocation [Line: 58]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [58] - GenericResultAtLocation [Line: 96]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [96] - GenericResultAtLocation [Line: 304]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [304] - GenericResultAtLocation [Line: 405]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [405] - GenericResultAtLocation [Line: 472]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [472] - GenericResultAtLocation [Line: 522]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [522] - GenericResultAtLocation [Line: 888]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [888] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 75 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 4.4s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.4s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1338 SdHoareTripleChecker+Valid, 1.6s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1297 mSDsluCounter, 2514 SdHoareTripleChecker+Invalid, 1.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 1692 mSDsCounter, 410 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 2018 IncrementalHoareTripleChecker+Invalid, 2428 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 410 mSolverCounterUnsat, 822 mSDtfsCounter, 2018 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 339 GetRequests, 241 SyntacticMatches, 5 SemanticMatches, 93 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 421 ImplicationChecksByTransitivity, 0.6s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=633occurred in iteration=8, InterpolantAutomatonStates: 88, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.3s AutomataMinimizationTime, 10 MinimizatonAttempts, 26 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 1.1s InterpolantComputationTime, 470 NumberOfCodeBlocks, 470 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 532 ConstructedInterpolants, 0 QuantifiedInterpolants, 1036 SizeOfPredicates, 2 NumberOfNonLiveVariables, 273 ConjunctsInSsa, 7 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 90/118 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 416]: Loop Invariant Derived loop invariant: ((((((((pumpRunning == 0) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (0 == systemActive)) || ((((pumpRunning == 0) && (2 == waterLevel)) && (1 == systemActive)) && (splverifierCounter == 0))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) && (splverifierCounter == 0))) || (((((1 <= pumpRunning) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || ((((pumpRunning == 0) && (waterLevel <= 1)) && (1 == systemActive)) && (splverifierCounter == 0))) - InvariantResult [Line: 415]: Location Invariant Derived location invariant: 0 - InvariantResult [Line: 316]: Loop Invariant Derived loop invariant: 0 - ProcedureContractResult [Line: 206]: Procedure Contract for deactivatePump Derived contract for procedure deactivatePump. Requires: (((2 == waterLevel) && (0 != systemActive)) || ((1 == systemActive) && (waterLevel <= 2))) Ensures: ((pumpRunning == 0) && (((2 == waterLevel) && (0 != systemActive)) || ((1 == systemActive) && (waterLevel <= 2)))) - ProcedureContractResult [Line: 139]: Procedure Contract for processEnvironment__wrappee__base Derived contract for procedure processEnvironment__wrappee__base. Requires: (((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) Ensures: (((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) - ProcedureContractResult [Line: 915]: Procedure Contract for changeMethaneLevel Derived contract for procedure changeMethaneLevel. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) - ProcedureContractResult [Line: 306]: Procedure Contract for cleanup Derived contract for procedure cleanup. Requires: 0 Ensures: 0 - ProcedureContractResult [Line: 112]: Procedure Contract for timeShift Derived contract for procedure timeShift. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: ((((((1 < \old(waterLevel)) || (waterLevel < 2)) && (((((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (\old(pumpRunning) < 1)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) && ((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || (((pumpRunning == 0) && (waterLevel <= 1)) && (\old(waterLevel) == waterLevel))) || (\old(pumpRunning) != 0)) || (((pumpRunning == 0) && (2 == waterLevel)) && (\old(waterLevel) == 2)))) && ((pumpRunning == 0) || (0 != systemActive))) && (((((1 == systemActive) && (\old(pumpRunning) == 0)) || ((\old(pumpRunning) == 0) && (0 == systemActive))) || ((((1 == systemActive) && (1 <= \old(switchedOnBeforeTS))) && (\old(waterLevel) <= 2)) && (1 <= \old(pumpRunning)))) || (((1 == systemActive) && (1 <= \old(pumpRunning))) && (\old(waterLevel) == 2)))) - ProcedureContractResult [Line: 147]: Procedure Contract for processEnvironment__wrappee__highWaterSensor Derived contract for procedure processEnvironment__wrappee__highWaterSensor. Requires: (((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) Ensures: ((((pumpRunning == \old(pumpRunning)) || (\old(pumpRunning) < 1)) && (((1 == systemActive) && (\old(pumpRunning) == 0)) || ((((1 == systemActive) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (1 <= \old(pumpRunning))))) && ((((\old(pumpRunning) != 0) || ((1 <= pumpRunning) && (2 == waterLevel))) || ((pumpRunning == 0) && (2 == waterLevel))) || ((pumpRunning == 0) && (waterLevel <= 1)))) - ProcedureContractResult [Line: 903]: Procedure Contract for waterRise Derived contract for procedure waterRise. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: ((((2 == waterLevel) || (\old(waterLevel) != 2)) && (waterLevel <= 2)) && (((((((1 <= pumpRunning) && (1 == systemActive)) && (1 <= switchedOnBeforeTS)) && (\old(waterLevel) <= 2)) || (((pumpRunning == 0) && (1 == systemActive)) && (\old(waterLevel) <= 2))) || (((pumpRunning == 0) && (0 == systemActive)) && (\old(waterLevel) <= 2))) || (((1 <= pumpRunning) && (1 == systemActive)) && (\old(waterLevel) == 2)))) - ProcedureContractResult [Line: 225]: Procedure Contract for isPumpRunning Derived contract for procedure isPumpRunning. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: (((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) && (pumpRunning == \result)) RESULT: Ultimate proved your program to be correct! [2024-10-11 03:01:19,149 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate-clean/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE