./Ultimate.py --spec /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/properties/unreach-call.prp --file /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product51.cil.c --full-output --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 61a67961 Calling Ultimate with: /root/.sdkman/candidates/java/current/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product51.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1ef39c14b0f41147d1df64069011556a64ce74ff520b071f62407c2225292c50 --- Real Ultimate output --- This is Ultimate 0.2.5-wip.fs.cvc5-61a6796-m [2024-10-14 03:10:56,361 INFO L188 SettingsManager]: Resetting all preferences to default values... [2024-10-14 03:10:56,417 INFO L114 SettingsManager]: Loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2024-10-14 03:10:56,422 WARN L101 SettingsManager]: Preference file contains the following unknown settings: [2024-10-14 03:10:56,422 WARN L103 SettingsManager]: * de.uni_freiburg.informatik.ultimate.core.Log level for class [2024-10-14 03:10:56,458 INFO L130 SettingsManager]: Preferences different from defaults after loading the file: [2024-10-14 03:10:56,459 INFO L151 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2024-10-14 03:10:56,459 INFO L153 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2024-10-14 03:10:56,459 INFO L151 SettingsManager]: Preferences of Boogie Preprocessor differ from their defaults: [2024-10-14 03:10:56,472 INFO L153 SettingsManager]: * Use memory slicer=true [2024-10-14 03:10:56,473 INFO L151 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2024-10-14 03:10:56,473 INFO L153 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2024-10-14 03:10:56,474 INFO L151 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2024-10-14 03:10:56,474 INFO L153 SettingsManager]: * Create parallel compositions if possible=false [2024-10-14 03:10:56,474 INFO L153 SettingsManager]: * Use SBE=true [2024-10-14 03:10:56,474 INFO L151 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2024-10-14 03:10:56,474 INFO L153 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2024-10-14 03:10:56,475 INFO L153 SettingsManager]: * sizeof long=4 [2024-10-14 03:10:56,475 INFO L153 SettingsManager]: * Overapproximate operations on floating types=true [2024-10-14 03:10:56,475 INFO L153 SettingsManager]: * sizeof POINTER=4 [2024-10-14 03:10:56,475 INFO L153 SettingsManager]: * Check division by zero=IGNORE [2024-10-14 03:10:56,477 INFO L153 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2024-10-14 03:10:56,477 INFO L153 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2024-10-14 03:10:56,477 INFO L153 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2024-10-14 03:10:56,477 INFO L153 SettingsManager]: * Allow undefined functions=false [2024-10-14 03:10:56,477 INFO L153 SettingsManager]: * sizeof long double=12 [2024-10-14 03:10:56,477 INFO L153 SettingsManager]: * Check if freed pointer was valid=false [2024-10-14 03:10:56,477 INFO L153 SettingsManager]: * Use constant arrays=true [2024-10-14 03:10:56,478 INFO L151 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2024-10-14 03:10:56,478 INFO L153 SettingsManager]: * Size of a code block=SequenceOfStatements [2024-10-14 03:10:56,478 INFO L153 SettingsManager]: * Only consider context switches at boundaries of atomic blocks=true [2024-10-14 03:10:56,478 INFO L153 SettingsManager]: * SMT solver=External_DefaultMode [2024-10-14 03:10:56,479 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-10-14 03:10:56,479 INFO L151 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2024-10-14 03:10:56,479 INFO L153 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2024-10-14 03:10:56,480 INFO L153 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopHeads [2024-10-14 03:10:56,480 INFO L153 SettingsManager]: * Trace refinement strategy=CAMEL [2024-10-14 03:10:56,480 INFO L153 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2024-10-14 03:10:56,480 INFO L153 SettingsManager]: * Apply one-shot large block encoding in concurrent analysis=false [2024-10-14 03:10:56,480 INFO L153 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2024-10-14 03:10:56,480 INFO L153 SettingsManager]: * Order on configurations for Petri net unfoldings=DBO [2024-10-14 03:10:56,481 INFO L153 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2024-10-14 03:10:56,481 INFO L153 SettingsManager]: * Looper check in Petri net analysis=SEMANTIC WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1ef39c14b0f41147d1df64069011556a64ce74ff520b071f62407c2225292c50 [2024-10-14 03:10:56,679 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2024-10-14 03:10:56,698 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2024-10-14 03:10:56,700 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2024-10-14 03:10:56,701 INFO L270 PluginConnector]: Initializing CDTParser... [2024-10-14 03:10:56,701 INFO L274 PluginConnector]: CDTParser initialized [2024-10-14 03:10:56,702 INFO L431 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product51.cil.c [2024-10-14 03:10:57,901 INFO L533 CDTParser]: Created temporary CDT project at NULL [2024-10-14 03:10:58,096 INFO L384 CDTParser]: Found 1 translation units. [2024-10-14 03:10:58,097 INFO L180 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product51.cil.c [2024-10-14 03:10:58,109 INFO L427 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b48171c98/3544ca99ce6d4751b22fb2d83b3df444/FLAG81d2443af [2024-10-14 03:10:58,463 INFO L435 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/b48171c98/3544ca99ce6d4751b22fb2d83b3df444 [2024-10-14 03:10:58,465 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2024-10-14 03:10:58,466 INFO L133 ToolchainWalker]: Walking toolchain with 6 elements. [2024-10-14 03:10:58,467 INFO L112 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2024-10-14 03:10:58,467 INFO L270 PluginConnector]: Initializing CACSL2BoogieTranslator... [2024-10-14 03:10:58,471 INFO L274 PluginConnector]: CACSL2BoogieTranslator initialized [2024-10-14 03:10:58,471 INFO L184 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,472 INFO L204 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4cc92952 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58, skipping insertion in model container [2024-10-14 03:10:58,472 INFO L184 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,512 INFO L175 MainTranslator]: Built tables and reachable declarations [2024-10-14 03:10:58,750 WARN L248 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product51.cil.c[18485,18498] [2024-10-14 03:10:58,759 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-10-14 03:10:58,772 INFO L200 MainTranslator]: Completed pre-run [2024-10-14 03:10:58,779 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [49] [2024-10-14 03:10:58,781 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [277] [2024-10-14 03:10:58,781 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [381] [2024-10-14 03:10:58,781 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [448] [2024-10-14 03:10:58,781 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [483] [2024-10-14 03:10:58,782 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [849] [2024-10-14 03:10:58,782 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [953] [2024-10-14 03:10:58,782 WARN L75 lationResultReporter]: Unsoundness Warning: Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [962] [2024-10-14 03:10:58,840 WARN L248 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec5_product51.cil.c[18485,18498] [2024-10-14 03:10:58,845 INFO L210 PostProcessor]: Analyzing one entry point: main [2024-10-14 03:10:58,862 INFO L204 MainTranslator]: Completed translation [2024-10-14 03:10:58,863 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58 WrapperNode [2024-10-14 03:10:58,863 INFO L131 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2024-10-14 03:10:58,864 INFO L112 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2024-10-14 03:10:58,864 INFO L270 PluginConnector]: Initializing Boogie Procedure Inliner... [2024-10-14 03:10:58,864 INFO L274 PluginConnector]: Boogie Procedure Inliner initialized [2024-10-14 03:10:58,869 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,881 INFO L184 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,903 INFO L138 Inliner]: procedures = 58, calls = 103, calls flagged for inlining = 25, calls inlined = 21, statements flattened = 212 [2024-10-14 03:10:58,904 INFO L131 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2024-10-14 03:10:58,904 INFO L112 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2024-10-14 03:10:58,904 INFO L270 PluginConnector]: Initializing Boogie Preprocessor... [2024-10-14 03:10:58,904 INFO L274 PluginConnector]: Boogie Preprocessor initialized [2024-10-14 03:10:58,913 INFO L184 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,913 INFO L184 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,915 INFO L184 PluginConnector]: Executing the observer MemorySlicer from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,927 INFO L175 MemorySlicer]: Split 2 memory accesses to 1 slices as follows [2]. 100 percent of accesses are in the largest equivalence class. The 2 initializations are split as follows [2]. The 0 writes are split as follows [0]. [2024-10-14 03:10:58,927 INFO L184 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,927 INFO L184 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,931 INFO L184 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,933 INFO L184 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,934 INFO L184 PluginConnector]: Executing the observer LTLStepAnnotator from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,935 INFO L184 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,937 INFO L131 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2024-10-14 03:10:58,941 INFO L112 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2024-10-14 03:10:58,941 INFO L270 PluginConnector]: Initializing RCFGBuilder... [2024-10-14 03:10:58,941 INFO L274 PluginConnector]: RCFGBuilder initialized [2024-10-14 03:10:58,943 INFO L184 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (1/1) ... [2024-10-14 03:10:58,947 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 [2024-10-14 03:10:58,955 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-10-14 03:10:58,967 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (exit command is (exit), workingDir is null) [2024-10-14 03:10:58,969 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Waiting until timeout for monitored process [2024-10-14 03:10:59,003 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2024-10-14 03:10:59,003 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2024-10-14 03:10:59,003 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2024-10-14 03:10:59,003 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2024-10-14 03:10:59,003 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2024-10-14 03:10:59,003 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2024-10-14 03:10:59,004 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2024-10-14 03:10:59,004 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2024-10-14 03:10:59,004 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2024-10-14 03:10:59,004 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2024-10-14 03:10:59,004 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2024-10-14 03:10:59,004 INFO L130 BoogieDeclarations]: Found specification of procedure isPumpRunning [2024-10-14 03:10:59,004 INFO L138 BoogieDeclarations]: Found implementation of procedure isPumpRunning [2024-10-14 03:10:59,004 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2024-10-14 03:10:59,004 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2024-10-14 03:10:59,004 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int#0 [2024-10-14 03:10:59,004 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2024-10-14 03:10:59,004 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2024-10-14 03:10:59,004 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2024-10-14 03:10:59,005 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2024-10-14 03:10:59,067 INFO L238 CfgBuilder]: Building ICFG [2024-10-14 03:10:59,068 INFO L264 CfgBuilder]: Building CFG for each procedure with an implementation [2024-10-14 03:10:59,270 INFO L? ?]: Removed 45 outVars from TransFormulas that were not future-live. [2024-10-14 03:10:59,271 INFO L287 CfgBuilder]: Performing block encoding [2024-10-14 03:10:59,324 INFO L309 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2024-10-14 03:10:59,324 INFO L314 CfgBuilder]: Removed 2 assume(true) statements. [2024-10-14 03:10:59,325 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 14.10 03:10:59 BoogieIcfgContainer [2024-10-14 03:10:59,325 INFO L131 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2024-10-14 03:10:59,326 INFO L112 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2024-10-14 03:10:59,327 INFO L270 PluginConnector]: Initializing TraceAbstraction... [2024-10-14 03:10:59,330 INFO L274 PluginConnector]: TraceAbstraction initialized [2024-10-14 03:10:59,330 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 14.10 03:10:58" (1/3) ... [2024-10-14 03:10:59,330 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e301cf3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 14.10 03:10:59, skipping insertion in model container [2024-10-14 03:10:59,330 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 14.10 03:10:58" (2/3) ... [2024-10-14 03:10:59,331 INFO L204 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@2e301cf3 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 14.10 03:10:59, skipping insertion in model container [2024-10-14 03:10:59,331 INFO L184 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 14.10 03:10:59" (3/3) ... [2024-10-14 03:10:59,331 INFO L112 eAbstractionObserver]: Analyzing ICFG minepump_spec5_product51.cil.c [2024-10-14 03:10:59,343 INFO L209 ceAbstractionStarter]: Automizer settings: Hoare:LoopHeads NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2024-10-14 03:10:59,343 INFO L149 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2024-10-14 03:10:59,384 INFO L332 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2024-10-14 03:10:59,389 INFO L333 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopHeads, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mPorIndependenceSettings=[Lde.uni_freiburg.informatik.ultimate.lib.tracecheckerutils.partialorder.independence.IndependenceSettings;@5febf660, mLbeIndependenceSettings=[IndependenceType=SEMANTIC, AbstractionType=NONE, UseConditional=false, UseSemiCommutativity=true, Solver=Z3, SolverTimeout=1000ms] [2024-10-14 03:10:59,389 INFO L334 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2024-10-14 03:10:59,392 INFO L276 IsEmpty]: Start isEmpty. Operand has 77 states, 53 states have (on average 1.528301886792453) internal successors, (81), 62 states have internal predecessors, (81), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2024-10-14 03:10:59,398 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 23 [2024-10-14 03:10:59,398 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:10:59,399 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:10:59,399 INFO L396 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:10:59,403 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:10:59,403 INFO L85 PathProgramCache]: Analyzing trace with hash 81616940, now seen corresponding path program 1 times [2024-10-14 03:10:59,409 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:10:59,409 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1288122053] [2024-10-14 03:10:59,410 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:10:59,410 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:10:59,495 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,550 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 7 [2024-10-14 03:10:59,552 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,560 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2024-10-14 03:10:59,563 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,566 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-14 03:10:59,566 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:10:59,567 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1288122053] [2024-10-14 03:10:59,567 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1288122053] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:10:59,567 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:10:59,567 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2024-10-14 03:10:59,569 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1905110005] [2024-10-14 03:10:59,569 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:10:59,591 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2024-10-14 03:10:59,591 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:10:59,625 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2024-10-14 03:10:59,626 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2024-10-14 03:10:59,629 INFO L87 Difference]: Start difference. First operand has 77 states, 53 states have (on average 1.528301886792453) internal successors, (81), 62 states have internal predecessors, (81), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 7.5) internal successors, (15), 2 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-14 03:10:59,688 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:10:59,688 INFO L93 Difference]: Finished difference Result 152 states and 219 transitions. [2024-10-14 03:10:59,691 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2024-10-14 03:10:59,692 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 7.5) internal successors, (15), 2 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 22 [2024-10-14 03:10:59,692 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:10:59,698 INFO L225 Difference]: With dead ends: 152 [2024-10-14 03:10:59,698 INFO L226 Difference]: Without dead ends: 72 [2024-10-14 03:10:59,700 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2024-10-14 03:10:59,702 INFO L432 NwaCegarLoop]: 88 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 16 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 88 SdHoareTripleChecker+Invalid, 16 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 16 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-10-14 03:10:59,703 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [0 Valid, 88 Invalid, 16 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 16 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-10-14 03:10:59,715 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 72 states. [2024-10-14 03:10:59,735 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 72 to 72. [2024-10-14 03:10:59,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 72 states, 50 states have (on average 1.42) internal successors, (71), 58 states have internal predecessors, (71), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2024-10-14 03:10:59,738 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 72 states to 72 states and 98 transitions. [2024-10-14 03:10:59,740 INFO L78 Accepts]: Start accepts. Automaton has 72 states and 98 transitions. Word has length 22 [2024-10-14 03:10:59,741 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:10:59,742 INFO L471 AbstractCegarLoop]: Abstraction has 72 states and 98 transitions. [2024-10-14 03:10:59,742 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 7.5) internal successors, (15), 2 states have internal predecessors, (15), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-14 03:10:59,742 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 98 transitions. [2024-10-14 03:10:59,743 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2024-10-14 03:10:59,744 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:10:59,745 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:10:59,745 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2024-10-14 03:10:59,745 INFO L396 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:10:59,746 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:10:59,746 INFO L85 PathProgramCache]: Analyzing trace with hash 464519658, now seen corresponding path program 1 times [2024-10-14 03:10:59,746 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:10:59,746 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2069762284] [2024-10-14 03:10:59,747 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:10:59,747 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:10:59,767 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,828 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2024-10-14 03:10:59,829 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,831 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2024-10-14 03:10:59,833 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,834 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-14 03:10:59,834 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:10:59,835 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2069762284] [2024-10-14 03:10:59,835 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2069762284] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:10:59,835 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:10:59,835 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-10-14 03:10:59,835 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1689199317] [2024-10-14 03:10:59,835 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:10:59,836 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-10-14 03:10:59,837 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:10:59,838 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-10-14 03:10:59,839 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-14 03:10:59,839 INFO L87 Difference]: Start difference. First operand 72 states and 98 transitions. Second operand has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-14 03:10:59,872 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:10:59,873 INFO L93 Difference]: Finished difference Result 114 states and 154 transitions. [2024-10-14 03:10:59,874 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-10-14 03:10:59,875 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 23 [2024-10-14 03:10:59,875 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:10:59,876 INFO L225 Difference]: With dead ends: 114 [2024-10-14 03:10:59,876 INFO L226 Difference]: Without dead ends: 64 [2024-10-14 03:10:59,876 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-14 03:10:59,877 INFO L432 NwaCegarLoop]: 74 mSDtfsCounter, 14 mSDsluCounter, 57 mSDsCounter, 0 mSdLazyCounter, 23 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 18 SdHoareTripleChecker+Valid, 131 SdHoareTripleChecker+Invalid, 23 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 23 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-10-14 03:10:59,877 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [18 Valid, 131 Invalid, 23 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 23 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-10-14 03:10:59,878 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2024-10-14 03:10:59,886 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 64. [2024-10-14 03:10:59,886 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 64 states, 45 states have (on average 1.4444444444444444) internal successors, (65), 53 states have internal predecessors, (65), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2024-10-14 03:10:59,887 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 87 transitions. [2024-10-14 03:10:59,887 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 87 transitions. Word has length 23 [2024-10-14 03:10:59,887 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:10:59,887 INFO L471 AbstractCegarLoop]: Abstraction has 64 states and 87 transitions. [2024-10-14 03:10:59,888 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 5.333333333333333) internal successors, (16), 3 states have internal predecessors, (16), 1 states have call successors, (4), 2 states have call predecessors, (4), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-14 03:10:59,888 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 87 transitions. [2024-10-14 03:10:59,888 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2024-10-14 03:10:59,888 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:10:59,888 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:10:59,889 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2024-10-14 03:10:59,889 INFO L396 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:10:59,889 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:10:59,890 INFO L85 PathProgramCache]: Analyzing trace with hash 1412987531, now seen corresponding path program 1 times [2024-10-14 03:10:59,890 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:10:59,891 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1635775610] [2024-10-14 03:10:59,891 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:10:59,891 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:10:59,913 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,983 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-14 03:10:59,985 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,990 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2024-10-14 03:10:59,991 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:10:59,993 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-14 03:10:59,993 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:10:59,994 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1635775610] [2024-10-14 03:10:59,994 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1635775610] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:10:59,994 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:10:59,994 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2024-10-14 03:10:59,995 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [42300838] [2024-10-14 03:10:59,995 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:10:59,995 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2024-10-14 03:10:59,995 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:10:59,996 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2024-10-14 03:10:59,996 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-14 03:10:59,997 INFO L87 Difference]: Start difference. First operand 64 states and 87 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2024-10-14 03:11:00,061 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:00,061 INFO L93 Difference]: Finished difference Result 188 states and 258 transitions. [2024-10-14 03:11:00,061 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2024-10-14 03:11:00,061 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 26 [2024-10-14 03:11:00,062 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:00,063 INFO L225 Difference]: With dead ends: 188 [2024-10-14 03:11:00,063 INFO L226 Difference]: Without dead ends: 126 [2024-10-14 03:11:00,064 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 6 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2024-10-14 03:11:00,064 INFO L432 NwaCegarLoop]: 85 mSDtfsCounter, 71 mSDsluCounter, 72 mSDsCounter, 0 mSdLazyCounter, 29 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 71 SdHoareTripleChecker+Valid, 157 SdHoareTripleChecker+Invalid, 29 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 29 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:00,065 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [71 Valid, 157 Invalid, 29 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 29 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2024-10-14 03:11:00,065 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 126 states. [2024-10-14 03:11:00,083 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 126 to 123. [2024-10-14 03:11:00,084 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 123 states, 86 states have (on average 1.4534883720930232) internal successors, (125), 101 states have internal predecessors, (125), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2024-10-14 03:11:00,085 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 123 states to 123 states and 169 transitions. [2024-10-14 03:11:00,088 INFO L78 Accepts]: Start accepts. Automaton has 123 states and 169 transitions. Word has length 26 [2024-10-14 03:11:00,088 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:00,088 INFO L471 AbstractCegarLoop]: Abstraction has 123 states and 169 transitions. [2024-10-14 03:11:00,088 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2024-10-14 03:11:00,088 INFO L276 IsEmpty]: Start isEmpty. Operand 123 states and 169 transitions. [2024-10-14 03:11:00,089 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2024-10-14 03:11:00,090 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:11:00,090 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:00,090 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2024-10-14 03:11:00,091 INFO L396 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:11:00,091 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:11:00,091 INFO L85 PathProgramCache]: Analyzing trace with hash 411865522, now seen corresponding path program 1 times [2024-10-14 03:11:00,091 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:11:00,091 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1905329023] [2024-10-14 03:11:00,091 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:00,091 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:11:00,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,173 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2024-10-14 03:11:00,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,177 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2024-10-14 03:11:00,179 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,196 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 1 proven. 0 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2024-10-14 03:11:00,196 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:11:00,197 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1905329023] [2024-10-14 03:11:00,197 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1905329023] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:11:00,197 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:11:00,197 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2024-10-14 03:11:00,197 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [194676017] [2024-10-14 03:11:00,197 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:11:00,197 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2024-10-14 03:11:00,197 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:11:00,198 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2024-10-14 03:11:00,198 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-10-14 03:11:00,198 INFO L87 Difference]: Start difference. First operand 123 states and 169 transitions. Second operand has 6 states, 5 states have (on average 4.8) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-14 03:11:00,360 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:00,360 INFO L93 Difference]: Finished difference Result 324 states and 453 transitions. [2024-10-14 03:11:00,361 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-10-14 03:11:00,361 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 5 states have (on average 4.8) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 29 [2024-10-14 03:11:00,361 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:00,363 INFO L225 Difference]: With dead ends: 324 [2024-10-14 03:11:00,364 INFO L226 Difference]: Without dead ends: 203 [2024-10-14 03:11:00,365 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 5 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2024-10-14 03:11:00,366 INFO L432 NwaCegarLoop]: 75 mSDtfsCounter, 44 mSDsluCounter, 252 mSDsCounter, 0 mSdLazyCounter, 113 mSolverCounterSat, 9 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 327 SdHoareTripleChecker+Invalid, 122 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 9 IncrementalHoareTripleChecker+Valid, 113 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:00,366 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [45 Valid, 327 Invalid, 122 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [9 Valid, 113 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-10-14 03:11:00,367 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 203 states. [2024-10-14 03:11:00,385 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 203 to 202. [2024-10-14 03:11:00,386 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 202 states, 143 states have (on average 1.3776223776223777) internal successors, (197), 158 states have internal predecessors, (197), 32 states have call successors, (32), 26 states have call predecessors, (32), 26 states have return successors, (40), 29 states have call predecessors, (40), 32 states have call successors, (40) [2024-10-14 03:11:00,387 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 202 states to 202 states and 269 transitions. [2024-10-14 03:11:00,388 INFO L78 Accepts]: Start accepts. Automaton has 202 states and 269 transitions. Word has length 29 [2024-10-14 03:11:00,389 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:00,389 INFO L471 AbstractCegarLoop]: Abstraction has 202 states and 269 transitions. [2024-10-14 03:11:00,389 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 5 states have (on average 4.8) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2024-10-14 03:11:00,390 INFO L276 IsEmpty]: Start isEmpty. Operand 202 states and 269 transitions. [2024-10-14 03:11:00,391 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2024-10-14 03:11:00,393 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:11:00,393 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:00,393 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2024-10-14 03:11:00,393 INFO L396 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:11:00,394 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:11:00,394 INFO L85 PathProgramCache]: Analyzing trace with hash 1169056170, now seen corresponding path program 1 times [2024-10-14 03:11:00,394 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:11:00,394 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1093588189] [2024-10-14 03:11:00,394 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:00,394 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:11:00,407 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,452 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-14 03:11:00,454 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,458 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2024-10-14 03:11:00,460 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,476 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2024-10-14 03:11:00,477 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,478 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-14 03:11:00,479 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:11:00,479 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1093588189] [2024-10-14 03:11:00,479 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1093588189] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:11:00,479 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:11:00,479 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-10-14 03:11:00,479 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1617859800] [2024-10-14 03:11:00,479 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:11:00,480 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-10-14 03:11:00,480 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:11:00,480 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-10-14 03:11:00,480 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-10-14 03:11:00,481 INFO L87 Difference]: Start difference. First operand 202 states and 269 transitions. Second operand has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-14 03:11:00,633 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:00,633 INFO L93 Difference]: Finished difference Result 446 states and 601 transitions. [2024-10-14 03:11:00,634 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2024-10-14 03:11:00,634 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 38 [2024-10-14 03:11:00,634 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:00,636 INFO L225 Difference]: With dead ends: 446 [2024-10-14 03:11:00,636 INFO L226 Difference]: Without dead ends: 246 [2024-10-14 03:11:00,637 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2024-10-14 03:11:00,640 INFO L432 NwaCegarLoop]: 65 mSDtfsCounter, 48 mSDsluCounter, 143 mSDsCounter, 0 mSdLazyCounter, 121 mSolverCounterSat, 13 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 52 SdHoareTripleChecker+Valid, 208 SdHoareTripleChecker+Invalid, 134 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 13 IncrementalHoareTripleChecker+Valid, 121 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:00,643 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [52 Valid, 208 Invalid, 134 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [13 Valid, 121 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-10-14 03:11:00,644 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 246 states. [2024-10-14 03:11:00,671 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 246 to 244. [2024-10-14 03:11:00,672 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 244 states, 175 states have (on average 1.3542857142857143) internal successors, (237), 190 states have internal predecessors, (237), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2024-10-14 03:11:00,673 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 244 states to 244 states and 323 transitions. [2024-10-14 03:11:00,674 INFO L78 Accepts]: Start accepts. Automaton has 244 states and 323 transitions. Word has length 38 [2024-10-14 03:11:00,674 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:00,674 INFO L471 AbstractCegarLoop]: Abstraction has 244 states and 323 transitions. [2024-10-14 03:11:00,674 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-14 03:11:00,675 INFO L276 IsEmpty]: Start isEmpty. Operand 244 states and 323 transitions. [2024-10-14 03:11:00,676 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2024-10-14 03:11:00,676 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:11:00,676 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:00,676 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2024-10-14 03:11:00,677 INFO L396 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:11:00,678 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:11:00,678 INFO L85 PathProgramCache]: Analyzing trace with hash -110807508, now seen corresponding path program 1 times [2024-10-14 03:11:00,678 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:11:00,678 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1998382269] [2024-10-14 03:11:00,678 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:00,678 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:11:00,689 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,737 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-14 03:11:00,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,745 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2024-10-14 03:11:00,748 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,770 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2024-10-14 03:11:00,772 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:00,774 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-14 03:11:00,774 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:11:00,774 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1998382269] [2024-10-14 03:11:00,775 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1998382269] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:11:00,775 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:11:00,775 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2024-10-14 03:11:00,775 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1997067109] [2024-10-14 03:11:00,775 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:11:00,776 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2024-10-14 03:11:00,776 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:11:00,776 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2024-10-14 03:11:00,776 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2024-10-14 03:11:00,777 INFO L87 Difference]: Start difference. First operand 244 states and 323 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2024-10-14 03:11:00,998 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:00,999 INFO L93 Difference]: Finished difference Result 498 states and 671 transitions. [2024-10-14 03:11:00,999 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2024-10-14 03:11:00,999 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 38 [2024-10-14 03:11:01,000 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:01,001 INFO L225 Difference]: With dead ends: 498 [2024-10-14 03:11:01,001 INFO L226 Difference]: Without dead ends: 256 [2024-10-14 03:11:01,002 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 8 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=35, Invalid=75, Unknown=0, NotChecked=0, Total=110 [2024-10-14 03:11:01,003 INFO L432 NwaCegarLoop]: 71 mSDtfsCounter, 151 mSDsluCounter, 215 mSDsCounter, 0 mSdLazyCounter, 185 mSolverCounterSat, 37 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 158 SdHoareTripleChecker+Valid, 286 SdHoareTripleChecker+Invalid, 222 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 37 IncrementalHoareTripleChecker+Valid, 185 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:01,003 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [158 Valid, 286 Invalid, 222 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [37 Valid, 185 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2024-10-14 03:11:01,004 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 256 states. [2024-10-14 03:11:01,016 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 256 to 248. [2024-10-14 03:11:01,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 248 states, 179 states have (on average 1.3463687150837989) internal successors, (241), 194 states have internal predecessors, (241), 36 states have call successors, (36), 26 states have call predecessors, (36), 32 states have return successors, (50), 37 states have call predecessors, (50), 36 states have call successors, (50) [2024-10-14 03:11:01,017 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 248 states to 248 states and 327 transitions. [2024-10-14 03:11:01,018 INFO L78 Accepts]: Start accepts. Automaton has 248 states and 327 transitions. Word has length 38 [2024-10-14 03:11:01,018 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:01,018 INFO L471 AbstractCegarLoop]: Abstraction has 248 states and 327 transitions. [2024-10-14 03:11:01,022 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2024-10-14 03:11:01,022 INFO L276 IsEmpty]: Start isEmpty. Operand 248 states and 327 transitions. [2024-10-14 03:11:01,023 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2024-10-14 03:11:01,023 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:11:01,023 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:01,023 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2024-10-14 03:11:01,023 INFO L396 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:11:01,024 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:11:01,024 INFO L85 PathProgramCache]: Analyzing trace with hash -1699155410, now seen corresponding path program 1 times [2024-10-14 03:11:01,024 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:11:01,024 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [195484613] [2024-10-14 03:11:01,024 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:01,024 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:11:01,030 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,057 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2024-10-14 03:11:01,058 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,062 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2024-10-14 03:11:01,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,073 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2024-10-14 03:11:01,074 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,075 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-14 03:11:01,075 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:11:01,075 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [195484613] [2024-10-14 03:11:01,075 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [195484613] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:11:01,075 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:11:01,076 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2024-10-14 03:11:01,076 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1668759793] [2024-10-14 03:11:01,076 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:11:01,076 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2024-10-14 03:11:01,076 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:11:01,077 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2024-10-14 03:11:01,077 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2024-10-14 03:11:01,077 INFO L87 Difference]: Start difference. First operand 248 states and 327 transitions. Second operand has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-14 03:11:01,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:01,261 INFO L93 Difference]: Finished difference Result 732 states and 999 transitions. [2024-10-14 03:11:01,261 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2024-10-14 03:11:01,262 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 38 [2024-10-14 03:11:01,262 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:01,267 INFO L225 Difference]: With dead ends: 732 [2024-10-14 03:11:01,267 INFO L226 Difference]: Without dead ends: 486 [2024-10-14 03:11:01,268 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 10 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2024-10-14 03:11:01,269 INFO L432 NwaCegarLoop]: 98 mSDtfsCounter, 193 mSDsluCounter, 124 mSDsCounter, 0 mSdLazyCounter, 169 mSolverCounterSat, 61 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 200 SdHoareTripleChecker+Valid, 222 SdHoareTripleChecker+Invalid, 230 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 61 IncrementalHoareTripleChecker+Valid, 169 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:01,271 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [200 Valid, 222 Invalid, 230 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [61 Valid, 169 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2024-10-14 03:11:01,272 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 486 states. [2024-10-14 03:11:01,305 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 486 to 480. [2024-10-14 03:11:01,306 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 480 states, 345 states have (on average 1.2927536231884058) internal successors, (446), 369 states have internal predecessors, (446), 73 states have call successors, (73), 59 states have call predecessors, (73), 61 states have return successors, (111), 72 states have call predecessors, (111), 73 states have call successors, (111) [2024-10-14 03:11:01,308 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 480 states to 480 states and 630 transitions. [2024-10-14 03:11:01,309 INFO L78 Accepts]: Start accepts. Automaton has 480 states and 630 transitions. Word has length 38 [2024-10-14 03:11:01,309 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:01,309 INFO L471 AbstractCegarLoop]: Abstraction has 480 states and 630 transitions. [2024-10-14 03:11:01,309 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.0) internal successors, (30), 4 states have internal predecessors, (30), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2024-10-14 03:11:01,309 INFO L276 IsEmpty]: Start isEmpty. Operand 480 states and 630 transitions. [2024-10-14 03:11:01,310 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2024-10-14 03:11:01,310 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:11:01,310 INFO L215 NwaCegarLoop]: trace histogram [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:01,311 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2024-10-14 03:11:01,311 INFO L396 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:11:01,311 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:11:01,311 INFO L85 PathProgramCache]: Analyzing trace with hash -773742700, now seen corresponding path program 1 times [2024-10-14 03:11:01,311 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:11:01,311 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [771573556] [2024-10-14 03:11:01,311 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:01,312 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:11:01,323 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,405 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2024-10-14 03:11:01,406 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,410 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2024-10-14 03:11:01,411 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,417 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 22 [2024-10-14 03:11:01,419 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,435 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2024-10-14 03:11:01,436 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:01,437 INFO L134 CoverageAnalysis]: Checked inductivity of 2 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2024-10-14 03:11:01,437 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:11:01,437 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [771573556] [2024-10-14 03:11:01,437 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [771573556] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:11:01,438 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:11:01,438 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [9] imperfect sequences [] total 9 [2024-10-14 03:11:01,438 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [584052213] [2024-10-14 03:11:01,438 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:11:01,438 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 9 states [2024-10-14 03:11:01,438 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:11:01,439 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 9 interpolants. [2024-10-14 03:11:01,439 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=54, Unknown=0, NotChecked=0, Total=72 [2024-10-14 03:11:01,440 INFO L87 Difference]: Start difference. First operand 480 states and 630 transitions. Second operand has 9 states, 9 states have (on average 3.5555555555555554) internal successors, (32), 7 states have internal predecessors, (32), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2024-10-14 03:11:01,897 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:01,897 INFO L93 Difference]: Finished difference Result 1279 states and 1780 transitions. [2024-10-14 03:11:01,898 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 18 states. [2024-10-14 03:11:01,898 INFO L78 Accepts]: Start accepts. Automaton has has 9 states, 9 states have (on average 3.5555555555555554) internal successors, (32), 7 states have internal predecessors, (32), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) Word has length 42 [2024-10-14 03:11:01,898 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:01,902 INFO L225 Difference]: With dead ends: 1279 [2024-10-14 03:11:01,903 INFO L226 Difference]: Without dead ends: 891 [2024-10-14 03:11:01,905 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 31 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 20 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 86 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=125, Invalid=337, Unknown=0, NotChecked=0, Total=462 [2024-10-14 03:11:01,906 INFO L432 NwaCegarLoop]: 80 mSDtfsCounter, 499 mSDsluCounter, 237 mSDsCounter, 0 mSdLazyCounter, 395 mSolverCounterSat, 190 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 507 SdHoareTripleChecker+Valid, 317 SdHoareTripleChecker+Invalid, 585 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 190 IncrementalHoareTripleChecker+Valid, 395 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:01,906 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [507 Valid, 317 Invalid, 585 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [190 Valid, 395 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2024-10-14 03:11:01,907 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 891 states. [2024-10-14 03:11:01,957 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 891 to 822. [2024-10-14 03:11:01,959 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 822 states, 590 states have (on average 1.2915254237288136) internal successors, (762), 638 states have internal predecessors, (762), 124 states have call successors, (124), 94 states have call predecessors, (124), 107 states have return successors, (194), 121 states have call predecessors, (194), 124 states have call successors, (194) [2024-10-14 03:11:01,963 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 822 states to 822 states and 1080 transitions. [2024-10-14 03:11:01,964 INFO L78 Accepts]: Start accepts. Automaton has 822 states and 1080 transitions. Word has length 42 [2024-10-14 03:11:01,964 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:01,964 INFO L471 AbstractCegarLoop]: Abstraction has 822 states and 1080 transitions. [2024-10-14 03:11:01,964 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 9 states, 9 states have (on average 3.5555555555555554) internal successors, (32), 7 states have internal predecessors, (32), 3 states have call successors, (5), 4 states have call predecessors, (5), 3 states have return successors, (4), 3 states have call predecessors, (4), 3 states have call successors, (4) [2024-10-14 03:11:01,964 INFO L276 IsEmpty]: Start isEmpty. Operand 822 states and 1080 transitions. [2024-10-14 03:11:01,965 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 67 [2024-10-14 03:11:01,966 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:11:01,966 INFO L215 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:01,966 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2024-10-14 03:11:01,966 INFO L396 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:11:01,967 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:11:01,967 INFO L85 PathProgramCache]: Analyzing trace with hash 1290092586, now seen corresponding path program 1 times [2024-10-14 03:11:01,967 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:11:01,967 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [569046711] [2024-10-14 03:11:01,967 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:01,967 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:11:01,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,004 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2024-10-14 03:11:02,005 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,014 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2024-10-14 03:11:02,017 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,025 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2024-10-14 03:11:02,026 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,031 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2024-10-14 03:11:02,033 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,035 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2024-10-14 03:11:02,046 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,047 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 59 [2024-10-14 03:11:02,047 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,048 INFO L134 CoverageAnalysis]: Checked inductivity of 21 backedges. 15 proven. 0 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2024-10-14 03:11:02,049 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:11:02,049 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [569046711] [2024-10-14 03:11:02,050 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [569046711] provided 1 perfect and 0 imperfect interpolant sequences [2024-10-14 03:11:02,050 INFO L185 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2024-10-14 03:11:02,050 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2024-10-14 03:11:02,050 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [894047635] [2024-10-14 03:11:02,050 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2024-10-14 03:11:02,050 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2024-10-14 03:11:02,050 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:11:02,051 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2024-10-14 03:11:02,051 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=13, Invalid=29, Unknown=0, NotChecked=0, Total=42 [2024-10-14 03:11:02,051 INFO L87 Difference]: Start difference. First operand 822 states and 1080 transitions. Second operand has 7 states, 6 states have (on average 8.5) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2024-10-14 03:11:02,312 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:02,313 INFO L93 Difference]: Finished difference Result 1015 states and 1325 transitions. [2024-10-14 03:11:02,313 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2024-10-14 03:11:02,313 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 6 states have (on average 8.5) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) Word has length 66 [2024-10-14 03:11:02,313 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:02,315 INFO L225 Difference]: With dead ends: 1015 [2024-10-14 03:11:02,316 INFO L226 Difference]: Without dead ends: 407 [2024-10-14 03:11:02,317 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 17 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 24 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=55, Invalid=127, Unknown=0, NotChecked=0, Total=182 [2024-10-14 03:11:02,319 INFO L432 NwaCegarLoop]: 84 mSDtfsCounter, 261 mSDsluCounter, 148 mSDsCounter, 0 mSdLazyCounter, 246 mSolverCounterSat, 92 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 270 SdHoareTripleChecker+Valid, 232 SdHoareTripleChecker+Invalid, 338 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 92 IncrementalHoareTripleChecker+Valid, 246 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:02,319 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [270 Valid, 232 Invalid, 338 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [92 Valid, 246 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2024-10-14 03:11:02,320 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 407 states. [2024-10-14 03:11:02,342 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 407 to 367. [2024-10-14 03:11:02,343 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 367 states, 264 states have (on average 1.2386363636363635) internal successors, (327), 284 states have internal predecessors, (327), 54 states have call successors, (54), 41 states have call predecessors, (54), 48 states have return successors, (86), 53 states have call predecessors, (86), 54 states have call successors, (86) [2024-10-14 03:11:02,344 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 367 states to 367 states and 467 transitions. [2024-10-14 03:11:02,345 INFO L78 Accepts]: Start accepts. Automaton has 367 states and 467 transitions. Word has length 66 [2024-10-14 03:11:02,345 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:02,345 INFO L471 AbstractCegarLoop]: Abstraction has 367 states and 467 transitions. [2024-10-14 03:11:02,345 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 6 states have (on average 8.5) internal successors, (51), 4 states have internal predecessors, (51), 4 states have call successors, (7), 5 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2024-10-14 03:11:02,345 INFO L276 IsEmpty]: Start isEmpty. Operand 367 states and 467 transitions. [2024-10-14 03:11:02,347 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 77 [2024-10-14 03:11:02,347 INFO L207 NwaCegarLoop]: Found error trace [2024-10-14 03:11:02,347 INFO L215 NwaCegarLoop]: trace histogram [3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:02,347 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2024-10-14 03:11:02,347 INFO L396 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2024-10-14 03:11:02,348 INFO L157 PredicateUnifier]: Initialized classic predicate unifier [2024-10-14 03:11:02,348 INFO L85 PathProgramCache]: Analyzing trace with hash 1417958015, now seen corresponding path program 1 times [2024-10-14 03:11:02,348 INFO L118 FreeRefinementEngine]: Executing refinement strategy CAMEL [2024-10-14 03:11:02,348 INFO L334 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2022001380] [2024-10-14 03:11:02,348 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:02,348 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2024-10-14 03:11:02,362 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,424 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2024-10-14 03:11:02,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,434 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2024-10-14 03:11:02,437 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,448 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 1 [2024-10-14 03:11:02,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,455 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2024-10-14 03:11:02,457 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,461 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 46 [2024-10-14 03:11:02,462 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,470 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 58 [2024-10-14 03:11:02,471 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,472 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2024-10-14 03:11:02,473 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,473 INFO L368 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 69 [2024-10-14 03:11:02,474 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,475 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 6 proven. 15 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2024-10-14 03:11:02,475 INFO L136 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2024-10-14 03:11:02,475 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2022001380] [2024-10-14 03:11:02,475 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2022001380] provided 0 perfect and 1 imperfect interpolant sequences [2024-10-14 03:11:02,475 INFO L334 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [220534988] [2024-10-14 03:11:02,475 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2024-10-14 03:11:02,475 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2024-10-14 03:11:02,476 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2024-10-14 03:11:02,477 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2024-10-14 03:11:02,479 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2024-10-14 03:11:02,543 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2024-10-14 03:11:02,545 INFO L255 TraceCheckSpWp]: Trace formula consists of 278 conjuncts, 7 conjuncts are in the unsatisfiable core [2024-10-14 03:11:02,552 INFO L278 TraceCheckSpWp]: Computing forward predicates... [2024-10-14 03:11:02,657 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 20 proven. 7 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2024-10-14 03:11:02,657 INFO L311 TraceCheckSpWp]: Computing backward predicates... [2024-10-14 03:11:02,820 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 15 proven. 6 refuted. 0 times theorem prover too weak. 6 trivial. 0 not checked. [2024-10-14 03:11:02,821 INFO L158 FreeRefinementEngine]: IpTcStrategyModuleZ3 [220534988] provided 0 perfect and 2 imperfect interpolant sequences [2024-10-14 03:11:02,821 INFO L185 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2024-10-14 03:11:02,821 INFO L198 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [11, 6, 6] total 15 [2024-10-14 03:11:02,821 INFO L121 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [105174725] [2024-10-14 03:11:02,821 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2024-10-14 03:11:02,822 INFO L548 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2024-10-14 03:11:02,822 INFO L100 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2024-10-14 03:11:02,822 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2024-10-14 03:11:02,823 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=174, Unknown=0, NotChecked=0, Total=210 [2024-10-14 03:11:02,823 INFO L87 Difference]: Start difference. First operand 367 states and 467 transitions. Second operand has 15 states, 12 states have (on average 8.25) internal successors, (99), 10 states have internal predecessors, (99), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2024-10-14 03:11:03,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2024-10-14 03:11:03,539 INFO L93 Difference]: Finished difference Result 766 states and 995 transitions. [2024-10-14 03:11:03,539 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 27 states. [2024-10-14 03:11:03,540 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 12 states have (on average 8.25) internal successors, (99), 10 states have internal predecessors, (99), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) Word has length 76 [2024-10-14 03:11:03,540 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2024-10-14 03:11:03,541 INFO L225 Difference]: With dead ends: 766 [2024-10-14 03:11:03,541 INFO L226 Difference]: Without dead ends: 0 [2024-10-14 03:11:03,542 INFO L431 NwaCegarLoop]: 0 DeclaredPredicates, 211 GetRequests, 170 SyntacticMatches, 4 SemanticMatches, 37 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 338 ImplicationChecksByTransitivity, 0.3s TimeCoverageRelationStatistics Valid=345, Invalid=1137, Unknown=0, NotChecked=0, Total=1482 [2024-10-14 03:11:03,543 INFO L432 NwaCegarLoop]: 110 mSDtfsCounter, 287 mSDsluCounter, 601 mSDsCounter, 0 mSdLazyCounter, 848 mSolverCounterSat, 112 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 290 SdHoareTripleChecker+Valid, 711 SdHoareTripleChecker+Invalid, 960 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 112 IncrementalHoareTripleChecker+Valid, 848 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2024-10-14 03:11:03,543 INFO L433 NwaCegarLoop]: SdHoareTripleChecker [290 Valid, 711 Invalid, 960 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [112 Valid, 848 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2024-10-14 03:11:03,543 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2024-10-14 03:11:03,543 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2024-10-14 03:11:03,543 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2024-10-14 03:11:03,544 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2024-10-14 03:11:03,544 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 76 [2024-10-14 03:11:03,544 INFO L84 Accepts]: Finished accepts. word is rejected. [2024-10-14 03:11:03,544 INFO L471 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2024-10-14 03:11:03,544 INFO L472 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 12 states have (on average 8.25) internal successors, (99), 10 states have internal predecessors, (99), 6 states have call successors, (20), 7 states have call predecessors, (20), 6 states have return successors, (17), 8 states have call predecessors, (17), 6 states have call successors, (17) [2024-10-14 03:11:03,544 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2024-10-14 03:11:03,544 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2024-10-14 03:11:03,547 INFO L782 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2024-10-14 03:11:03,561 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2024-10-14 03:11:03,747 WARN L453 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2024-10-14 03:11:03,750 INFO L407 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2024-10-14 03:11:03,751 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2024-10-14 03:11:06,490 INFO L165 ceAbstractionStarter]: Computing trace abstraction results [2024-10-14 03:11:06,502 WARN L155 FloydHoareUtils]: Requires clause for deactivatePump contained old-variable. Original clause: (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (or (and (= 2 ~waterLevel~0) (not (= 0 ~systemActive~0))) (and (= 1 ~systemActive~0) (<= ~waterLevel~0 2)))) Eliminated clause: (or (and (= 2 ~waterLevel~0) (not (= 0 ~systemActive~0))) (and (= 1 ~systemActive~0) (<= ~waterLevel~0 2))) [2024-10-14 03:11:06,510 WARN L155 FloydHoareUtils]: Requires clause for timeShift contained old-variable. Original clause: (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= ~switchedOnBeforeTS~0 |old(~switchedOnBeforeTS~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (let ((.cse0 (= |old(~pumpRunning~0)| 0)) (.cse1 (<= |old(~waterLevel~0)| 2)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (<= 1 |old(~pumpRunning~0)|))) (or (and .cse0 (= 0 ~systemActive~0) .cse1) (and .cse2 (<= 1 |old(~switchedOnBeforeTS~0)|) .cse1 .cse3) (and .cse2 .cse0 .cse1) (and .cse2 .cse3 (= |old(~waterLevel~0)| 2))))) Eliminated clause: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and .cse0 (= 2 ~waterLevel~0) .cse1) (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse3 .cse1 .cse2) (and .cse3 .cse2 (= 0 ~systemActive~0)))) [2024-10-14 03:11:06,517 WARN L155 FloydHoareUtils]: Requires clause for processEnvironment__wrappee__highWaterSensor contained old-variable. Original clause: (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (<= ~waterLevel~0 2))) (or (and .cse0 (= |old(~pumpRunning~0)| 0) .cse1) (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) (<= 1 |old(~pumpRunning~0)|))))) Eliminated clause: (let ((.cse0 (= 1 ~systemActive~0)) (.cse1 (<= ~waterLevel~0 2))) (or (and (<= 1 ~pumpRunning~0) .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0)) (and (= ~pumpRunning~0 0) .cse0 .cse1))) [2024-10-14 03:11:06,521 WARN L155 FloydHoareUtils]: Requires clause for waterRise contained old-variable. Original clause: (and (= |old(~waterLevel~0)| ~waterLevel~0) (let ((.cse3 (= ~pumpRunning~0 0)) (.cse2 (<= |old(~waterLevel~0)| 2)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0))) (or (and .cse0 .cse1 (<= 1 ~switchedOnBeforeTS~0) .cse2) (and .cse3 .cse1 .cse2) (and .cse3 (= 0 ~systemActive~0) .cse2) (and .cse0 .cse1 (= |old(~waterLevel~0)| 2))))) Eliminated clause: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse1 (= 1 ~systemActive~0)) (.cse3 (= ~pumpRunning~0 0)) (.cse2 (<= ~waterLevel~0 2))) (or (and .cse0 (= 2 ~waterLevel~0) .cse1) (and .cse0 .cse1 .cse2 (<= 1 ~switchedOnBeforeTS~0)) (and .cse3 .cse1 .cse2) (and .cse3 .cse2 (= 0 ~systemActive~0)))) [2024-10-14 03:11:06,529 INFO L201 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 14.10 03:11:06 BoogieIcfgContainer [2024-10-14 03:11:06,530 INFO L131 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2024-10-14 03:11:06,530 INFO L112 PluginConnector]: ------------------------Witness Printer---------------------------- [2024-10-14 03:11:06,530 INFO L270 PluginConnector]: Initializing Witness Printer... [2024-10-14 03:11:06,530 INFO L274 PluginConnector]: Witness Printer initialized [2024-10-14 03:11:06,531 INFO L184 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 14.10 03:10:59" (3/4) ... [2024-10-14 03:11:06,533 INFO L139 WitnessPrinter]: Generating witness for correct program [2024-10-14 03:11:06,537 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2024-10-14 03:11:06,537 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2024-10-14 03:11:06,537 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2024-10-14 03:11:06,537 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2024-10-14 03:11:06,537 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2024-10-14 03:11:06,538 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2024-10-14 03:11:06,538 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2024-10-14 03:11:06,538 INFO L361 RCFGBacktranslator]: Ignoring RootEdge to procedure isPumpRunning [2024-10-14 03:11:06,546 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 35 nodes and edges [2024-10-14 03:11:06,546 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 10 nodes and edges [2024-10-14 03:11:06,546 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2024-10-14 03:11:06,547 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-10-14 03:11:06,547 INFO L904 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2024-10-14 03:11:06,639 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2024-10-14 03:11:06,639 INFO L149 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.yml [2024-10-14 03:11:06,639 INFO L131 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2024-10-14 03:11:06,640 INFO L158 Benchmark]: Toolchain (without parser) took 8174.04ms. Allocated memory was 182.5MB in the beginning and 264.2MB in the end (delta: 81.8MB). Free memory was 152.3MB in the beginning and 113.3MB in the end (delta: 38.9MB). Peak memory consumption was 121.6MB. Max. memory is 16.1GB. [2024-10-14 03:11:06,640 INFO L158 Benchmark]: CDTParser took 0.12ms. Allocated memory is still 125.8MB. Free memory was 90.5MB in the beginning and 90.4MB in the end (delta: 159.6kB). There was no memory consumed. Max. memory is 16.1GB. [2024-10-14 03:11:06,641 INFO L158 Benchmark]: CACSL2BoogieTranslator took 396.55ms. Allocated memory is still 182.5MB. Free memory was 152.1MB in the beginning and 134.8MB in the end (delta: 17.3MB). Peak memory consumption was 17.3MB. Max. memory is 16.1GB. [2024-10-14 03:11:06,641 INFO L158 Benchmark]: Boogie Procedure Inliner took 39.77ms. Allocated memory is still 182.5MB. Free memory was 134.8MB in the beginning and 131.9MB in the end (delta: 2.9MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2024-10-14 03:11:06,641 INFO L158 Benchmark]: Boogie Preprocessor took 32.70ms. Allocated memory is still 182.5MB. Free memory was 131.9MB in the beginning and 129.8MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2024-10-14 03:11:06,641 INFO L158 Benchmark]: RCFGBuilder took 383.84ms. Allocated memory is still 182.5MB. Free memory was 129.8MB in the beginning and 105.9MB in the end (delta: 23.9MB). Peak memory consumption was 23.1MB. Max. memory is 16.1GB. [2024-10-14 03:11:06,641 INFO L158 Benchmark]: TraceAbstraction took 7203.26ms. Allocated memory was 182.5MB in the beginning and 264.2MB in the end (delta: 81.8MB). Free memory was 104.6MB in the beginning and 121.7MB in the end (delta: -17.1MB). Peak memory consumption was 109.4MB. Max. memory is 16.1GB. [2024-10-14 03:11:06,642 INFO L158 Benchmark]: Witness Printer took 109.38ms. Allocated memory is still 264.2MB. Free memory was 120.7MB in the beginning and 113.3MB in the end (delta: 7.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2024-10-14 03:11:06,643 INFO L338 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.12ms. Allocated memory is still 125.8MB. Free memory was 90.5MB in the beginning and 90.4MB in the end (delta: 159.6kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 396.55ms. Allocated memory is still 182.5MB. Free memory was 152.1MB in the beginning and 134.8MB in the end (delta: 17.3MB). Peak memory consumption was 17.3MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 39.77ms. Allocated memory is still 182.5MB. Free memory was 134.8MB in the beginning and 131.9MB in the end (delta: 2.9MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 32.70ms. Allocated memory is still 182.5MB. Free memory was 131.9MB in the beginning and 129.8MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 383.84ms. Allocated memory is still 182.5MB. Free memory was 129.8MB in the beginning and 105.9MB in the end (delta: 23.9MB). Peak memory consumption was 23.1MB. Max. memory is 16.1GB. * TraceAbstraction took 7203.26ms. Allocated memory was 182.5MB in the beginning and 264.2MB in the end (delta: 81.8MB). Free memory was 104.6MB in the beginning and 121.7MB in the end (delta: -17.1MB). Peak memory consumption was 109.4MB. Max. memory is 16.1GB. * Witness Printer took 109.38ms. Allocated memory is still 264.2MB. Free memory was 120.7MB in the beginning and 113.3MB in the end (delta: 7.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: - GenericResultAtLocation [Line: 49]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"MinePump.i","") [49] - GenericResultAtLocation [Line: 277]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Test.i","") [277] - GenericResultAtLocation [Line: 381]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"scenario.i","") [381] - GenericResultAtLocation [Line: 448]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"featureselect.i","") [448] - GenericResultAtLocation [Line: 483]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"libacc.i","") [483] - GenericResultAtLocation [Line: 849]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Environment.i","") [849] - GenericResultAtLocation [Line: 953]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"wsllib_check.i","") [953] - GenericResultAtLocation [Line: 962]: Unsoundness Warning Ignoring preprocessor pragma C: #pragma merger(0,"Specification5_spec.i","") [962] * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 958]: a call to reach_error is unreachable For all program executions holds that a call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 77 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 4.4s, OverallIterations: 10, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.4s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.0s, InitialAbstractionConstructionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1611 SdHoareTripleChecker+Valid, 1.5s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1568 mSDsluCounter, 2679 SdHoareTripleChecker+Invalid, 1.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 1849 mSDsCounter, 514 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 2145 IncrementalHoareTripleChecker+Invalid, 2659 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 514 mSolverCounterUnsat, 830 mSDtfsCounter, 2145 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 348 GetRequests, 247 SyntacticMatches, 4 SemanticMatches, 97 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 461 ImplicationChecksByTransitivity, 0.6s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=822occurred in iteration=8, InterpolantAutomatonStates: 92, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 10 MinimizatonAttempts, 129 StatesRemovedByMinimization, 7 NontrivialMinimizations, HoareAnnotationStatistics: No data available, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 1.1s InterpolantComputationTime, 474 NumberOfCodeBlocks, 474 NumberOfCodeBlocksAsserted, 11 NumberOfCheckSat, 538 ConstructedInterpolants, 0 QuantifiedInterpolants, 1100 SizeOfPredicates, 2 NumberOfNonLiveVariables, 278 ConjunctsInSsa, 7 ConjunctsInUnsatCore, 12 InterpolantComputations, 9 PerfectInterpolantSequences, 90/118 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 392]: Loop Invariant Derived loop invariant: (((((((pumpRunning == 0) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (0 == systemActive)) || ((((pumpRunning == 0) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2))) || ((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) && (splverifierCounter == 0))) || (((((1 <= pumpRunning) && (1 == systemActive)) && (splverifierCounter == 0)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) - InvariantResult [Line: 289]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 391]: Location Invariant Derived location invariant: 0 - ProcedureContractResult [Line: 160]: Procedure Contract for deactivatePump Derived contract for procedure deactivatePump. Requires: (((2 == waterLevel) && (0 != systemActive)) || ((1 == systemActive) && (waterLevel <= 2))) Ensures: ((pumpRunning == 0) && (((2 == waterLevel) && (0 != systemActive)) || ((1 == systemActive) && (waterLevel <= 2)))) - ProcedureContractResult [Line: 93]: Procedure Contract for processEnvironment__wrappee__base Derived contract for procedure processEnvironment__wrappee__base. Requires: (((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) Ensures: (((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) - ProcedureContractResult [Line: 877]: Procedure Contract for changeMethaneLevel Derived contract for procedure changeMethaneLevel. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) - ProcedureContractResult [Line: 279]: Procedure Contract for cleanup Derived contract for procedure cleanup. Requires: 0 Ensures: 0 - ProcedureContractResult [Line: 66]: Procedure Contract for timeShift Derived contract for procedure timeShift. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: (((((((((1 <= pumpRunning) && (2 == waterLevel)) && (\old(waterLevel) == 2)) || (\old(pumpRunning) != 0)) || ((pumpRunning == 0) && (\old(waterLevel) == waterLevel))) && (((((pumpRunning == 0) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (\old(pumpRunning) < 1)) || (((pumpRunning == \old(pumpRunning)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)))) && ((pumpRunning == 0) || (0 != systemActive))) && (((\old(waterLevel) != 2) || (\old(pumpRunning) < 1)) || (waterLevel == 1))) && ((((((\old(pumpRunning) == 0) && (0 == systemActive)) && (\old(waterLevel) <= 2)) || ((((1 == systemActive) && (1 <= \old(switchedOnBeforeTS))) && (\old(waterLevel) <= 2)) && (1 <= \old(pumpRunning)))) || (((1 == systemActive) && (\old(pumpRunning) == 0)) && (\old(waterLevel) <= 2))) || (((1 == systemActive) && (1 <= \old(pumpRunning))) && (\old(waterLevel) == 2)))) - ProcedureContractResult [Line: 101]: Procedure Contract for processEnvironment__wrappee__highWaterSensor Derived contract for procedure processEnvironment__wrappee__highWaterSensor. Requires: (((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) Ensures: (((((\old(pumpRunning) != 0) || (pumpRunning == 0)) || ((1 <= pumpRunning) && (2 == waterLevel))) && ((pumpRunning == \old(pumpRunning)) || (\old(pumpRunning) < 1))) && ((((1 == systemActive) && (\old(pumpRunning) == 0)) && (waterLevel <= 2)) || ((((1 == systemActive) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS)) && (1 <= \old(pumpRunning))))) - ProcedureContractResult [Line: 865]: Procedure Contract for waterRise Derived contract for procedure waterRise. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: (((((2 == waterLevel) || (\old(waterLevel) != 2)) && ((2 == waterLevel) || (\old(waterLevel) != 1))) && (waterLevel <= 2)) && (((((((1 <= pumpRunning) && (1 == systemActive)) && (1 <= switchedOnBeforeTS)) && (\old(waterLevel) <= 2)) || (((pumpRunning == 0) && (1 == systemActive)) && (\old(waterLevel) <= 2))) || (((pumpRunning == 0) && (0 == systemActive)) && (\old(waterLevel) <= 2))) || (((1 <= pumpRunning) && (1 == systemActive)) && (\old(waterLevel) == 2)))) - ProcedureContractResult [Line: 179]: Procedure Contract for isPumpRunning Derived contract for procedure isPumpRunning. Requires: ((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) Ensures: (((((((1 <= pumpRunning) && (2 == waterLevel)) && (1 == systemActive)) || ((((1 <= pumpRunning) && (1 == systemActive)) && (waterLevel <= 2)) && (1 <= switchedOnBeforeTS))) || (((pumpRunning == 0) && (1 == systemActive)) && (waterLevel <= 2))) || (((pumpRunning == 0) && (waterLevel <= 2)) && (0 == systemActive))) && (pumpRunning == \result)) RESULT: Ultimate proved your program to be correct! [2024-10-14 03:11:06,663 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:4000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE