./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec1_product16.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_product16.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash f148fc9ce65faa66ebebdaf3c4bc47bc200a3ebfe7e123b8276da7aa11779ba7 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:05:56,270 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:05:56,272 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:05:56,312 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:05:56,313 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:05:56,315 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:05:56,319 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:05:56,322 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:05:56,324 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:05:56,328 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:05:56,329 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:05:56,330 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:05:56,331 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:05:56,335 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:05:56,336 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:05:56,339 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:05:56,340 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:05:56,341 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:05:56,343 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:05:56,348 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:05:56,349 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:05:56,350 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:05:56,353 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:05:56,353 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:05:56,359 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:05:56,360 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:05:56,360 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:05:56,362 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:05:56,362 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:05:56,363 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:05:56,363 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:05:56,364 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:05:56,365 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:05:56,366 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:05:56,367 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:05:56,367 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:05:56,368 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:05:56,368 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:05:56,368 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:05:56,369 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:05:56,369 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:05:56,372 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:05:56,399 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:05:56,399 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:05:56,400 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:05:56,400 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:05:56,401 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:05:56,401 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:05:56,401 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:05:56,402 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:05:56,402 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:05:56,402 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:05:56,403 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:05:56,403 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:05:56,403 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:05:56,403 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:05:56,403 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:05:56,404 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:05:56,404 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:05:56,404 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:05:56,404 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:05:56,404 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:05:56,404 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:05:56,405 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:05:56,405 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:05:56,405 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:05:56,405 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:56,405 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:05:56,405 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:05:56,407 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:05:56,407 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:05:56,407 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:05:56,407 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:05:56,407 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:05:56,408 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:05:56,408 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> f148fc9ce65faa66ebebdaf3c4bc47bc200a3ebfe7e123b8276da7aa11779ba7 [2022-02-20 18:05:56,660 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:05:56,679 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:05:56,683 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:05:56,684 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:05:56,684 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:05:56,685 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_product16.cil.c [2022-02-20 18:05:56,731 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/453fbcf82/f431391e5a10453d9376ce2ff655d240/FLAGf7122aec5 [2022-02-20 18:05:57,162 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:05:57,162 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product16.cil.c [2022-02-20 18:05:57,174 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/453fbcf82/f431391e5a10453d9376ce2ff655d240/FLAGf7122aec5 [2022-02-20 18:05:57,187 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/453fbcf82/f431391e5a10453d9376ce2ff655d240 [2022-02-20 18:05:57,189 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:05:57,191 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:05:57,193 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:57,193 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:05:57,195 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:05:57,197 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,197 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@450cc and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57, skipping insertion in model container [2022-02-20 18:05:57,198 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,202 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:05:57,240 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:05:57,426 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product16.cil.c[4901,4914] [2022-02-20 18:05:57,506 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:57,514 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:05:57,544 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product16.cil.c[4901,4914] [2022-02-20 18:05:57,598 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:05:57,617 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:05:57,618 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57 WrapperNode [2022-02-20 18:05:57,618 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:05:57,619 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:57,619 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:05:57,619 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:05:57,624 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,642 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,679 INFO L137 Inliner]: procedures = 53, calls = 153, calls flagged for inlining = 19, calls inlined = 15, statements flattened = 198 [2022-02-20 18:05:57,680 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:05:57,680 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:05:57,681 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:05:57,681 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:05:57,686 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,687 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,695 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,703 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,706 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,709 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,719 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,721 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:05:57,722 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:05:57,722 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:05:57,722 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:05:57,723 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (1/1) ... [2022-02-20 18:05:57,731 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:05:57,787 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:05:57,806 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:05:57,825 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:05:57,842 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:05:57,842 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:05:57,842 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:05:57,842 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:05:57,842 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:05:57,842 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:05:57,843 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:05:57,843 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:05:57,844 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:05:57,844 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__methaneQuery [2022-02-20 18:05:57,845 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__methaneQuery [2022-02-20 18:05:57,845 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneAlarm [2022-02-20 18:05:57,845 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneAlarm [2022-02-20 18:05:57,845 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:05:57,845 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:05:57,845 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:05:57,845 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:05:57,845 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:05:57,845 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:05:57,846 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:05:57,912 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:05:57,913 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:05:58,126 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:05:58,131 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:05:58,132 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:05:58,133 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:58 BoogieIcfgContainer [2022-02-20 18:05:58,133 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:05:58,134 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:05:58,134 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:05:58,136 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:05:58,136 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:05:57" (1/3) ... [2022-02-20 18:05:58,137 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@18492b5a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:58, skipping insertion in model container [2022-02-20 18:05:58,137 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:05:57" (2/3) ... [2022-02-20 18:05:58,137 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@18492b5a and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:05:58, skipping insertion in model container [2022-02-20 18:05:58,137 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:58" (3/3) ... [2022-02-20 18:05:58,138 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec1_product16.cil.c [2022-02-20 18:05:58,141 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:05:58,141 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:05:58,178 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:05:58,183 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:05:58,183 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:05:58,197 INFO L276 IsEmpty]: Start isEmpty. Operand has 84 states, 61 states have (on average 1.360655737704918) internal successors, (83), 68 states have internal predecessors, (83), 13 states have call successors, (13), 8 states have call predecessors, (13), 8 states have return successors, (13), 11 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:05:58,202 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2022-02-20 18:05:58,203 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:58,203 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:58,204 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:58,207 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:58,208 INFO L85 PathProgramCache]: Analyzing trace with hash 2062279413, now seen corresponding path program 1 times [2022-02-20 18:05:58,214 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:58,214 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1346991051] [2022-02-20 18:05:58,214 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:58,215 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:58,365 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:58,447 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:05:58,449 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:58,456 INFO L290 TraceCheckUtils]: 0: Hoare triple {87#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {87#true} is VALID [2022-02-20 18:05:58,457 INFO L290 TraceCheckUtils]: 1: Hoare triple {87#true} assume true; {87#true} is VALID [2022-02-20 18:05:58,457 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {87#true} {88#false} #208#return; {88#false} is VALID [2022-02-20 18:05:58,458 INFO L290 TraceCheckUtils]: 0: Hoare triple {87#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {87#true} is VALID [2022-02-20 18:05:58,458 INFO L290 TraceCheckUtils]: 1: Hoare triple {87#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~4#1, main_~tmp~1#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {87#true} is VALID [2022-02-20 18:05:58,459 INFO L290 TraceCheckUtils]: 2: Hoare triple {87#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {87#true} is VALID [2022-02-20 18:05:58,459 INFO L290 TraceCheckUtils]: 3: Hoare triple {87#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~3#1;havoc valid_product_~retValue_acc~3#1;valid_product_~retValue_acc~3#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~3#1; {87#true} is VALID [2022-02-20 18:05:58,459 INFO L290 TraceCheckUtils]: 4: Hoare triple {87#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {87#true} is VALID [2022-02-20 18:05:58,459 INFO L290 TraceCheckUtils]: 5: Hoare triple {87#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {87#true} is VALID [2022-02-20 18:05:58,460 INFO L290 TraceCheckUtils]: 6: Hoare triple {87#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {87#true} is VALID [2022-02-20 18:05:58,460 INFO L290 TraceCheckUtils]: 7: Hoare triple {87#true} assume false; {88#false} is VALID [2022-02-20 18:05:58,461 INFO L272 TraceCheckUtils]: 8: Hoare triple {88#false} call cleanup(); {88#false} is VALID [2022-02-20 18:05:58,461 INFO L290 TraceCheckUtils]: 9: Hoare triple {88#false} havoc ~i~0;havoc ~__cil_tmp2~0; {88#false} is VALID [2022-02-20 18:05:58,461 INFO L272 TraceCheckUtils]: 10: Hoare triple {88#false} call timeShift(); {88#false} is VALID [2022-02-20 18:05:58,461 INFO L290 TraceCheckUtils]: 11: Hoare triple {88#false} assume !(0 != ~pumpRunning~0); {88#false} is VALID [2022-02-20 18:05:58,462 INFO L290 TraceCheckUtils]: 12: Hoare triple {88#false} assume !(0 != ~systemActive~0); {88#false} is VALID [2022-02-20 18:05:58,462 INFO L290 TraceCheckUtils]: 13: Hoare triple {88#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret9#1, __utac_acc__Specification1_spec__1_#t~ret10#1, __utac_acc__Specification1_spec__1_~tmp~0#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~0#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {88#false} is VALID [2022-02-20 18:05:58,462 INFO L272 TraceCheckUtils]: 14: Hoare triple {88#false} call __utac_acc__Specification1_spec__1_#t~ret9#1 := isMethaneLevelCritical(); {87#true} is VALID [2022-02-20 18:05:58,462 INFO L290 TraceCheckUtils]: 15: Hoare triple {87#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {87#true} is VALID [2022-02-20 18:05:58,462 INFO L290 TraceCheckUtils]: 16: Hoare triple {87#true} assume true; {87#true} is VALID [2022-02-20 18:05:58,463 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {87#true} {88#false} #208#return; {88#false} is VALID [2022-02-20 18:05:58,463 INFO L290 TraceCheckUtils]: 18: Hoare triple {88#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret9#1 && __utac_acc__Specification1_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~0#1 := __utac_acc__Specification1_spec__1_#t~ret9#1;havoc __utac_acc__Specification1_spec__1_#t~ret9#1; {88#false} is VALID [2022-02-20 18:05:58,463 INFO L290 TraceCheckUtils]: 19: Hoare triple {88#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {88#false} is VALID [2022-02-20 18:05:58,463 INFO L290 TraceCheckUtils]: 20: Hoare triple {88#false} __utac_acc__Specification1_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret10#1 && __utac_acc__Specification1_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret10#1;havoc __utac_acc__Specification1_spec__1_#t~ret10#1; {88#false} is VALID [2022-02-20 18:05:58,463 INFO L290 TraceCheckUtils]: 21: Hoare triple {88#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {88#false} is VALID [2022-02-20 18:05:58,464 INFO L290 TraceCheckUtils]: 22: Hoare triple {88#false} assume !false; {88#false} is VALID [2022-02-20 18:05:58,464 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:05:58,464 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:58,465 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1346991051] [2022-02-20 18:05:58,465 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1346991051] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:58,465 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:58,465 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:05:58,466 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1233868533] [2022-02-20 18:05:58,467 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:58,470 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:05:58,472 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:58,474 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:58,498 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:58,498 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:05:58,499 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:58,513 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:05:58,513 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:05:58,517 INFO L87 Difference]: Start difference. First operand has 84 states, 61 states have (on average 1.360655737704918) internal successors, (83), 68 states have internal predecessors, (83), 13 states have call successors, (13), 8 states have call predecessors, (13), 8 states have return successors, (13), 11 states have call predecessors, (13), 13 states have call successors, (13) Second operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:58,606 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:58,606 INFO L93 Difference]: Finished difference Result 160 states and 213 transitions. [2022-02-20 18:05:58,606 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:05:58,607 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:05:58,607 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:58,608 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:58,617 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 213 transitions. [2022-02-20 18:05:58,617 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:58,623 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 213 transitions. [2022-02-20 18:05:58,623 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 213 transitions. [2022-02-20 18:05:58,811 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 213 edges. 213 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:58,832 INFO L225 Difference]: With dead ends: 160 [2022-02-20 18:05:58,832 INFO L226 Difference]: Without dead ends: 75 [2022-02-20 18:05:58,835 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:05:58,837 INFO L933 BasicCegarLoop]: 103 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 103 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:58,838 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 103 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:58,856 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 75 states. [2022-02-20 18:05:58,882 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 75 to 75. [2022-02-20 18:05:58,882 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:58,886 INFO L82 GeneralOperation]: Start isEquivalent. First operand 75 states. Second operand has 75 states, 54 states have (on average 1.2777777777777777) internal successors, (69), 60 states have internal predecessors, (69), 13 states have call successors, (13), 8 states have call predecessors, (13), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:05:58,887 INFO L74 IsIncluded]: Start isIncluded. First operand 75 states. Second operand has 75 states, 54 states have (on average 1.2777777777777777) internal successors, (69), 60 states have internal predecessors, (69), 13 states have call successors, (13), 8 states have call predecessors, (13), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:05:58,888 INFO L87 Difference]: Start difference. First operand 75 states. Second operand has 75 states, 54 states have (on average 1.2777777777777777) internal successors, (69), 60 states have internal predecessors, (69), 13 states have call successors, (13), 8 states have call predecessors, (13), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:05:58,894 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:58,896 INFO L93 Difference]: Finished difference Result 75 states and 94 transitions. [2022-02-20 18:05:58,896 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 94 transitions. [2022-02-20 18:05:58,899 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:58,899 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:58,901 INFO L74 IsIncluded]: Start isIncluded. First operand has 75 states, 54 states have (on average 1.2777777777777777) internal successors, (69), 60 states have internal predecessors, (69), 13 states have call successors, (13), 8 states have call predecessors, (13), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand 75 states. [2022-02-20 18:05:58,905 INFO L87 Difference]: Start difference. First operand has 75 states, 54 states have (on average 1.2777777777777777) internal successors, (69), 60 states have internal predecessors, (69), 13 states have call successors, (13), 8 states have call predecessors, (13), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand 75 states. [2022-02-20 18:05:58,911 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:58,913 INFO L93 Difference]: Finished difference Result 75 states and 94 transitions. [2022-02-20 18:05:58,914 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 94 transitions. [2022-02-20 18:05:58,915 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:58,915 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:58,916 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:58,916 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:58,916 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 75 states, 54 states have (on average 1.2777777777777777) internal successors, (69), 60 states have internal predecessors, (69), 13 states have call successors, (13), 8 states have call predecessors, (13), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:05:58,923 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 75 states to 75 states and 94 transitions. [2022-02-20 18:05:58,924 INFO L78 Accepts]: Start accepts. Automaton has 75 states and 94 transitions. Word has length 23 [2022-02-20 18:05:58,924 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:58,925 INFO L470 AbstractCegarLoop]: Abstraction has 75 states and 94 transitions. [2022-02-20 18:05:58,925 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:58,925 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 94 transitions. [2022-02-20 18:05:58,926 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:05:58,926 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:58,926 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:58,926 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:05:58,927 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:58,927 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:58,927 INFO L85 PathProgramCache]: Analyzing trace with hash -834214636, now seen corresponding path program 1 times [2022-02-20 18:05:58,927 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:58,928 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [15229276] [2022-02-20 18:05:58,928 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:58,928 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:58,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:58,972 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:05:58,974 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:58,976 INFO L290 TraceCheckUtils]: 0: Hoare triple {583#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {583#true} is VALID [2022-02-20 18:05:58,976 INFO L290 TraceCheckUtils]: 1: Hoare triple {583#true} assume true; {583#true} is VALID [2022-02-20 18:05:58,977 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {583#true} {584#false} #208#return; {584#false} is VALID [2022-02-20 18:05:58,977 INFO L290 TraceCheckUtils]: 0: Hoare triple {583#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {583#true} is VALID [2022-02-20 18:05:58,977 INFO L290 TraceCheckUtils]: 1: Hoare triple {583#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~4#1, main_~tmp~1#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {583#true} is VALID [2022-02-20 18:05:58,977 INFO L290 TraceCheckUtils]: 2: Hoare triple {583#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {583#true} is VALID [2022-02-20 18:05:58,977 INFO L290 TraceCheckUtils]: 3: Hoare triple {583#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~3#1;havoc valid_product_~retValue_acc~3#1;valid_product_~retValue_acc~3#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~3#1; {583#true} is VALID [2022-02-20 18:05:58,978 INFO L290 TraceCheckUtils]: 4: Hoare triple {583#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {583#true} is VALID [2022-02-20 18:05:58,978 INFO L290 TraceCheckUtils]: 5: Hoare triple {583#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {583#true} is VALID [2022-02-20 18:05:58,978 INFO L290 TraceCheckUtils]: 6: Hoare triple {583#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:58,979 INFO L290 TraceCheckUtils]: 7: Hoare triple {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:05:58,979 INFO L290 TraceCheckUtils]: 8: Hoare triple {585#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {584#false} is VALID [2022-02-20 18:05:58,979 INFO L272 TraceCheckUtils]: 9: Hoare triple {584#false} call cleanup(); {584#false} is VALID [2022-02-20 18:05:58,980 INFO L290 TraceCheckUtils]: 10: Hoare triple {584#false} havoc ~i~0;havoc ~__cil_tmp2~0; {584#false} is VALID [2022-02-20 18:05:58,980 INFO L272 TraceCheckUtils]: 11: Hoare triple {584#false} call timeShift(); {584#false} is VALID [2022-02-20 18:05:58,980 INFO L290 TraceCheckUtils]: 12: Hoare triple {584#false} assume !(0 != ~pumpRunning~0); {584#false} is VALID [2022-02-20 18:05:58,980 INFO L290 TraceCheckUtils]: 13: Hoare triple {584#false} assume !(0 != ~systemActive~0); {584#false} is VALID [2022-02-20 18:05:58,980 INFO L290 TraceCheckUtils]: 14: Hoare triple {584#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret9#1, __utac_acc__Specification1_spec__1_#t~ret10#1, __utac_acc__Specification1_spec__1_~tmp~0#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~0#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {584#false} is VALID [2022-02-20 18:05:58,980 INFO L272 TraceCheckUtils]: 15: Hoare triple {584#false} call __utac_acc__Specification1_spec__1_#t~ret9#1 := isMethaneLevelCritical(); {583#true} is VALID [2022-02-20 18:05:58,981 INFO L290 TraceCheckUtils]: 16: Hoare triple {583#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {583#true} is VALID [2022-02-20 18:05:58,981 INFO L290 TraceCheckUtils]: 17: Hoare triple {583#true} assume true; {583#true} is VALID [2022-02-20 18:05:58,981 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {583#true} {584#false} #208#return; {584#false} is VALID [2022-02-20 18:05:58,981 INFO L290 TraceCheckUtils]: 19: Hoare triple {584#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret9#1 && __utac_acc__Specification1_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~0#1 := __utac_acc__Specification1_spec__1_#t~ret9#1;havoc __utac_acc__Specification1_spec__1_#t~ret9#1; {584#false} is VALID [2022-02-20 18:05:58,981 INFO L290 TraceCheckUtils]: 20: Hoare triple {584#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {584#false} is VALID [2022-02-20 18:05:58,982 INFO L290 TraceCheckUtils]: 21: Hoare triple {584#false} __utac_acc__Specification1_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret10#1 && __utac_acc__Specification1_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret10#1;havoc __utac_acc__Specification1_spec__1_#t~ret10#1; {584#false} is VALID [2022-02-20 18:05:58,982 INFO L290 TraceCheckUtils]: 22: Hoare triple {584#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {584#false} is VALID [2022-02-20 18:05:58,982 INFO L290 TraceCheckUtils]: 23: Hoare triple {584#false} assume !false; {584#false} is VALID [2022-02-20 18:05:58,982 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:05:58,982 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:58,982 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [15229276] [2022-02-20 18:05:58,983 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [15229276] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:58,983 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:58,983 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:05:58,983 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1211202163] [2022-02-20 18:05:58,983 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:58,984 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:05:58,984 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:58,985 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,007 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:59,007 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:59,009 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:59,011 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:59,011 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:05:59,011 INFO L87 Difference]: Start difference. First operand 75 states and 94 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,105 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:59,105 INFO L93 Difference]: Finished difference Result 111 states and 137 transitions. [2022-02-20 18:05:59,105 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:59,106 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:05:59,106 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:59,106 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,111 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 137 transitions. [2022-02-20 18:05:59,111 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,116 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 137 transitions. [2022-02-20 18:05:59,116 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 137 transitions. [2022-02-20 18:05:59,215 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 137 edges. 137 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:59,217 INFO L225 Difference]: With dead ends: 111 [2022-02-20 18:05:59,217 INFO L226 Difference]: Without dead ends: 66 [2022-02-20 18:05:59,218 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:05:59,218 INFO L933 BasicCegarLoop]: 81 mSDtfsCounter, 17 mSDsluCounter, 59 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 140 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:59,219 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 140 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:59,220 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 66 states. [2022-02-20 18:05:59,223 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 66 to 66. [2022-02-20 18:05:59,223 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:59,224 INFO L82 GeneralOperation]: Start isEquivalent. First operand 66 states. Second operand has 66 states, 48 states have (on average 1.2916666666666667) internal successors, (62), 54 states have internal predecessors, (62), 10 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:05:59,224 INFO L74 IsIncluded]: Start isIncluded. First operand 66 states. Second operand has 66 states, 48 states have (on average 1.2916666666666667) internal successors, (62), 54 states have internal predecessors, (62), 10 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:05:59,230 INFO L87 Difference]: Start difference. First operand 66 states. Second operand has 66 states, 48 states have (on average 1.2916666666666667) internal successors, (62), 54 states have internal predecessors, (62), 10 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:05:59,233 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:59,233 INFO L93 Difference]: Finished difference Result 66 states and 82 transitions. [2022-02-20 18:05:59,233 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 82 transitions. [2022-02-20 18:05:59,234 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:59,234 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:59,234 INFO L74 IsIncluded]: Start isIncluded. First operand has 66 states, 48 states have (on average 1.2916666666666667) internal successors, (62), 54 states have internal predecessors, (62), 10 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 66 states. [2022-02-20 18:05:59,234 INFO L87 Difference]: Start difference. First operand has 66 states, 48 states have (on average 1.2916666666666667) internal successors, (62), 54 states have internal predecessors, (62), 10 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 66 states. [2022-02-20 18:05:59,237 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:59,237 INFO L93 Difference]: Finished difference Result 66 states and 82 transitions. [2022-02-20 18:05:59,237 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 82 transitions. [2022-02-20 18:05:59,237 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:59,238 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:59,238 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:59,238 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:59,238 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 66 states, 48 states have (on average 1.2916666666666667) internal successors, (62), 54 states have internal predecessors, (62), 10 states have call successors, (10), 7 states have call predecessors, (10), 7 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:05:59,240 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 66 states to 66 states and 82 transitions. [2022-02-20 18:05:59,240 INFO L78 Accepts]: Start accepts. Automaton has 66 states and 82 transitions. Word has length 24 [2022-02-20 18:05:59,241 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:59,241 INFO L470 AbstractCegarLoop]: Abstraction has 66 states and 82 transitions. [2022-02-20 18:05:59,241 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,241 INFO L276 IsEmpty]: Start isEmpty. Operand 66 states and 82 transitions. [2022-02-20 18:05:59,242 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:05:59,242 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:59,242 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:59,242 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:05:59,242 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:59,243 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:59,243 INFO L85 PathProgramCache]: Analyzing trace with hash -1796175137, now seen corresponding path program 1 times [2022-02-20 18:05:59,243 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:59,243 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [187851555] [2022-02-20 18:05:59,244 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:59,244 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:59,266 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:59,289 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:05:59,290 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:59,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {976#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {976#true} is VALID [2022-02-20 18:05:59,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {976#true} assume true; {976#true} is VALID [2022-02-20 18:05:59,293 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {976#true} {977#false} #208#return; {977#false} is VALID [2022-02-20 18:05:59,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {976#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {976#true} is VALID [2022-02-20 18:05:59,294 INFO L290 TraceCheckUtils]: 1: Hoare triple {976#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~4#1, main_~tmp~1#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {976#true} is VALID [2022-02-20 18:05:59,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {976#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {976#true} is VALID [2022-02-20 18:05:59,294 INFO L290 TraceCheckUtils]: 3: Hoare triple {976#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~3#1;havoc valid_product_~retValue_acc~3#1;valid_product_~retValue_acc~3#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~3#1; {976#true} is VALID [2022-02-20 18:05:59,294 INFO L290 TraceCheckUtils]: 4: Hoare triple {976#true} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {976#true} is VALID [2022-02-20 18:05:59,294 INFO L290 TraceCheckUtils]: 5: Hoare triple {976#true} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {976#true} is VALID [2022-02-20 18:05:59,295 INFO L290 TraceCheckUtils]: 6: Hoare triple {976#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {976#true} is VALID [2022-02-20 18:05:59,295 INFO L290 TraceCheckUtils]: 7: Hoare triple {976#true} assume !false; {976#true} is VALID [2022-02-20 18:05:59,295 INFO L290 TraceCheckUtils]: 8: Hoare triple {976#true} assume test_~splverifierCounter~0#1 < 4; {976#true} is VALID [2022-02-20 18:05:59,295 INFO L290 TraceCheckUtils]: 9: Hoare triple {976#true} assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp~7#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {976#true} is VALID [2022-02-20 18:05:59,296 INFO L290 TraceCheckUtils]: 10: Hoare triple {976#true} assume !(0 != test_~tmp~7#1); {976#true} is VALID [2022-02-20 18:05:59,296 INFO L290 TraceCheckUtils]: 11: Hoare triple {976#true} assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {976#true} is VALID [2022-02-20 18:05:59,296 INFO L290 TraceCheckUtils]: 12: Hoare triple {976#true} assume !(0 != test_~tmp___0~1#1); {976#true} is VALID [2022-02-20 18:05:59,296 INFO L290 TraceCheckUtils]: 13: Hoare triple {976#true} assume -2147483648 <= test_#t~nondet49#1 && test_#t~nondet49#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet49#1;havoc test_#t~nondet49#1; {976#true} is VALID [2022-02-20 18:05:59,297 INFO L290 TraceCheckUtils]: 14: Hoare triple {976#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {978#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:05:59,297 INFO L290 TraceCheckUtils]: 15: Hoare triple {978#(= 1 ~systemActive~0)} assume { :end_inline_startSystem } true; {978#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:05:59,298 INFO L272 TraceCheckUtils]: 16: Hoare triple {978#(= 1 ~systemActive~0)} call timeShift(); {978#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:05:59,298 INFO L290 TraceCheckUtils]: 17: Hoare triple {978#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {978#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:05:59,299 INFO L290 TraceCheckUtils]: 18: Hoare triple {978#(= 1 ~systemActive~0)} assume !(0 != ~systemActive~0); {977#false} is VALID [2022-02-20 18:05:59,299 INFO L290 TraceCheckUtils]: 19: Hoare triple {977#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret9#1, __utac_acc__Specification1_spec__1_#t~ret10#1, __utac_acc__Specification1_spec__1_~tmp~0#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~0#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {977#false} is VALID [2022-02-20 18:05:59,299 INFO L272 TraceCheckUtils]: 20: Hoare triple {977#false} call __utac_acc__Specification1_spec__1_#t~ret9#1 := isMethaneLevelCritical(); {976#true} is VALID [2022-02-20 18:05:59,299 INFO L290 TraceCheckUtils]: 21: Hoare triple {976#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {976#true} is VALID [2022-02-20 18:05:59,299 INFO L290 TraceCheckUtils]: 22: Hoare triple {976#true} assume true; {976#true} is VALID [2022-02-20 18:05:59,300 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {976#true} {977#false} #208#return; {977#false} is VALID [2022-02-20 18:05:59,300 INFO L290 TraceCheckUtils]: 24: Hoare triple {977#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret9#1 && __utac_acc__Specification1_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~0#1 := __utac_acc__Specification1_spec__1_#t~ret9#1;havoc __utac_acc__Specification1_spec__1_#t~ret9#1; {977#false} is VALID [2022-02-20 18:05:59,300 INFO L290 TraceCheckUtils]: 25: Hoare triple {977#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {977#false} is VALID [2022-02-20 18:05:59,300 INFO L290 TraceCheckUtils]: 26: Hoare triple {977#false} __utac_acc__Specification1_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret10#1 && __utac_acc__Specification1_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret10#1;havoc __utac_acc__Specification1_spec__1_#t~ret10#1; {977#false} is VALID [2022-02-20 18:05:59,300 INFO L290 TraceCheckUtils]: 27: Hoare triple {977#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {977#false} is VALID [2022-02-20 18:05:59,301 INFO L290 TraceCheckUtils]: 28: Hoare triple {977#false} assume !false; {977#false} is VALID [2022-02-20 18:05:59,301 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:05:59,301 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:59,301 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [187851555] [2022-02-20 18:05:59,301 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [187851555] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:59,302 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:59,302 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:05:59,302 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [85197610] [2022-02-20 18:05:59,302 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:59,303 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:05:59,303 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:59,303 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,323 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:59,323 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:05:59,323 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:59,324 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:05:59,324 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:05:59,324 INFO L87 Difference]: Start difference. First operand 66 states and 82 transitions. Second operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,452 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:59,453 INFO L93 Difference]: Finished difference Result 182 states and 231 transitions. [2022-02-20 18:05:59,453 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:05:59,453 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:05:59,453 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:05:59,454 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,457 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 231 transitions. [2022-02-20 18:05:59,457 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,460 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 231 transitions. [2022-02-20 18:05:59,460 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 231 transitions. [2022-02-20 18:05:59,623 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 231 edges. 231 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:59,625 INFO L225 Difference]: With dead ends: 182 [2022-02-20 18:05:59,626 INFO L226 Difference]: Without dead ends: 123 [2022-02-20 18:05:59,626 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:05:59,627 INFO L933 BasicCegarLoop]: 102 mSDtfsCounter, 74 mSDsluCounter, 70 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 74 SdHoareTripleChecker+Valid, 172 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:05:59,627 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [74 Valid, 172 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:05:59,628 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 123 states. [2022-02-20 18:05:59,635 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 123 to 120. [2022-02-20 18:05:59,635 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:05:59,636 INFO L82 GeneralOperation]: Start isEquivalent. First operand 123 states. Second operand has 120 states, 85 states have (on average 1.3176470588235294) internal successors, (112), 96 states have internal predecessors, (112), 20 states have call successors, (20), 14 states have call predecessors, (20), 14 states have return successors, (20), 15 states have call predecessors, (20), 20 states have call successors, (20) [2022-02-20 18:05:59,636 INFO L74 IsIncluded]: Start isIncluded. First operand 123 states. Second operand has 120 states, 85 states have (on average 1.3176470588235294) internal successors, (112), 96 states have internal predecessors, (112), 20 states have call successors, (20), 14 states have call predecessors, (20), 14 states have return successors, (20), 15 states have call predecessors, (20), 20 states have call successors, (20) [2022-02-20 18:05:59,637 INFO L87 Difference]: Start difference. First operand 123 states. Second operand has 120 states, 85 states have (on average 1.3176470588235294) internal successors, (112), 96 states have internal predecessors, (112), 20 states have call successors, (20), 14 states have call predecessors, (20), 14 states have return successors, (20), 15 states have call predecessors, (20), 20 states have call successors, (20) [2022-02-20 18:05:59,640 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:59,640 INFO L93 Difference]: Finished difference Result 123 states and 154 transitions. [2022-02-20 18:05:59,640 INFO L276 IsEmpty]: Start isEmpty. Operand 123 states and 154 transitions. [2022-02-20 18:05:59,641 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:59,641 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:59,642 INFO L74 IsIncluded]: Start isIncluded. First operand has 120 states, 85 states have (on average 1.3176470588235294) internal successors, (112), 96 states have internal predecessors, (112), 20 states have call successors, (20), 14 states have call predecessors, (20), 14 states have return successors, (20), 15 states have call predecessors, (20), 20 states have call successors, (20) Second operand 123 states. [2022-02-20 18:05:59,642 INFO L87 Difference]: Start difference. First operand has 120 states, 85 states have (on average 1.3176470588235294) internal successors, (112), 96 states have internal predecessors, (112), 20 states have call successors, (20), 14 states have call predecessors, (20), 14 states have return successors, (20), 15 states have call predecessors, (20), 20 states have call successors, (20) Second operand 123 states. [2022-02-20 18:05:59,645 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:05:59,645 INFO L93 Difference]: Finished difference Result 123 states and 154 transitions. [2022-02-20 18:05:59,645 INFO L276 IsEmpty]: Start isEmpty. Operand 123 states and 154 transitions. [2022-02-20 18:05:59,646 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:05:59,646 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:05:59,646 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:05:59,646 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:05:59,647 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 120 states, 85 states have (on average 1.3176470588235294) internal successors, (112), 96 states have internal predecessors, (112), 20 states have call successors, (20), 14 states have call predecessors, (20), 14 states have return successors, (20), 15 states have call predecessors, (20), 20 states have call successors, (20) [2022-02-20 18:05:59,650 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 120 states to 120 states and 152 transitions. [2022-02-20 18:05:59,650 INFO L78 Accepts]: Start accepts. Automaton has 120 states and 152 transitions. Word has length 29 [2022-02-20 18:05:59,650 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:05:59,650 INFO L470 AbstractCegarLoop]: Abstraction has 120 states and 152 transitions. [2022-02-20 18:05:59,651 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 3 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,651 INFO L276 IsEmpty]: Start isEmpty. Operand 120 states and 152 transitions. [2022-02-20 18:05:59,651 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:05:59,651 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:05:59,651 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:05:59,652 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:05:59,652 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:05:59,652 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:05:59,652 INFO L85 PathProgramCache]: Analyzing trace with hash 806132433, now seen corresponding path program 1 times [2022-02-20 18:05:59,653 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:05:59,653 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1434346030] [2022-02-20 18:05:59,653 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:05:59,653 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:05:59,677 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:59,707 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:05:59,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:05:59,716 INFO L290 TraceCheckUtils]: 0: Hoare triple {1656#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:05:59,717 INFO L290 TraceCheckUtils]: 1: Hoare triple {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:05:59,717 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1658#(= ~methaneLevelCritical~0 0)} #208#return; {1662#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret9#1| 0)} is VALID [2022-02-20 18:05:59,718 INFO L290 TraceCheckUtils]: 0: Hoare triple {1656#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,718 INFO L290 TraceCheckUtils]: 1: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~4#1, main_~tmp~1#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,719 INFO L290 TraceCheckUtils]: 2: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,719 INFO L290 TraceCheckUtils]: 3: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~3#1;havoc valid_product_~retValue_acc~3#1;valid_product_~retValue_acc~3#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~3#1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,719 INFO L290 TraceCheckUtils]: 4: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,720 INFO L290 TraceCheckUtils]: 5: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,720 INFO L290 TraceCheckUtils]: 6: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,720 INFO L290 TraceCheckUtils]: 7: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume !false; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,721 INFO L290 TraceCheckUtils]: 8: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume test_~splverifierCounter~0#1 < 4; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,721 INFO L290 TraceCheckUtils]: 9: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp~7#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,732 INFO L290 TraceCheckUtils]: 10: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp~7#1); {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,733 INFO L290 TraceCheckUtils]: 11: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,733 INFO L290 TraceCheckUtils]: 12: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___0~1#1); {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,734 INFO L290 TraceCheckUtils]: 13: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet49#1 && test_#t~nondet49#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet49#1;havoc test_#t~nondet49#1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,734 INFO L290 TraceCheckUtils]: 14: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,734 INFO L290 TraceCheckUtils]: 15: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,740 INFO L290 TraceCheckUtils]: 16: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,741 INFO L290 TraceCheckUtils]: 17: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} ~systemActive~0 := 0; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,741 INFO L290 TraceCheckUtils]: 18: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume { :end_inline_stopSystem } true; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,742 INFO L272 TraceCheckUtils]: 19: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} call timeShift(); {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,742 INFO L290 TraceCheckUtils]: 20: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,742 INFO L290 TraceCheckUtils]: 21: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume !(0 != ~systemActive~0); {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,743 INFO L290 TraceCheckUtils]: 22: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret9#1, __utac_acc__Specification1_spec__1_#t~ret10#1, __utac_acc__Specification1_spec__1_~tmp~0#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~0#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {1658#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:05:59,743 INFO L272 TraceCheckUtils]: 23: Hoare triple {1658#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification1_spec__1_#t~ret9#1 := isMethaneLevelCritical(); {1656#true} is VALID [2022-02-20 18:05:59,743 INFO L290 TraceCheckUtils]: 24: Hoare triple {1656#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:05:59,744 INFO L290 TraceCheckUtils]: 25: Hoare triple {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:05:59,744 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {1664#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1658#(= ~methaneLevelCritical~0 0)} #208#return; {1662#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret9#1| 0)} is VALID [2022-02-20 18:05:59,745 INFO L290 TraceCheckUtils]: 27: Hoare triple {1662#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret9#1| 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret9#1 && __utac_acc__Specification1_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~0#1 := __utac_acc__Specification1_spec__1_#t~ret9#1;havoc __utac_acc__Specification1_spec__1_#t~ret9#1; {1663#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~0#1| 0)} is VALID [2022-02-20 18:05:59,745 INFO L290 TraceCheckUtils]: 28: Hoare triple {1663#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~0#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {1657#false} is VALID [2022-02-20 18:05:59,745 INFO L290 TraceCheckUtils]: 29: Hoare triple {1657#false} __utac_acc__Specification1_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret10#1 && __utac_acc__Specification1_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret10#1;havoc __utac_acc__Specification1_spec__1_#t~ret10#1; {1657#false} is VALID [2022-02-20 18:05:59,746 INFO L290 TraceCheckUtils]: 30: Hoare triple {1657#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1657#false} is VALID [2022-02-20 18:05:59,746 INFO L290 TraceCheckUtils]: 31: Hoare triple {1657#false} assume !false; {1657#false} is VALID [2022-02-20 18:05:59,746 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:05:59,746 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:05:59,746 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1434346030] [2022-02-20 18:05:59,747 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1434346030] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:05:59,747 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:05:59,747 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:05:59,747 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [684244977] [2022-02-20 18:05:59,747 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:05:59,748 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:05:59,748 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:05:59,748 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:05:59,780 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:05:59,780 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:05:59,780 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:05:59,781 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:05:59,781 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:05:59,781 INFO L87 Difference]: Start difference. First operand 120 states and 152 transitions. Second operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:00,045 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,045 INFO L93 Difference]: Finished difference Result 346 states and 447 transitions. [2022-02-20 18:06:00,045 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:06:00,046 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:06:00,046 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:00,046 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:00,049 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 234 transitions. [2022-02-20 18:06:00,049 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:00,051 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 234 transitions. [2022-02-20 18:06:00,051 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 234 transitions. [2022-02-20 18:06:00,208 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 234 edges. 234 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:00,212 INFO L225 Difference]: With dead ends: 346 [2022-02-20 18:06:00,213 INFO L226 Difference]: Without dead ends: 233 [2022-02-20 18:06:00,213 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:06:00,214 INFO L933 BasicCegarLoop]: 89 mSDtfsCounter, 53 mSDsluCounter, 308 mSDsCounter, 0 mSdLazyCounter, 46 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 56 SdHoareTripleChecker+Valid, 397 SdHoareTripleChecker+Invalid, 50 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 46 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:00,215 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [56 Valid, 397 Invalid, 50 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 46 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:00,215 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 233 states. [2022-02-20 18:06:00,239 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 233 to 227. [2022-02-20 18:06:00,239 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:00,240 INFO L82 GeneralOperation]: Start isEquivalent. First operand 233 states. Second operand has 227 states, 158 states have (on average 1.3037974683544304) internal successors, (206), 179 states have internal predecessors, (206), 40 states have call successors, (40), 28 states have call predecessors, (40), 28 states have return successors, (42), 30 states have call predecessors, (42), 40 states have call successors, (42) [2022-02-20 18:06:00,241 INFO L74 IsIncluded]: Start isIncluded. First operand 233 states. Second operand has 227 states, 158 states have (on average 1.3037974683544304) internal successors, (206), 179 states have internal predecessors, (206), 40 states have call successors, (40), 28 states have call predecessors, (40), 28 states have return successors, (42), 30 states have call predecessors, (42), 40 states have call successors, (42) [2022-02-20 18:06:00,241 INFO L87 Difference]: Start difference. First operand 233 states. Second operand has 227 states, 158 states have (on average 1.3037974683544304) internal successors, (206), 179 states have internal predecessors, (206), 40 states have call successors, (40), 28 states have call predecessors, (40), 28 states have return successors, (42), 30 states have call predecessors, (42), 40 states have call successors, (42) [2022-02-20 18:06:00,247 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,247 INFO L93 Difference]: Finished difference Result 233 states and 294 transitions. [2022-02-20 18:06:00,248 INFO L276 IsEmpty]: Start isEmpty. Operand 233 states and 294 transitions. [2022-02-20 18:06:00,248 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:00,248 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:00,249 INFO L74 IsIncluded]: Start isIncluded. First operand has 227 states, 158 states have (on average 1.3037974683544304) internal successors, (206), 179 states have internal predecessors, (206), 40 states have call successors, (40), 28 states have call predecessors, (40), 28 states have return successors, (42), 30 states have call predecessors, (42), 40 states have call successors, (42) Second operand 233 states. [2022-02-20 18:06:00,250 INFO L87 Difference]: Start difference. First operand has 227 states, 158 states have (on average 1.3037974683544304) internal successors, (206), 179 states have internal predecessors, (206), 40 states have call successors, (40), 28 states have call predecessors, (40), 28 states have return successors, (42), 30 states have call predecessors, (42), 40 states have call successors, (42) Second operand 233 states. [2022-02-20 18:06:00,256 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,256 INFO L93 Difference]: Finished difference Result 233 states and 294 transitions. [2022-02-20 18:06:00,256 INFO L276 IsEmpty]: Start isEmpty. Operand 233 states and 294 transitions. [2022-02-20 18:06:00,257 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:00,257 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:00,257 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:00,257 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:00,258 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 227 states, 158 states have (on average 1.3037974683544304) internal successors, (206), 179 states have internal predecessors, (206), 40 states have call successors, (40), 28 states have call predecessors, (40), 28 states have return successors, (42), 30 states have call predecessors, (42), 40 states have call successors, (42) [2022-02-20 18:06:00,263 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 227 states to 227 states and 288 transitions. [2022-02-20 18:06:00,264 INFO L78 Accepts]: Start accepts. Automaton has 227 states and 288 transitions. Word has length 32 [2022-02-20 18:06:00,264 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:00,264 INFO L470 AbstractCegarLoop]: Abstraction has 227 states and 288 transitions. [2022-02-20 18:06:00,265 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:00,265 INFO L276 IsEmpty]: Start isEmpty. Operand 227 states and 288 transitions. [2022-02-20 18:06:00,265 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-02-20 18:06:00,266 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:00,266 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:00,266 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:06:00,266 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:00,266 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:00,267 INFO L85 PathProgramCache]: Analyzing trace with hash -154829643, now seen corresponding path program 1 times [2022-02-20 18:06:00,267 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:00,267 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [506931067] [2022-02-20 18:06:00,267 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:00,267 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:00,286 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:00,335 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:00,336 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:00,340 INFO L290 TraceCheckUtils]: 0: Hoare triple {2959#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {2948#true} is VALID [2022-02-20 18:06:00,341 INFO L290 TraceCheckUtils]: 1: Hoare triple {2948#true} assume true; {2948#true} is VALID [2022-02-20 18:06:00,341 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2948#true} {2950#(= ~pumpRunning~0 0)} #216#return; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:06:00,343 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:00,346 INFO L290 TraceCheckUtils]: 0: Hoare triple {2948#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {2948#true} is VALID [2022-02-20 18:06:00,346 INFO L290 TraceCheckUtils]: 1: Hoare triple {2948#true} assume true; {2948#true} is VALID [2022-02-20 18:06:00,347 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2948#true} {2950#(= ~pumpRunning~0 0)} #208#return; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {2948#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(30, 9);call #Ultimate.allocInit(9, 10);call #Ultimate.allocInit(21, 11);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(25, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {2950#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret12#1, main_~retValue_acc~4#1, main_~tmp~1#1;havoc main_~retValue_acc~4#1;havoc main_~tmp~1#1;assume { :begin_inline_select_helpers } true; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,349 INFO L290 TraceCheckUtils]: 2: Hoare triple {2950#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,360 INFO L290 TraceCheckUtils]: 3: Hoare triple {2950#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~3#1;havoc valid_product_~retValue_acc~3#1;valid_product_~retValue_acc~3#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~3#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,361 INFO L290 TraceCheckUtils]: 4: Hoare triple {2950#(= ~pumpRunning~0 0)} main_#t~ret12#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret12#1 && main_#t~ret12#1 <= 2147483647;main_~tmp~1#1 := main_#t~ret12#1;havoc main_#t~ret12#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,361 INFO L290 TraceCheckUtils]: 5: Hoare triple {2950#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~1#1;assume { :begin_inline_setup } true; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,362 INFO L290 TraceCheckUtils]: 6: Hoare triple {2950#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_#t~nondet50#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,362 INFO L290 TraceCheckUtils]: 7: Hoare triple {2950#(= ~pumpRunning~0 0)} assume !false; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,362 INFO L290 TraceCheckUtils]: 8: Hoare triple {2950#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,363 INFO L290 TraceCheckUtils]: 9: Hoare triple {2950#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp~7#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,363 INFO L290 TraceCheckUtils]: 10: Hoare triple {2950#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~7#1); {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,363 INFO L290 TraceCheckUtils]: 11: Hoare triple {2950#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,364 INFO L290 TraceCheckUtils]: 12: Hoare triple {2950#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___0~1#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,364 INFO L272 TraceCheckUtils]: 13: Hoare triple {2950#(= ~pumpRunning~0 0)} call changeMethaneLevel(); {2959#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:00,364 INFO L290 TraceCheckUtils]: 14: Hoare triple {2959#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {2948#true} is VALID [2022-02-20 18:06:00,364 INFO L290 TraceCheckUtils]: 15: Hoare triple {2948#true} assume true; {2948#true} is VALID [2022-02-20 18:06:00,365 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2948#true} {2950#(= ~pumpRunning~0 0)} #216#return; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,365 INFO L290 TraceCheckUtils]: 17: Hoare triple {2950#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet49#1 && test_#t~nondet49#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet49#1;havoc test_#t~nondet49#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,366 INFO L290 TraceCheckUtils]: 18: Hoare triple {2950#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet50#1 && test_#t~nondet50#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet50#1;havoc test_#t~nondet50#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,366 INFO L290 TraceCheckUtils]: 19: Hoare triple {2950#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,366 INFO L290 TraceCheckUtils]: 20: Hoare triple {2950#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,368 INFO L290 TraceCheckUtils]: 21: Hoare triple {2950#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,368 INFO L290 TraceCheckUtils]: 22: Hoare triple {2950#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,368 INFO L272 TraceCheckUtils]: 23: Hoare triple {2950#(= ~pumpRunning~0 0)} call timeShift(); {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,369 INFO L290 TraceCheckUtils]: 24: Hoare triple {2950#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,369 INFO L290 TraceCheckUtils]: 25: Hoare triple {2950#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,369 INFO L290 TraceCheckUtils]: 26: Hoare triple {2950#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret9#1, __utac_acc__Specification1_spec__1_#t~ret10#1, __utac_acc__Specification1_spec__1_~tmp~0#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~0#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,369 INFO L272 TraceCheckUtils]: 27: Hoare triple {2950#(= ~pumpRunning~0 0)} call __utac_acc__Specification1_spec__1_#t~ret9#1 := isMethaneLevelCritical(); {2948#true} is VALID [2022-02-20 18:06:00,370 INFO L290 TraceCheckUtils]: 28: Hoare triple {2948#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {2948#true} is VALID [2022-02-20 18:06:00,370 INFO L290 TraceCheckUtils]: 29: Hoare triple {2948#true} assume true; {2948#true} is VALID [2022-02-20 18:06:00,370 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {2948#true} {2950#(= ~pumpRunning~0 0)} #208#return; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,371 INFO L290 TraceCheckUtils]: 31: Hoare triple {2950#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret9#1 && __utac_acc__Specification1_spec__1_#t~ret9#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~0#1 := __utac_acc__Specification1_spec__1_#t~ret9#1;havoc __utac_acc__Specification1_spec__1_#t~ret9#1; {2950#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:00,371 INFO L290 TraceCheckUtils]: 32: Hoare triple {2950#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {2957#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:06:00,371 INFO L290 TraceCheckUtils]: 33: Hoare triple {2957#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification1_spec__1_#t~ret10#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret10#1 && __utac_acc__Specification1_spec__1_#t~ret10#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret10#1;havoc __utac_acc__Specification1_spec__1_#t~ret10#1; {2958#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:06:00,372 INFO L290 TraceCheckUtils]: 34: Hoare triple {2958#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~0#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {2949#false} is VALID [2022-02-20 18:06:00,372 INFO L290 TraceCheckUtils]: 35: Hoare triple {2949#false} assume !false; {2949#false} is VALID [2022-02-20 18:06:00,372 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:00,372 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:00,372 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [506931067] [2022-02-20 18:06:00,373 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [506931067] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:00,373 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:00,373 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:00,373 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [75323336] [2022-02-20 18:06:00,373 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:00,373 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 36 [2022-02-20 18:06:00,374 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:00,374 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:00,399 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:00,399 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:00,399 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:00,399 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:00,400 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:00,400 INFO L87 Difference]: Start difference. First operand 227 states and 288 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:00,598 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,598 INFO L93 Difference]: Finished difference Result 387 states and 494 transitions. [2022-02-20 18:06:00,598 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:00,598 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 36 [2022-02-20 18:06:00,599 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:00,599 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:00,600 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 139 transitions. [2022-02-20 18:06:00,600 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:00,602 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 139 transitions. [2022-02-20 18:06:00,602 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 139 transitions. [2022-02-20 18:06:00,680 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 139 edges. 139 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:00,681 INFO L225 Difference]: With dead ends: 387 [2022-02-20 18:06:00,681 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:06:00,682 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:06:00,683 INFO L933 BasicCegarLoop]: 48 mSDtfsCounter, 49 mSDsluCounter, 80 mSDsCounter, 0 mSdLazyCounter, 71 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 50 SdHoareTripleChecker+Valid, 128 SdHoareTripleChecker+Invalid, 86 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 71 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:00,683 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [50 Valid, 128 Invalid, 86 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 71 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:00,683 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:06:00,683 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:06:00,684 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:00,684 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:00,684 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:00,684 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:00,684 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,684 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:06:00,684 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:00,684 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:00,684 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:00,685 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:06:00,685 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:06:00,685 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:00,685 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:06:00,685 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:00,685 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:00,685 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:00,685 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:00,685 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:00,685 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:00,686 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:06:00,686 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 36 [2022-02-20 18:06:00,686 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:00,686 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:06:00,686 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:00,686 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:00,686 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:00,688 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:06:00,691 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:06:00,693 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:06:00,980 INFO L861 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 765 772) the Hoare annotation is: true [2022-02-20 18:06:00,980 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 765 772) no Hoare annotation was computed. [2022-02-20 18:06:00,981 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 765 772) no Hoare annotation was computed. [2022-02-20 18:06:00,981 INFO L854 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 82 93) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) [2022-02-20 18:06:00,981 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 82 93) no Hoare annotation was computed. [2022-02-20 18:06:00,981 INFO L858 garLoopResultBuilder]: For program point L86-1(lines 82 93) no Hoare annotation was computed. [2022-02-20 18:06:00,981 INFO L854 garLoopResultBuilder]: At program point L729(line 729) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:00,981 INFO L854 garLoopResultBuilder]: At program point L725(line 725) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:00,981 INFO L854 garLoopResultBuilder]: At program point L721(line 721) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:00,981 INFO L858 garLoopResultBuilder]: For program point L721-1(line 721) no Hoare annotation was computed. [2022-02-20 18:06:00,982 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 683 706) no Hoare annotation was computed. [2022-02-20 18:06:00,982 INFO L854 garLoopResultBuilder]: At program point L734(line 734) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:00,982 INFO L854 garLoopResultBuilder]: At program point L734-1(lines 715 739) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:00,982 INFO L858 garLoopResultBuilder]: For program point L305(line 305) no Hoare annotation was computed. [2022-02-20 18:06:00,983 INFO L854 garLoopResultBuilder]: At program point L144(line 144) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:00,983 INFO L858 garLoopResultBuilder]: For program point L144-1(line 144) no Hoare annotation was computed. [2022-02-20 18:06:00,983 INFO L858 garLoopResultBuilder]: For program point L62(lines 62 66) no Hoare annotation was computed. [2022-02-20 18:06:00,983 INFO L854 garLoopResultBuilder]: At program point L62-2(lines 58 69) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:00,983 INFO L858 garLoopResultBuilder]: For program point L694-1(lines 694 700) no Hoare annotation was computed. [2022-02-20 18:06:00,984 INFO L854 garLoopResultBuilder]: At program point L789(lines 784 792) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0))) (or .cse0 (and (= ~pumpRunning~0 0) (= |timeShift_isPumpRunning_#res#1| 0))))) [2022-02-20 18:06:00,984 INFO L858 garLoopResultBuilder]: For program point L723(lines 723 731) no Hoare annotation was computed. [2022-02-20 18:06:00,984 INFO L854 garLoopResultBuilder]: At program point L306(lines 301 308) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:00,984 INFO L858 garLoopResultBuilder]: For program point L719(lines 719 736) no Hoare annotation was computed. [2022-02-20 18:06:00,984 INFO L858 garLoopResultBuilder]: For program point L150(lines 150 156) no Hoare annotation was computed. [2022-02-20 18:06:00,986 INFO L858 garLoopResultBuilder]: For program point L146(lines 146 159) no Hoare annotation was computed. [2022-02-20 18:06:00,987 INFO L854 garLoopResultBuilder]: At program point L146-1(lines 138 162) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (= ~pumpRunning~0 0)) (or .cse0 (= |timeShift___utac_acc__Specification1_spec__1_~tmp~0#1| 0) (not (= ~methaneLevelCritical~0 0))))) [2022-02-20 18:06:00,987 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 683 706) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:00,987 INFO L858 garLoopResultBuilder]: For program point L687-1(lines 686 705) no Hoare annotation was computed. [2022-02-20 18:06:00,987 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 683 706) no Hoare annotation was computed. [2022-02-20 18:06:00,987 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 305) no Hoare annotation was computed. [2022-02-20 18:06:00,988 INFO L858 garLoopResultBuilder]: For program point L225(line 225) no Hoare annotation was computed. [2022-02-20 18:06:00,988 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 204 233) no Hoare annotation was computed. [2022-02-20 18:06:00,988 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 204 233) the Hoare annotation is: true [2022-02-20 18:06:00,988 INFO L858 garLoopResultBuilder]: For program point L218(lines 218 222) no Hoare annotation was computed. [2022-02-20 18:06:00,988 INFO L861 garLoopResultBuilder]: At program point L218-1(lines 218 222) the Hoare annotation is: true [2022-02-20 18:06:00,988 INFO L858 garLoopResultBuilder]: For program point L215(line 215) no Hoare annotation was computed. [2022-02-20 18:06:00,988 INFO L861 garLoopResultBuilder]: At program point L214-2(lines 214 228) the Hoare annotation is: true [2022-02-20 18:06:00,988 INFO L861 garLoopResultBuilder]: At program point L210(line 210) the Hoare annotation is: true [2022-02-20 18:06:00,988 INFO L858 garLoopResultBuilder]: For program point L210-1(line 210) no Hoare annotation was computed. [2022-02-20 18:06:00,988 INFO L861 garLoopResultBuilder]: At program point L229(lines 204 233) the Hoare annotation is: true [2022-02-20 18:06:00,989 INFO L861 garLoopResultBuilder]: At program point isMethaneLevelCriticalENTRY(lines 94 102) the Hoare annotation is: true [2022-02-20 18:06:00,989 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 94 102) no Hoare annotation was computed. [2022-02-20 18:06:00,989 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 94 102) no Hoare annotation was computed. [2022-02-20 18:06:00,990 INFO L858 garLoopResultBuilder]: For program point L865(lines 865 869) no Hoare annotation was computed. [2022-02-20 18:06:00,990 INFO L858 garLoopResultBuilder]: For program point L287(lines 287 294) no Hoare annotation was computed. [2022-02-20 18:06:00,990 INFO L858 garLoopResultBuilder]: For program point L287-2(lines 287 294) no Hoare annotation was computed. [2022-02-20 18:06:00,991 INFO L854 garLoopResultBuilder]: At program point L849(lines 844 851) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:00,992 INFO L854 garLoopResultBuilder]: At program point L841(lines 829 843) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:00,993 INFO L861 garLoopResultBuilder]: At program point L296(lines 277 299) the Hoare annotation is: true [2022-02-20 18:06:00,993 INFO L854 garLoopResultBuilder]: At program point L263(lines 259 265) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:06:00,993 INFO L854 garLoopResultBuilder]: At program point L197(lines 192 200) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:06:00,993 INFO L858 garLoopResultBuilder]: For program point L833(lines 833 839) no Hoare annotation was computed. [2022-02-20 18:06:00,993 INFO L858 garLoopResultBuilder]: For program point L833-1(lines 833 839) no Hoare annotation was computed. [2022-02-20 18:06:00,993 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:06:00,993 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:06:00,993 INFO L854 garLoopResultBuilder]: At program point L189(lines 185 191) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:06:00,993 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:06:00,994 INFO L861 garLoopResultBuilder]: At program point L916(lines 853 920) the Hoare annotation is: true [2022-02-20 18:06:00,994 INFO L858 garLoopResultBuilder]: For program point L883(lines 883 889) no Hoare annotation was computed. [2022-02-20 18:06:00,994 INFO L858 garLoopResultBuilder]: For program point L883-1(lines 883 889) no Hoare annotation was computed. [2022-02-20 18:06:00,994 INFO L854 garLoopResultBuilder]: At program point L875(line 875) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:00,994 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:06:00,994 INFO L854 garLoopResultBuilder]: At program point L182(lines 178 184) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:06:00,995 INFO L854 garLoopResultBuilder]: At program point L913(lines 862 914) the Hoare annotation is: false [2022-02-20 18:06:00,995 INFO L858 garLoopResultBuilder]: For program point L901(lines 901 907) no Hoare annotation was computed. [2022-02-20 18:06:00,995 INFO L854 garLoopResultBuilder]: At program point L835(line 835) the Hoare annotation is: false [2022-02-20 18:06:00,995 INFO L854 garLoopResultBuilder]: At program point L901-2(lines 893 908) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:00,995 INFO L858 garLoopResultBuilder]: For program point L864(lines 863 912) no Hoare annotation was computed. [2022-02-20 18:06:00,995 INFO L858 garLoopResultBuilder]: For program point L893(lines 893 908) no Hoare annotation was computed. [2022-02-20 18:06:00,996 INFO L854 garLoopResultBuilder]: At program point L885(line 885) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:00,996 INFO L861 garLoopResultBuilder]: At program point L274(lines 267 276) the Hoare annotation is: true [2022-02-20 18:06:00,996 INFO L854 garLoopResultBuilder]: At program point L910(lines 863 912) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:00,996 INFO L858 garLoopResultBuilder]: For program point L873(lines 873 879) no Hoare annotation was computed. [2022-02-20 18:06:00,996 INFO L858 garLoopResultBuilder]: For program point L873-1(lines 873 879) no Hoare annotation was computed. [2022-02-20 18:06:00,996 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 70 81) no Hoare annotation was computed. [2022-02-20 18:06:00,996 INFO L858 garLoopResultBuilder]: For program point L74-1(lines 70 81) no Hoare annotation was computed. [2022-02-20 18:06:00,997 INFO L861 garLoopResultBuilder]: At program point waterRiseENTRY(lines 70 81) the Hoare annotation is: true [2022-02-20 18:06:00,997 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__methaneQueryEXIT(lines 707 713) no Hoare annotation was computed. [2022-02-20 18:06:00,997 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__methaneQueryFINAL(lines 707 713) the Hoare annotation is: true [2022-02-20 18:06:00,997 INFO L861 garLoopResultBuilder]: At program point isMethaneAlarmENTRY(lines 773 783) the Hoare annotation is: true [2022-02-20 18:06:00,997 INFO L858 garLoopResultBuilder]: For program point isMethaneAlarmEXIT(lines 773 783) no Hoare annotation was computed. [2022-02-20 18:06:00,997 INFO L861 garLoopResultBuilder]: At program point L778(line 778) the Hoare annotation is: true [2022-02-20 18:06:00,998 INFO L858 garLoopResultBuilder]: For program point L778-1(line 778) no Hoare annotation was computed. [2022-02-20 18:06:01,003 INFO L858 garLoopResultBuilder]: For program point isMethaneAlarmFINAL(lines 773 783) no Hoare annotation was computed. [2022-02-20 18:06:01,015 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1] [2022-02-20 18:06:01,016 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:06:01,018 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:06:01,018 WARN L170 areAnnotationChecker]: L86-1 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L86-1 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L62 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L687-1 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L74-1 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L74-1 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__methaneQueryEXIT has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L86-1 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L62 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L62 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L687-1 has no Hoare annotation [2022-02-20 18:06:01,019 WARN L170 areAnnotationChecker]: L687-1 has no Hoare annotation [2022-02-20 18:06:01,020 WARN L170 areAnnotationChecker]: L210-1 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L74-1 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__methaneQueryEXIT has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__methaneQueryEXIT has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L778-1 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L687-1 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L719 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L719 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L694-1 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: L210-1 has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:06:01,023 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L694-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L778-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L833-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L883-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L721-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L144-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L215 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L144-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: L873-1 has no Hoare annotation [2022-02-20 18:06:01,026 WARN L170 areAnnotationChecker]: isMethaneAlarmFINAL has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L893 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L893 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L721-1 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L215 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L146 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L146 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L287 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L883 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: L883 has no Hoare annotation [2022-02-20 18:06:01,027 WARN L170 areAnnotationChecker]: isMethaneAlarmEXIT has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L901 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L901 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L723 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L723 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L218 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L218 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L150 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L287 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L287 has no Hoare annotation [2022-02-20 18:06:01,029 WARN L170 areAnnotationChecker]: L883-1 has no Hoare annotation [2022-02-20 18:06:01,030 WARN L170 areAnnotationChecker]: L864 has no Hoare annotation [2022-02-20 18:06:01,030 WARN L170 areAnnotationChecker]: L833 has no Hoare annotation [2022-02-20 18:06:01,030 WARN L170 areAnnotationChecker]: L833 has no Hoare annotation [2022-02-20 18:06:01,030 WARN L170 areAnnotationChecker]: L225 has no Hoare annotation [2022-02-20 18:06:01,031 WARN L170 areAnnotationChecker]: L150 has no Hoare annotation [2022-02-20 18:06:01,031 WARN L170 areAnnotationChecker]: L150 has no Hoare annotation [2022-02-20 18:06:01,031 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L287-2 has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L864 has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L864 has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L833-1 has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L287-2 has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L225 has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L305 has no Hoare annotation [2022-02-20 18:06:01,032 WARN L170 areAnnotationChecker]: L305 has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: L865 has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: L873 has no Hoare annotation [2022-02-20 18:06:01,033 WARN L170 areAnnotationChecker]: L873 has no Hoare annotation [2022-02-20 18:06:01,034 WARN L170 areAnnotationChecker]: L873-1 has no Hoare annotation [2022-02-20 18:06:01,034 INFO L163 areAnnotationChecker]: CFG has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:06:01,044 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:06:01 BoogieIcfgContainer [2022-02-20 18:06:01,044 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:06:01,044 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:06:01,044 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:06:01,045 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:06:01,045 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:05:58" (3/4) ... [2022-02-20 18:06:01,047 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:06:01,051 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:06:01,051 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:06:01,051 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:06:01,051 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:06:01,051 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2022-02-20 18:06:01,051 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:06:01,051 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__methaneQuery [2022-02-20 18:06:01,052 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneAlarm [2022-02-20 18:06:01,056 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 47 nodes and edges [2022-02-20 18:06:01,056 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:06:01,056 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:06:01,057 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:06:01,057 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:06:01,057 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:06:01,057 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:06:01,076 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:01,078 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || pumpRunning == 0 [2022-02-20 18:06:01,079 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || tmp == 0) || !(methaneLevelCritical == 0)) [2022-02-20 18:06:01,080 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) [2022-02-20 18:06:01,080 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:01,092 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:06:01,092 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:06:01,093 INFO L158 Benchmark]: Toolchain (without parser) took 3902.65ms. Allocated memory was 96.5MB in the beginning and 130.0MB in the end (delta: 33.6MB). Free memory was 75.4MB in the beginning and 96.8MB in the end (delta: -21.3MB). Peak memory consumption was 10.4MB. Max. memory is 16.1GB. [2022-02-20 18:06:01,093 INFO L158 Benchmark]: CDTParser took 0.17ms. Allocated memory is still 79.7MB. Free memory is still 55.2MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:06:01,094 INFO L158 Benchmark]: CACSL2BoogieTranslator took 425.30ms. Allocated memory is still 96.5MB. Free memory was 75.4MB in the beginning and 54.1MB in the end (delta: 21.3MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. [2022-02-20 18:06:01,094 INFO L158 Benchmark]: Boogie Procedure Inliner took 61.31ms. Allocated memory is still 96.5MB. Free memory was 54.1MB in the beginning and 51.5MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:01,094 INFO L158 Benchmark]: Boogie Preprocessor took 40.82ms. Allocated memory is still 96.5MB. Free memory was 51.5MB in the beginning and 50.0MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:01,094 INFO L158 Benchmark]: RCFGBuilder took 411.41ms. Allocated memory is still 96.5MB. Free memory was 50.0MB in the beginning and 58.9MB in the end (delta: -8.9MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:06:01,095 INFO L158 Benchmark]: TraceAbstraction took 2909.98ms. Allocated memory was 96.5MB in the beginning and 130.0MB in the end (delta: 33.6MB). Free memory was 58.1MB in the beginning and 102.0MB in the end (delta: -43.9MB). Peak memory consumption was 57.7MB. Max. memory is 16.1GB. [2022-02-20 18:06:01,095 INFO L158 Benchmark]: Witness Printer took 48.15ms. Allocated memory is still 130.0MB. Free memory was 102.0MB in the beginning and 96.8MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:06:01,096 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.17ms. Allocated memory is still 79.7MB. Free memory is still 55.2MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 425.30ms. Allocated memory is still 96.5MB. Free memory was 75.4MB in the beginning and 54.1MB in the end (delta: 21.3MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 61.31ms. Allocated memory is still 96.5MB. Free memory was 54.1MB in the beginning and 51.5MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 40.82ms. Allocated memory is still 96.5MB. Free memory was 51.5MB in the beginning and 50.0MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 411.41ms. Allocated memory is still 96.5MB. Free memory was 50.0MB in the beginning and 58.9MB in the end (delta: -8.9MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * TraceAbstraction took 2909.98ms. Allocated memory was 96.5MB in the beginning and 130.0MB in the end (delta: 33.6MB). Free memory was 58.1MB in the beginning and 102.0MB in the end (delta: -43.9MB). Peak memory consumption was 57.7MB. Max. memory is 16.1GB. * Witness Printer took 48.15ms. Allocated memory is still 130.0MB. Free memory was 102.0MB in the beginning and 96.8MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 305]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 84 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 2.8s, OverallIterations: 5, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 1.6s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.3s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 201 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 193 mSDsluCounter, 940 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 517 mSDsCounter, 20 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 122 IncrementalHoareTripleChecker+Invalid, 142 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 20 mSolverCounterUnsat, 423 mSDtfsCounter, 122 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 36 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=227occurred in iteration=4, InterpolantAutomatonStates: 22, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 5 MinimizatonAttempts, 9 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 38 LocationsWithAnnotation, 304 PreInvPairs, 348 NumberOfFragments, 204 HoareAnnotationTreeSize, 304 FomulaSimplifications, 16 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 38 FomulaSimplificationsInter, 883 FormulaSimplificationTreeSizeReductionInter, 0.2s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.3s InterpolantComputationTime, 144 NumberOfCodeBlocks, 144 NumberOfCodeBlocksAsserted, 5 NumberOfCheckSat, 139 ConstructedInterpolants, 0 QuantifiedInterpolants, 263 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 5 InterpolantComputations, 5 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 862]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 277]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 185]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive - InvariantResult [Line: 204]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 267]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 214]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 784]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) - InvariantResult [Line: 192]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive - InvariantResult [Line: 844]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && splverifierCounter == 0 - InvariantResult [Line: 259]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive - InvariantResult [Line: 138]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || tmp == 0) || !(methaneLevelCritical == 0)) - InvariantResult [Line: 829]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 58]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 301]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 715]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || pumpRunning == 0 - InvariantResult [Line: 863]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 853]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 178]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive RESULT: Ultimate proved your program to be correct! [2022-02-20 18:06:01,124 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE