./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec1_product23.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_product23.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 0858956fa78fab41d54951630cb21e24f98b592c89580084f0bb3139b8ef83d9 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:06:04,257 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:06:04,258 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:06:04,283 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:06:04,284 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:06:04,287 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:06:04,288 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:06:04,292 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:06:04,293 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:06:04,294 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:06:04,295 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:06:04,296 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:06:04,296 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:06:04,299 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:06:04,301 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:06:04,302 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:06:04,303 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:06:04,305 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:06:04,306 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:06:04,309 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:06:04,313 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:06:04,314 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:06:04,314 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:06:04,315 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:06:04,317 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:06:04,319 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:06:04,320 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:06:04,321 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:06:04,321 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:06:04,322 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:06:04,323 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:06:04,323 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:06:04,324 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:06:04,325 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:06:04,326 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:06:04,326 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:06:04,327 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:06:04,328 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:06:04,328 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:06:04,328 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:06:04,329 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:06:04,330 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:06:04,352 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:06:04,354 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:06:04,354 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:06:04,354 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:06:04,355 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:06:04,355 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:06:04,356 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:06:04,356 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:06:04,356 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:06:04,356 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:06:04,357 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:06:04,357 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:06:04,357 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:06:04,357 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:06:04,358 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:06:04,358 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:06:04,358 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:06:04,358 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:06:04,358 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:06:04,358 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:06:04,358 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:06:04,359 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:06:04,359 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:06:04,359 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:06:04,359 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:04,359 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:06:04,360 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:06:04,360 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:06:04,360 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:06:04,360 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:06:04,360 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:06:04,360 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:06:04,361 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:06:04,361 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 0858956fa78fab41d54951630cb21e24f98b592c89580084f0bb3139b8ef83d9 [2022-02-20 18:06:04,537 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:06:04,550 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:06:04,552 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:06:04,553 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:06:04,554 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:06:04,554 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_product23.cil.c [2022-02-20 18:06:04,594 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/abbad0dd3/d7f521463db04214b8f445c34e5622af/FLAGee1e1cd94 [2022-02-20 18:06:05,018 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:06:05,019 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product23.cil.c [2022-02-20 18:06:05,031 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/abbad0dd3/d7f521463db04214b8f445c34e5622af/FLAGee1e1cd94 [2022-02-20 18:06:05,048 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/abbad0dd3/d7f521463db04214b8f445c34e5622af [2022-02-20 18:06:05,053 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:06:05,055 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:06:05,056 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:05,056 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:06:05,058 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:06:05,059 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,060 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@65b21621 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05, skipping insertion in model container [2022-02-20 18:06:05,060 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,065 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:06:05,114 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:06:05,426 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product23.cil.c[18140,18153] [2022-02-20 18:06:05,428 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:05,439 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:06:05,496 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product23.cil.c[18140,18153] [2022-02-20 18:06:05,497 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:05,508 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:06:05,509 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05 WrapperNode [2022-02-20 18:06:05,509 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:05,510 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:05,510 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:06:05,510 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:06:05,515 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,526 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,551 INFO L137 Inliner]: procedures = 54, calls = 155, calls flagged for inlining = 20, calls inlined = 17, statements flattened = 236 [2022-02-20 18:06:05,553 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:05,554 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:06:05,554 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:06:05,555 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:06:05,560 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,561 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,569 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,570 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,574 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,578 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,582 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,583 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:06:05,584 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:06:05,584 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:06:05,585 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:06:05,585 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (1/1) ... [2022-02-20 18:06:05,592 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:05,603 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:05,618 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:06:05,623 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:06:05,651 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:06:05,651 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:06:05,651 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:06:05,651 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:06:05,652 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:06:05,652 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:06:05,652 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:06:05,652 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:06:05,652 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:06:05,652 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:06:05,652 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:06:05,652 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:06:05,653 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:06:05,653 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:06:05,653 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:06:05,653 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:06:05,653 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:06:05,653 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:06:05,653 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:06:05,653 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:06:05,703 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:06:05,705 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:06:06,048 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:06:06,054 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:06:06,055 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:06:06,057 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:06 BoogieIcfgContainer [2022-02-20 18:06:06,057 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:06:06,058 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:06:06,058 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:06:06,061 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:06:06,061 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:06:05" (1/3) ... [2022-02-20 18:06:06,062 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7ccb7163 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:06, skipping insertion in model container [2022-02-20 18:06:06,062 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:05" (2/3) ... [2022-02-20 18:06:06,062 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7ccb7163 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:06, skipping insertion in model container [2022-02-20 18:06:06,062 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:06" (3/3) ... [2022-02-20 18:06:06,063 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec1_product23.cil.c [2022-02-20 18:06:06,070 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:06:06,072 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:06:06,116 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:06:06,123 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:06:06,123 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:06:06,152 INFO L276 IsEmpty]: Start isEmpty. Operand has 91 states, 66 states have (on average 1.378787878787879) internal successors, (91), 75 states have internal predecessors, (91), 15 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (15), 11 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-20 18:06:06,159 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2022-02-20 18:06:06,159 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:06,159 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:06,160 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:06,164 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:06,165 INFO L85 PathProgramCache]: Analyzing trace with hash -1836528484, now seen corresponding path program 1 times [2022-02-20 18:06:06,171 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:06,172 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [430220431] [2022-02-20 18:06:06,172 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:06,173 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:06,282 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:06,357 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:06:06,359 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:06,382 INFO L290 TraceCheckUtils]: 0: Hoare triple {94#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {94#true} is VALID [2022-02-20 18:06:06,382 INFO L290 TraceCheckUtils]: 1: Hoare triple {94#true} assume true; {94#true} is VALID [2022-02-20 18:06:06,382 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {94#true} {95#false} #236#return; {95#false} is VALID [2022-02-20 18:06:06,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {94#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {94#true} is VALID [2022-02-20 18:06:06,390 INFO L290 TraceCheckUtils]: 1: Hoare triple {94#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {94#true} is VALID [2022-02-20 18:06:06,390 INFO L290 TraceCheckUtils]: 2: Hoare triple {94#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {94#true} is VALID [2022-02-20 18:06:06,390 INFO L290 TraceCheckUtils]: 3: Hoare triple {94#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {94#true} is VALID [2022-02-20 18:06:06,390 INFO L290 TraceCheckUtils]: 4: Hoare triple {94#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {94#true} is VALID [2022-02-20 18:06:06,391 INFO L290 TraceCheckUtils]: 5: Hoare triple {94#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {94#true} is VALID [2022-02-20 18:06:06,391 INFO L290 TraceCheckUtils]: 6: Hoare triple {94#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {94#true} is VALID [2022-02-20 18:06:06,393 INFO L290 TraceCheckUtils]: 7: Hoare triple {94#true} assume false; {95#false} is VALID [2022-02-20 18:06:06,393 INFO L272 TraceCheckUtils]: 8: Hoare triple {95#false} call cleanup(); {95#false} is VALID [2022-02-20 18:06:06,394 INFO L290 TraceCheckUtils]: 9: Hoare triple {95#false} havoc ~i~0;havoc ~__cil_tmp2~0; {95#false} is VALID [2022-02-20 18:06:06,395 INFO L272 TraceCheckUtils]: 10: Hoare triple {95#false} call timeShift(); {95#false} is VALID [2022-02-20 18:06:06,395 INFO L290 TraceCheckUtils]: 11: Hoare triple {95#false} assume !(0 != ~pumpRunning~0); {95#false} is VALID [2022-02-20 18:06:06,396 INFO L290 TraceCheckUtils]: 12: Hoare triple {95#false} assume !(0 != ~systemActive~0); {95#false} is VALID [2022-02-20 18:06:06,396 INFO L290 TraceCheckUtils]: 13: Hoare triple {95#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {95#false} is VALID [2022-02-20 18:06:06,396 INFO L272 TraceCheckUtils]: 14: Hoare triple {95#false} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {94#true} is VALID [2022-02-20 18:06:06,396 INFO L290 TraceCheckUtils]: 15: Hoare triple {94#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {94#true} is VALID [2022-02-20 18:06:06,397 INFO L290 TraceCheckUtils]: 16: Hoare triple {94#true} assume true; {94#true} is VALID [2022-02-20 18:06:06,397 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {94#true} {95#false} #236#return; {95#false} is VALID [2022-02-20 18:06:06,397 INFO L290 TraceCheckUtils]: 18: Hoare triple {95#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {95#false} is VALID [2022-02-20 18:06:06,398 INFO L290 TraceCheckUtils]: 19: Hoare triple {95#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {95#false} is VALID [2022-02-20 18:06:06,398 INFO L290 TraceCheckUtils]: 20: Hoare triple {95#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {95#false} is VALID [2022-02-20 18:06:06,399 INFO L290 TraceCheckUtils]: 21: Hoare triple {95#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {95#false} is VALID [2022-02-20 18:06:06,399 INFO L290 TraceCheckUtils]: 22: Hoare triple {95#false} assume !false; {95#false} is VALID [2022-02-20 18:06:06,400 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:06,401 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:06,401 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [430220431] [2022-02-20 18:06:06,401 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [430220431] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:06,402 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:06,402 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:06:06,403 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1839859904] [2022-02-20 18:06:06,405 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:06,410 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:06,412 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:06,415 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:06,456 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:06,456 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:06:06,457 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:06,476 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:06:06,476 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:06,479 INFO L87 Difference]: Start difference. First operand has 91 states, 66 states have (on average 1.378787878787879) internal successors, (91), 75 states have internal predecessors, (91), 15 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (15), 11 states have call predecessors, (15), 15 states have call successors, (15) Second operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:06,579 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:06,580 INFO L93 Difference]: Finished difference Result 174 states and 237 transitions. [2022-02-20 18:06:06,580 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:06:06,580 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:06,581 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:06,582 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:06,592 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 237 transitions. [2022-02-20 18:06:06,592 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:06,599 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 237 transitions. [2022-02-20 18:06:06,599 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 237 transitions. [2022-02-20 18:06:06,781 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 237 edges. 237 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:06,789 INFO L225 Difference]: With dead ends: 174 [2022-02-20 18:06:06,790 INFO L226 Difference]: Without dead ends: 82 [2022-02-20 18:06:06,792 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:06,794 INFO L933 BasicCegarLoop]: 115 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 115 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:06,795 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 115 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:06,807 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 82 states. [2022-02-20 18:06:06,820 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 82 to 82. [2022-02-20 18:06:06,820 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:06,821 INFO L82 GeneralOperation]: Start isEquivalent. First operand 82 states. Second operand has 82 states, 59 states have (on average 1.305084745762712) internal successors, (77), 67 states have internal predecessors, (77), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:06:06,822 INFO L74 IsIncluded]: Start isIncluded. First operand 82 states. Second operand has 82 states, 59 states have (on average 1.305084745762712) internal successors, (77), 67 states have internal predecessors, (77), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:06:06,823 INFO L87 Difference]: Start difference. First operand 82 states. Second operand has 82 states, 59 states have (on average 1.305084745762712) internal successors, (77), 67 states have internal predecessors, (77), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:06:06,829 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:06,829 INFO L93 Difference]: Finished difference Result 82 states and 106 transitions. [2022-02-20 18:06:06,829 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 106 transitions. [2022-02-20 18:06:06,830 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:06,830 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:06,831 INFO L74 IsIncluded]: Start isIncluded. First operand has 82 states, 59 states have (on average 1.305084745762712) internal successors, (77), 67 states have internal predecessors, (77), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) Second operand 82 states. [2022-02-20 18:06:06,845 INFO L87 Difference]: Start difference. First operand has 82 states, 59 states have (on average 1.305084745762712) internal successors, (77), 67 states have internal predecessors, (77), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) Second operand 82 states. [2022-02-20 18:06:06,850 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:06,850 INFO L93 Difference]: Finished difference Result 82 states and 106 transitions. [2022-02-20 18:06:06,850 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 106 transitions. [2022-02-20 18:06:06,851 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:06,851 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:06,852 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:06,852 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:06,852 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 82 states, 59 states have (on average 1.305084745762712) internal successors, (77), 67 states have internal predecessors, (77), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:06:06,856 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 82 states to 82 states and 106 transitions. [2022-02-20 18:06:06,857 INFO L78 Accepts]: Start accepts. Automaton has 82 states and 106 transitions. Word has length 23 [2022-02-20 18:06:06,857 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:06,857 INFO L470 AbstractCegarLoop]: Abstraction has 82 states and 106 transitions. [2022-02-20 18:06:06,858 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:06,858 INFO L276 IsEmpty]: Start isEmpty. Operand 82 states and 106 transitions. [2022-02-20 18:06:06,859 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:06:06,862 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:06,862 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:06,863 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:06:06,863 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:06,864 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:06,864 INFO L85 PathProgramCache]: Analyzing trace with hash -639075496, now seen corresponding path program 1 times [2022-02-20 18:06:06,864 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:06,864 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [182853898] [2022-02-20 18:06:06,864 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:06,865 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:06,894 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:06,941 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:06:06,943 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:06,951 INFO L290 TraceCheckUtils]: 0: Hoare triple {637#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {637#true} is VALID [2022-02-20 18:06:06,951 INFO L290 TraceCheckUtils]: 1: Hoare triple {637#true} assume true; {637#true} is VALID [2022-02-20 18:06:06,951 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {637#true} {638#false} #236#return; {638#false} is VALID [2022-02-20 18:06:06,952 INFO L290 TraceCheckUtils]: 0: Hoare triple {637#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {637#true} is VALID [2022-02-20 18:06:06,952 INFO L290 TraceCheckUtils]: 1: Hoare triple {637#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {637#true} is VALID [2022-02-20 18:06:06,952 INFO L290 TraceCheckUtils]: 2: Hoare triple {637#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {637#true} is VALID [2022-02-20 18:06:06,952 INFO L290 TraceCheckUtils]: 3: Hoare triple {637#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {637#true} is VALID [2022-02-20 18:06:06,952 INFO L290 TraceCheckUtils]: 4: Hoare triple {637#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {637#true} is VALID [2022-02-20 18:06:06,953 INFO L290 TraceCheckUtils]: 5: Hoare triple {637#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {637#true} is VALID [2022-02-20 18:06:06,953 INFO L290 TraceCheckUtils]: 6: Hoare triple {637#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {639#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:06,954 INFO L290 TraceCheckUtils]: 7: Hoare triple {639#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {639#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:06,955 INFO L290 TraceCheckUtils]: 8: Hoare triple {639#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {638#false} is VALID [2022-02-20 18:06:06,955 INFO L272 TraceCheckUtils]: 9: Hoare triple {638#false} call cleanup(); {638#false} is VALID [2022-02-20 18:06:06,955 INFO L290 TraceCheckUtils]: 10: Hoare triple {638#false} havoc ~i~0;havoc ~__cil_tmp2~0; {638#false} is VALID [2022-02-20 18:06:06,955 INFO L272 TraceCheckUtils]: 11: Hoare triple {638#false} call timeShift(); {638#false} is VALID [2022-02-20 18:06:06,956 INFO L290 TraceCheckUtils]: 12: Hoare triple {638#false} assume !(0 != ~pumpRunning~0); {638#false} is VALID [2022-02-20 18:06:06,956 INFO L290 TraceCheckUtils]: 13: Hoare triple {638#false} assume !(0 != ~systemActive~0); {638#false} is VALID [2022-02-20 18:06:06,956 INFO L290 TraceCheckUtils]: 14: Hoare triple {638#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {638#false} is VALID [2022-02-20 18:06:06,956 INFO L272 TraceCheckUtils]: 15: Hoare triple {638#false} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {637#true} is VALID [2022-02-20 18:06:06,956 INFO L290 TraceCheckUtils]: 16: Hoare triple {637#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {637#true} is VALID [2022-02-20 18:06:06,956 INFO L290 TraceCheckUtils]: 17: Hoare triple {637#true} assume true; {637#true} is VALID [2022-02-20 18:06:06,957 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {637#true} {638#false} #236#return; {638#false} is VALID [2022-02-20 18:06:06,957 INFO L290 TraceCheckUtils]: 19: Hoare triple {638#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {638#false} is VALID [2022-02-20 18:06:06,957 INFO L290 TraceCheckUtils]: 20: Hoare triple {638#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {638#false} is VALID [2022-02-20 18:06:06,961 INFO L290 TraceCheckUtils]: 21: Hoare triple {638#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {638#false} is VALID [2022-02-20 18:06:06,961 INFO L290 TraceCheckUtils]: 22: Hoare triple {638#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {638#false} is VALID [2022-02-20 18:06:06,962 INFO L290 TraceCheckUtils]: 23: Hoare triple {638#false} assume !false; {638#false} is VALID [2022-02-20 18:06:06,962 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:06,962 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:06,962 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [182853898] [2022-02-20 18:06:06,963 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [182853898] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:06,963 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:06,963 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:06:06,964 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1435624994] [2022-02-20 18:06:06,964 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:06,965 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:06,965 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:06,965 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:06,982 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:06,982 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:06,982 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:06,983 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:06,984 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:06,984 INFO L87 Difference]: Start difference. First operand 82 states and 106 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:07,091 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:07,091 INFO L93 Difference]: Finished difference Result 126 states and 162 transitions. [2022-02-20 18:06:07,092 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:07,092 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:07,092 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:07,092 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:07,095 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 162 transitions. [2022-02-20 18:06:07,096 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:07,100 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 162 transitions. [2022-02-20 18:06:07,100 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 162 transitions. [2022-02-20 18:06:07,224 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 162 edges. 162 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:07,228 INFO L225 Difference]: With dead ends: 126 [2022-02-20 18:06:07,229 INFO L226 Difference]: Without dead ends: 73 [2022-02-20 18:06:07,235 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:07,237 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 16 mSDsluCounter, 72 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 165 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:07,237 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 165 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:07,239 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2022-02-20 18:06:07,242 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 73. [2022-02-20 18:06:07,243 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:07,243 INFO L82 GeneralOperation]: Start isEquivalent. First operand 73 states. Second operand has 73 states, 53 states have (on average 1.320754716981132) internal successors, (70), 61 states have internal predecessors, (70), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:06:07,244 INFO L74 IsIncluded]: Start isIncluded. First operand 73 states. Second operand has 73 states, 53 states have (on average 1.320754716981132) internal successors, (70), 61 states have internal predecessors, (70), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:06:07,244 INFO L87 Difference]: Start difference. First operand 73 states. Second operand has 73 states, 53 states have (on average 1.320754716981132) internal successors, (70), 61 states have internal predecessors, (70), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:06:07,246 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:07,247 INFO L93 Difference]: Finished difference Result 73 states and 94 transitions. [2022-02-20 18:06:07,247 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 94 transitions. [2022-02-20 18:06:07,247 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:07,247 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:07,248 INFO L74 IsIncluded]: Start isIncluded. First operand has 73 states, 53 states have (on average 1.320754716981132) internal successors, (70), 61 states have internal predecessors, (70), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) Second operand 73 states. [2022-02-20 18:06:07,248 INFO L87 Difference]: Start difference. First operand has 73 states, 53 states have (on average 1.320754716981132) internal successors, (70), 61 states have internal predecessors, (70), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) Second operand 73 states. [2022-02-20 18:06:07,250 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:07,251 INFO L93 Difference]: Finished difference Result 73 states and 94 transitions. [2022-02-20 18:06:07,251 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 94 transitions. [2022-02-20 18:06:07,251 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:07,251 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:07,251 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:07,252 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:07,252 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 73 states, 53 states have (on average 1.320754716981132) internal successors, (70), 61 states have internal predecessors, (70), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:06:07,254 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 73 states to 73 states and 94 transitions. [2022-02-20 18:06:07,254 INFO L78 Accepts]: Start accepts. Automaton has 73 states and 94 transitions. Word has length 24 [2022-02-20 18:06:07,254 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:07,255 INFO L470 AbstractCegarLoop]: Abstraction has 73 states and 94 transitions. [2022-02-20 18:06:07,255 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:07,255 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 94 transitions. [2022-02-20 18:06:07,256 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-02-20 18:06:07,256 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:07,256 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:07,256 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:06:07,256 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:07,257 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:07,257 INFO L85 PathProgramCache]: Analyzing trace with hash 1922236756, now seen corresponding path program 1 times [2022-02-20 18:06:07,257 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:07,257 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1178893569] [2022-02-20 18:06:07,257 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:07,257 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:07,278 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:07,341 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:06:07,342 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:07,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {1079#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {1079#true} is VALID [2022-02-20 18:06:07,350 INFO L290 TraceCheckUtils]: 1: Hoare triple {1079#true} assume true; {1079#true} is VALID [2022-02-20 18:06:07,350 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1079#true} {1080#false} #236#return; {1080#false} is VALID [2022-02-20 18:06:07,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {1079#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {1081#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:07,352 INFO L290 TraceCheckUtils]: 1: Hoare triple {1081#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1081#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:07,353 INFO L290 TraceCheckUtils]: 2: Hoare triple {1081#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1081#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:07,353 INFO L290 TraceCheckUtils]: 3: Hoare triple {1081#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {1082#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:06:07,354 INFO L290 TraceCheckUtils]: 4: Hoare triple {1082#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1083#(= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)} is VALID [2022-02-20 18:06:07,354 INFO L290 TraceCheckUtils]: 5: Hoare triple {1083#(= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,355 INFO L290 TraceCheckUtils]: 6: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,355 INFO L290 TraceCheckUtils]: 7: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume !false; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,355 INFO L290 TraceCheckUtils]: 8: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,371 INFO L290 TraceCheckUtils]: 9: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,372 INFO L290 TraceCheckUtils]: 10: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~3#1); {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,373 INFO L290 TraceCheckUtils]: 11: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,373 INFO L290 TraceCheckUtils]: 12: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~0#1); {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,373 INFO L290 TraceCheckUtils]: 13: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,374 INFO L290 TraceCheckUtils]: 14: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___2~0#1; {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,374 INFO L272 TraceCheckUtils]: 15: Hoare triple {1084#(not (= 0 ~systemActive~0))} call timeShift(); {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,374 INFO L290 TraceCheckUtils]: 16: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {1084#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:07,375 INFO L290 TraceCheckUtils]: 17: Hoare triple {1084#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {1080#false} is VALID [2022-02-20 18:06:07,375 INFO L290 TraceCheckUtils]: 18: Hoare triple {1080#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {1080#false} is VALID [2022-02-20 18:06:07,375 INFO L272 TraceCheckUtils]: 19: Hoare triple {1080#false} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {1079#true} is VALID [2022-02-20 18:06:07,375 INFO L290 TraceCheckUtils]: 20: Hoare triple {1079#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {1079#true} is VALID [2022-02-20 18:06:07,375 INFO L290 TraceCheckUtils]: 21: Hoare triple {1079#true} assume true; {1079#true} is VALID [2022-02-20 18:06:07,376 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1079#true} {1080#false} #236#return; {1080#false} is VALID [2022-02-20 18:06:07,376 INFO L290 TraceCheckUtils]: 23: Hoare triple {1080#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {1080#false} is VALID [2022-02-20 18:06:07,376 INFO L290 TraceCheckUtils]: 24: Hoare triple {1080#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {1080#false} is VALID [2022-02-20 18:06:07,376 INFO L290 TraceCheckUtils]: 25: Hoare triple {1080#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {1080#false} is VALID [2022-02-20 18:06:07,376 INFO L290 TraceCheckUtils]: 26: Hoare triple {1080#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {1080#false} is VALID [2022-02-20 18:06:07,376 INFO L290 TraceCheckUtils]: 27: Hoare triple {1080#false} assume !false; {1080#false} is VALID [2022-02-20 18:06:07,377 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:07,377 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:07,377 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1178893569] [2022-02-20 18:06:07,377 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1178893569] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:07,377 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:07,377 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:07,378 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1806712139] [2022-02-20 18:06:07,378 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:07,378 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.166666666666667) internal successors, (25), 6 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 28 [2022-02-20 18:06:07,378 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:07,379 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.166666666666667) internal successors, (25), 6 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:07,396 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:07,396 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:07,396 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:07,397 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:07,397 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:07,397 INFO L87 Difference]: Start difference. First operand 73 states and 94 transitions. Second operand has 6 states, 6 states have (on average 4.166666666666667) internal successors, (25), 6 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:07,994 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:07,994 INFO L93 Difference]: Finished difference Result 246 states and 323 transitions. [2022-02-20 18:06:07,994 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:07,995 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.166666666666667) internal successors, (25), 6 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 28 [2022-02-20 18:06:07,995 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:07,995 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.166666666666667) internal successors, (25), 6 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:07,999 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 323 transitions. [2022-02-20 18:06:07,999 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.166666666666667) internal successors, (25), 6 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:08,003 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 323 transitions. [2022-02-20 18:06:08,003 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 323 transitions. [2022-02-20 18:06:08,213 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 323 edges. 323 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:08,217 INFO L225 Difference]: With dead ends: 246 [2022-02-20 18:06:08,218 INFO L226 Difference]: Without dead ends: 180 [2022-02-20 18:06:08,218 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:06:08,219 INFO L933 BasicCegarLoop]: 116 mSDtfsCounter, 248 mSDsluCounter, 296 mSDsCounter, 0 mSdLazyCounter, 111 mSolverCounterSat, 37 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 248 SdHoareTripleChecker+Valid, 412 SdHoareTripleChecker+Invalid, 148 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 37 IncrementalHoareTripleChecker+Valid, 111 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:08,219 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [248 Valid, 412 Invalid, 148 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [37 Valid, 111 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:06:08,220 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 180 states. [2022-02-20 18:06:08,230 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 180 to 174. [2022-02-20 18:06:08,230 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:08,231 INFO L82 GeneralOperation]: Start isEquivalent. First operand 180 states. Second operand has 174 states, 125 states have (on average 1.352) internal successors, (169), 143 states have internal predecessors, (169), 29 states have call successors, (29), 19 states have call predecessors, (29), 19 states have return successors, (30), 19 states have call predecessors, (30), 29 states have call successors, (30) [2022-02-20 18:06:08,232 INFO L74 IsIncluded]: Start isIncluded. First operand 180 states. Second operand has 174 states, 125 states have (on average 1.352) internal successors, (169), 143 states have internal predecessors, (169), 29 states have call successors, (29), 19 states have call predecessors, (29), 19 states have return successors, (30), 19 states have call predecessors, (30), 29 states have call successors, (30) [2022-02-20 18:06:08,232 INFO L87 Difference]: Start difference. First operand 180 states. Second operand has 174 states, 125 states have (on average 1.352) internal successors, (169), 143 states have internal predecessors, (169), 29 states have call successors, (29), 19 states have call predecessors, (29), 19 states have return successors, (30), 19 states have call predecessors, (30), 29 states have call successors, (30) [2022-02-20 18:06:08,238 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:08,238 INFO L93 Difference]: Finished difference Result 180 states and 232 transitions. [2022-02-20 18:06:08,238 INFO L276 IsEmpty]: Start isEmpty. Operand 180 states and 232 transitions. [2022-02-20 18:06:08,239 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:08,239 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:08,240 INFO L74 IsIncluded]: Start isIncluded. First operand has 174 states, 125 states have (on average 1.352) internal successors, (169), 143 states have internal predecessors, (169), 29 states have call successors, (29), 19 states have call predecessors, (29), 19 states have return successors, (30), 19 states have call predecessors, (30), 29 states have call successors, (30) Second operand 180 states. [2022-02-20 18:06:08,240 INFO L87 Difference]: Start difference. First operand has 174 states, 125 states have (on average 1.352) internal successors, (169), 143 states have internal predecessors, (169), 29 states have call successors, (29), 19 states have call predecessors, (29), 19 states have return successors, (30), 19 states have call predecessors, (30), 29 states have call successors, (30) Second operand 180 states. [2022-02-20 18:06:08,246 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:08,246 INFO L93 Difference]: Finished difference Result 180 states and 232 transitions. [2022-02-20 18:06:08,246 INFO L276 IsEmpty]: Start isEmpty. Operand 180 states and 232 transitions. [2022-02-20 18:06:08,247 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:08,247 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:08,247 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:08,247 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:08,248 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 174 states, 125 states have (on average 1.352) internal successors, (169), 143 states have internal predecessors, (169), 29 states have call successors, (29), 19 states have call predecessors, (29), 19 states have return successors, (30), 19 states have call predecessors, (30), 29 states have call successors, (30) [2022-02-20 18:06:08,253 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 174 states to 174 states and 228 transitions. [2022-02-20 18:06:08,254 INFO L78 Accepts]: Start accepts. Automaton has 174 states and 228 transitions. Word has length 28 [2022-02-20 18:06:08,254 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:08,254 INFO L470 AbstractCegarLoop]: Abstraction has 174 states and 228 transitions. [2022-02-20 18:06:08,254 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.166666666666667) internal successors, (25), 6 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:08,254 INFO L276 IsEmpty]: Start isEmpty. Operand 174 states and 228 transitions. [2022-02-20 18:06:08,255 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:06:08,255 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:08,255 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:08,255 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:06:08,256 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:08,256 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:08,256 INFO L85 PathProgramCache]: Analyzing trace with hash 1773208458, now seen corresponding path program 1 times [2022-02-20 18:06:08,256 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:08,256 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [99871722] [2022-02-20 18:06:08,256 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:08,257 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:08,293 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,336 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:08,338 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:08,345 INFO L290 TraceCheckUtils]: 0: Hoare triple {2048#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:08,345 INFO L290 TraceCheckUtils]: 1: Hoare triple {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:08,346 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {2050#(= ~methaneLevelCritical~0 0)} #236#return; {2054#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret48#1| 0)} is VALID [2022-02-20 18:06:08,346 INFO L290 TraceCheckUtils]: 0: Hoare triple {2048#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,347 INFO L290 TraceCheckUtils]: 1: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,347 INFO L290 TraceCheckUtils]: 2: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,347 INFO L290 TraceCheckUtils]: 3: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,348 INFO L290 TraceCheckUtils]: 4: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,348 INFO L290 TraceCheckUtils]: 5: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,348 INFO L290 TraceCheckUtils]: 6: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,349 INFO L290 TraceCheckUtils]: 7: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume !false; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,349 INFO L290 TraceCheckUtils]: 8: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume test_~splverifierCounter~0#1 < 4; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,349 INFO L290 TraceCheckUtils]: 9: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,350 INFO L290 TraceCheckUtils]: 10: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp~3#1); {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,350 INFO L290 TraceCheckUtils]: 11: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,351 INFO L290 TraceCheckUtils]: 12: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___0~0#1); {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,351 INFO L290 TraceCheckUtils]: 13: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,351 INFO L290 TraceCheckUtils]: 14: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,352 INFO L290 TraceCheckUtils]: 15: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,352 INFO L290 TraceCheckUtils]: 16: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,352 INFO L290 TraceCheckUtils]: 17: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} ~systemActive~0 := 0; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,353 INFO L290 TraceCheckUtils]: 18: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume { :end_inline_stopSystem } true; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,353 INFO L272 TraceCheckUtils]: 19: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} call timeShift(); {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,354 INFO L290 TraceCheckUtils]: 20: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,354 INFO L290 TraceCheckUtils]: 21: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume !(0 != ~systemActive~0); {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,354 INFO L290 TraceCheckUtils]: 22: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {2050#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:08,354 INFO L272 TraceCheckUtils]: 23: Hoare triple {2050#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {2048#true} is VALID [2022-02-20 18:06:08,355 INFO L290 TraceCheckUtils]: 24: Hoare triple {2048#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:08,355 INFO L290 TraceCheckUtils]: 25: Hoare triple {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:08,356 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {2056#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {2050#(= ~methaneLevelCritical~0 0)} #236#return; {2054#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret48#1| 0)} is VALID [2022-02-20 18:06:08,356 INFO L290 TraceCheckUtils]: 27: Hoare triple {2054#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret48#1| 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {2055#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~7#1| 0)} is VALID [2022-02-20 18:06:08,357 INFO L290 TraceCheckUtils]: 28: Hoare triple {2055#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~7#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {2049#false} is VALID [2022-02-20 18:06:08,357 INFO L290 TraceCheckUtils]: 29: Hoare triple {2049#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {2049#false} is VALID [2022-02-20 18:06:08,357 INFO L290 TraceCheckUtils]: 30: Hoare triple {2049#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {2049#false} is VALID [2022-02-20 18:06:08,357 INFO L290 TraceCheckUtils]: 31: Hoare triple {2049#false} assume !false; {2049#false} is VALID [2022-02-20 18:06:08,358 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:08,358 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:08,358 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [99871722] [2022-02-20 18:06:08,358 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [99871722] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:08,358 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:08,358 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:08,358 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [477667666] [2022-02-20 18:06:08,359 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:08,359 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:06:08,359 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:08,359 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:08,379 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:08,380 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:08,380 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:08,380 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:08,380 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:08,381 INFO L87 Difference]: Start difference. First operand 174 states and 228 transitions. Second operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:08,680 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:08,681 INFO L93 Difference]: Finished difference Result 509 states and 680 transitions. [2022-02-20 18:06:08,681 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:06:08,681 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:06:08,682 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:08,682 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:08,685 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 270 transitions. [2022-02-20 18:06:08,685 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:08,689 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 270 transitions. [2022-02-20 18:06:08,689 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 270 transitions. [2022-02-20 18:06:08,841 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 270 edges. 270 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:08,853 INFO L225 Difference]: With dead ends: 509 [2022-02-20 18:06:08,853 INFO L226 Difference]: Without dead ends: 342 [2022-02-20 18:06:08,854 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:06:08,860 INFO L933 BasicCegarLoop]: 103 mSDtfsCounter, 65 mSDsluCounter, 358 mSDsCounter, 0 mSdLazyCounter, 50 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 461 SdHoareTripleChecker+Invalid, 54 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 50 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:08,861 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [68 Valid, 461 Invalid, 54 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 50 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:08,864 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 342 states. [2022-02-20 18:06:08,904 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 342 to 333. [2022-02-20 18:06:08,904 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:08,905 INFO L82 GeneralOperation]: Start isEquivalent. First operand 342 states. Second operand has 333 states, 236 states have (on average 1.3347457627118644) internal successors, (315), 271 states have internal predecessors, (315), 58 states have call successors, (58), 38 states have call predecessors, (58), 38 states have return successors, (63), 38 states have call predecessors, (63), 58 states have call successors, (63) [2022-02-20 18:06:08,907 INFO L74 IsIncluded]: Start isIncluded. First operand 342 states. Second operand has 333 states, 236 states have (on average 1.3347457627118644) internal successors, (315), 271 states have internal predecessors, (315), 58 states have call successors, (58), 38 states have call predecessors, (58), 38 states have return successors, (63), 38 states have call predecessors, (63), 58 states have call successors, (63) [2022-02-20 18:06:08,909 INFO L87 Difference]: Start difference. First operand 342 states. Second operand has 333 states, 236 states have (on average 1.3347457627118644) internal successors, (315), 271 states have internal predecessors, (315), 58 states have call successors, (58), 38 states have call predecessors, (58), 38 states have return successors, (63), 38 states have call predecessors, (63), 58 states have call successors, (63) [2022-02-20 18:06:08,922 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:08,922 INFO L93 Difference]: Finished difference Result 342 states and 446 transitions. [2022-02-20 18:06:08,923 INFO L276 IsEmpty]: Start isEmpty. Operand 342 states and 446 transitions. [2022-02-20 18:06:08,924 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:08,924 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:08,926 INFO L74 IsIncluded]: Start isIncluded. First operand has 333 states, 236 states have (on average 1.3347457627118644) internal successors, (315), 271 states have internal predecessors, (315), 58 states have call successors, (58), 38 states have call predecessors, (58), 38 states have return successors, (63), 38 states have call predecessors, (63), 58 states have call successors, (63) Second operand 342 states. [2022-02-20 18:06:08,927 INFO L87 Difference]: Start difference. First operand has 333 states, 236 states have (on average 1.3347457627118644) internal successors, (315), 271 states have internal predecessors, (315), 58 states have call successors, (58), 38 states have call predecessors, (58), 38 states have return successors, (63), 38 states have call predecessors, (63), 58 states have call successors, (63) Second operand 342 states. [2022-02-20 18:06:08,937 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:08,937 INFO L93 Difference]: Finished difference Result 342 states and 446 transitions. [2022-02-20 18:06:08,937 INFO L276 IsEmpty]: Start isEmpty. Operand 342 states and 446 transitions. [2022-02-20 18:06:08,939 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:08,939 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:08,939 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:08,939 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:08,940 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 333 states, 236 states have (on average 1.3347457627118644) internal successors, (315), 271 states have internal predecessors, (315), 58 states have call successors, (58), 38 states have call predecessors, (58), 38 states have return successors, (63), 38 states have call predecessors, (63), 58 states have call successors, (63) [2022-02-20 18:06:08,951 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 333 states to 333 states and 436 transitions. [2022-02-20 18:06:08,952 INFO L78 Accepts]: Start accepts. Automaton has 333 states and 436 transitions. Word has length 32 [2022-02-20 18:06:08,953 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:08,953 INFO L470 AbstractCegarLoop]: Abstraction has 333 states and 436 transitions. [2022-02-20 18:06:08,953 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:08,953 INFO L276 IsEmpty]: Start isEmpty. Operand 333 states and 436 transitions. [2022-02-20 18:06:08,955 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-02-20 18:06:08,955 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:08,955 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:08,956 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:06:08,956 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:08,956 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:08,956 INFO L85 PathProgramCache]: Analyzing trace with hash -491579890, now seen corresponding path program 1 times [2022-02-20 18:06:08,956 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:08,956 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [570188138] [2022-02-20 18:06:08,957 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:08,957 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:08,981 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:09,035 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:09,038 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:09,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {3952#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3941#true} is VALID [2022-02-20 18:06:09,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {3941#true} assume true; {3941#true} is VALID [2022-02-20 18:06:09,052 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3941#true} {3943#(= ~pumpRunning~0 0)} #240#return; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:06:09,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:09,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {3941#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {3941#true} is VALID [2022-02-20 18:06:09,058 INFO L290 TraceCheckUtils]: 1: Hoare triple {3941#true} assume true; {3941#true} is VALID [2022-02-20 18:06:09,059 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3941#true} {3943#(= ~pumpRunning~0 0)} #236#return; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,060 INFO L290 TraceCheckUtils]: 0: Hoare triple {3941#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,061 INFO L290 TraceCheckUtils]: 1: Hoare triple {3943#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,061 INFO L290 TraceCheckUtils]: 2: Hoare triple {3943#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,061 INFO L290 TraceCheckUtils]: 3: Hoare triple {3943#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,062 INFO L290 TraceCheckUtils]: 4: Hoare triple {3943#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,062 INFO L290 TraceCheckUtils]: 5: Hoare triple {3943#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,062 INFO L290 TraceCheckUtils]: 6: Hoare triple {3943#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,063 INFO L290 TraceCheckUtils]: 7: Hoare triple {3943#(= ~pumpRunning~0 0)} assume !false; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,063 INFO L290 TraceCheckUtils]: 8: Hoare triple {3943#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,063 INFO L290 TraceCheckUtils]: 9: Hoare triple {3943#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,063 INFO L290 TraceCheckUtils]: 10: Hoare triple {3943#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~3#1); {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,064 INFO L290 TraceCheckUtils]: 11: Hoare triple {3943#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,064 INFO L290 TraceCheckUtils]: 12: Hoare triple {3943#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___0~0#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,065 INFO L272 TraceCheckUtils]: 13: Hoare triple {3943#(= ~pumpRunning~0 0)} call changeMethaneLevel(); {3952#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:09,065 INFO L290 TraceCheckUtils]: 14: Hoare triple {3952#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3941#true} is VALID [2022-02-20 18:06:09,065 INFO L290 TraceCheckUtils]: 15: Hoare triple {3941#true} assume true; {3941#true} is VALID [2022-02-20 18:06:09,065 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {3941#true} {3943#(= ~pumpRunning~0 0)} #240#return; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,066 INFO L290 TraceCheckUtils]: 17: Hoare triple {3943#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,066 INFO L290 TraceCheckUtils]: 18: Hoare triple {3943#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,066 INFO L290 TraceCheckUtils]: 19: Hoare triple {3943#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,067 INFO L290 TraceCheckUtils]: 20: Hoare triple {3943#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,067 INFO L290 TraceCheckUtils]: 21: Hoare triple {3943#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,067 INFO L290 TraceCheckUtils]: 22: Hoare triple {3943#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,067 INFO L272 TraceCheckUtils]: 23: Hoare triple {3943#(= ~pumpRunning~0 0)} call timeShift(); {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,068 INFO L290 TraceCheckUtils]: 24: Hoare triple {3943#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,068 INFO L290 TraceCheckUtils]: 25: Hoare triple {3943#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,068 INFO L290 TraceCheckUtils]: 26: Hoare triple {3943#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,069 INFO L272 TraceCheckUtils]: 27: Hoare triple {3943#(= ~pumpRunning~0 0)} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {3941#true} is VALID [2022-02-20 18:06:09,069 INFO L290 TraceCheckUtils]: 28: Hoare triple {3941#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {3941#true} is VALID [2022-02-20 18:06:09,069 INFO L290 TraceCheckUtils]: 29: Hoare triple {3941#true} assume true; {3941#true} is VALID [2022-02-20 18:06:09,069 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {3941#true} {3943#(= ~pumpRunning~0 0)} #236#return; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,070 INFO L290 TraceCheckUtils]: 31: Hoare triple {3943#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {3943#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:09,073 INFO L290 TraceCheckUtils]: 32: Hoare triple {3943#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {3950#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:06:09,073 INFO L290 TraceCheckUtils]: 33: Hoare triple {3950#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {3951#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:06:09,074 INFO L290 TraceCheckUtils]: 34: Hoare triple {3951#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {3942#false} is VALID [2022-02-20 18:06:09,074 INFO L290 TraceCheckUtils]: 35: Hoare triple {3942#false} assume !false; {3942#false} is VALID [2022-02-20 18:06:09,074 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:09,075 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:09,075 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [570188138] [2022-02-20 18:06:09,075 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [570188138] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:09,075 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:09,075 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:09,075 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1931988005] [2022-02-20 18:06:09,075 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:09,076 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 36 [2022-02-20 18:06:09,076 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:09,076 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:09,097 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:09,097 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:09,097 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:09,098 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:09,098 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:09,098 INFO L87 Difference]: Start difference. First operand 333 states and 436 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:09,330 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:09,331 INFO L93 Difference]: Finished difference Result 578 states and 760 transitions. [2022-02-20 18:06:09,331 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:09,331 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 36 [2022-02-20 18:06:09,331 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:09,332 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:09,333 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 157 transitions. [2022-02-20 18:06:09,334 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:09,335 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 157 transitions. [2022-02-20 18:06:09,335 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 157 transitions. [2022-02-20 18:06:09,421 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 157 edges. 157 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:09,422 INFO L225 Difference]: With dead ends: 578 [2022-02-20 18:06:09,422 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:06:09,423 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:06:09,423 INFO L933 BasicCegarLoop]: 50 mSDtfsCounter, 54 mSDsluCounter, 77 mSDsCounter, 0 mSdLazyCounter, 83 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 55 SdHoareTripleChecker+Valid, 127 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 83 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:09,423 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [55 Valid, 127 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 83 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:09,424 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:06:09,424 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:06:09,424 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:09,424 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:09,424 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:09,424 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:09,425 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:09,425 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:06:09,425 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:09,425 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:09,425 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:09,425 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:06:09,425 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:06:09,425 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:09,425 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:06:09,425 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:09,426 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:09,426 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:09,426 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:09,426 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:09,426 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:09,426 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:06:09,426 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 36 [2022-02-20 18:06:09,426 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:09,426 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:06:09,427 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:09,427 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:09,427 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:09,429 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:06:09,429 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:06:09,431 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:06:09,947 INFO L861 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 681 688) the Hoare annotation is: true [2022-02-20 18:06:09,947 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 681 688) no Hoare annotation was computed. [2022-02-20 18:06:09,948 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 681 688) no Hoare annotation was computed. [2022-02-20 18:06:09,948 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 614 620) no Hoare annotation was computed. [2022-02-20 18:06:09,948 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 614 620) the Hoare annotation is: true [2022-02-20 18:06:09,948 INFO L854 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 449 460) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) [2022-02-20 18:06:09,948 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 449 460) no Hoare annotation was computed. [2022-02-20 18:06:09,948 INFO L858 garLoopResultBuilder]: For program point L453-1(lines 449 460) no Hoare annotation was computed. [2022-02-20 18:06:09,948 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 846 875) no Hoare annotation was computed. [2022-02-20 18:06:09,948 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 846 875) the Hoare annotation is: true [2022-02-20 18:06:09,948 INFO L858 garLoopResultBuilder]: For program point L860(lines 860 864) no Hoare annotation was computed. [2022-02-20 18:06:09,949 INFO L861 garLoopResultBuilder]: At program point L860-1(lines 860 864) the Hoare annotation is: true [2022-02-20 18:06:09,949 INFO L858 garLoopResultBuilder]: For program point L857(line 857) no Hoare annotation was computed. [2022-02-20 18:06:09,949 INFO L861 garLoopResultBuilder]: At program point L856-2(lines 856 870) the Hoare annotation is: true [2022-02-20 18:06:09,949 INFO L861 garLoopResultBuilder]: At program point L852(line 852) the Hoare annotation is: true [2022-02-20 18:06:09,949 INFO L858 garLoopResultBuilder]: For program point L852-1(line 852) no Hoare annotation was computed. [2022-02-20 18:06:09,949 INFO L861 garLoopResultBuilder]: At program point L871(lines 846 875) the Hoare annotation is: true [2022-02-20 18:06:09,949 INFO L858 garLoopResultBuilder]: For program point L867(line 867) no Hoare annotation was computed. [2022-02-20 18:06:09,949 INFO L854 garLoopResultBuilder]: At program point L667(line 667) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:06:09,949 INFO L854 garLoopResultBuilder]: At program point L667-1(lines 648 672) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:06:09,950 INFO L854 garLoopResultBuilder]: At program point L696(lines 689 699) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:09,950 INFO L858 garLoopResultBuilder]: For program point L601-1(lines 601 607) no Hoare annotation was computed. [2022-02-20 18:06:09,950 INFO L854 garLoopResultBuilder]: At program point L787(line 787) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:09,950 INFO L858 garLoopResultBuilder]: For program point L787-1(line 787) no Hoare annotation was computed. [2022-02-20 18:06:09,950 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 590 613) no Hoare annotation was computed. [2022-02-20 18:06:09,950 INFO L854 garLoopResultBuilder]: At program point L705(lines 700 708) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0))) (or .cse0 (and (= ~pumpRunning~0 0) (= |timeShift_isPumpRunning_#res#1| 0))))) [2022-02-20 18:06:09,950 INFO L858 garLoopResultBuilder]: For program point L594-1(lines 593 612) no Hoare annotation was computed. [2022-02-20 18:06:09,950 INFO L858 garLoopResultBuilder]: For program point L945(line 945) no Hoare annotation was computed. [2022-02-20 18:06:09,950 INFO L858 garLoopResultBuilder]: For program point L656(lines 656 664) no Hoare annotation was computed. [2022-02-20 18:06:09,951 INFO L858 garLoopResultBuilder]: For program point L429(lines 429 433) no Hoare annotation was computed. [2022-02-20 18:06:09,951 INFO L858 garLoopResultBuilder]: For program point L652(lines 652 669) no Hoare annotation was computed. [2022-02-20 18:06:09,951 INFO L854 garLoopResultBuilder]: At program point L429-2(lines 425 436) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:09,951 INFO L858 garLoopResultBuilder]: For program point L793(lines 793 799) no Hoare annotation was computed. [2022-02-20 18:06:09,951 INFO L854 garLoopResultBuilder]: At program point L694(line 694) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:09,951 INFO L858 garLoopResultBuilder]: For program point L694-1(line 694) no Hoare annotation was computed. [2022-02-20 18:06:09,951 INFO L858 garLoopResultBuilder]: For program point L789(lines 789 802) no Hoare annotation was computed. [2022-02-20 18:06:09,951 INFO L854 garLoopResultBuilder]: At program point L789-1(lines 781 805) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (= ~pumpRunning~0 0)) (or .cse0 (not (= ~methaneLevelCritical~0 0)) (= |timeShift___utac_acc__Specification1_spec__1_~tmp~7#1| 0)))) [2022-02-20 18:06:09,951 INFO L854 garLoopResultBuilder]: At program point L946(lines 941 948) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:09,952 INFO L854 garLoopResultBuilder]: At program point L662(line 662) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:09,952 INFO L854 garLoopResultBuilder]: At program point L658(line 658) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:09,952 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 590 613) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:09,952 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 590 613) no Hoare annotation was computed. [2022-02-20 18:06:09,952 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 945) no Hoare annotation was computed. [2022-02-20 18:06:09,952 INFO L861 garLoopResultBuilder]: At program point isMethaneLevelCriticalENTRY(lines 461 469) the Hoare annotation is: true [2022-02-20 18:06:09,952 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 461 469) no Hoare annotation was computed. [2022-02-20 18:06:09,952 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 461 469) no Hoare annotation was computed. [2022-02-20 18:06:09,953 INFO L854 garLoopResultBuilder]: At program point L832(lines 828 834) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:06:09,953 INFO L861 garLoopResultBuilder]: At program point L576(lines 515 580) the Hoare annotation is: true [2022-02-20 18:06:09,953 INFO L858 garLoopResultBuilder]: For program point L927(lines 927 934) no Hoare annotation was computed. [2022-02-20 18:06:09,953 INFO L858 garLoopResultBuilder]: For program point L927-2(lines 927 934) no Hoare annotation was computed. [2022-02-20 18:06:09,953 INFO L858 garLoopResultBuilder]: For program point L535(lines 535 541) no Hoare annotation was computed. [2022-02-20 18:06:09,953 INFO L858 garLoopResultBuilder]: For program point L535-1(lines 535 541) no Hoare annotation was computed. [2022-02-20 18:06:09,953 INFO L858 garLoopResultBuilder]: For program point L527(lines 527 531) no Hoare annotation was computed. [2022-02-20 18:06:09,953 INFO L861 garLoopResultBuilder]: At program point L936(lines 917 939) the Hoare annotation is: true [2022-02-20 18:06:09,953 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:06:09,953 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:06:09,954 INFO L854 garLoopResultBuilder]: At program point L573(lines 524 574) the Hoare annotation is: false [2022-02-20 18:06:09,954 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:06:09,954 INFO L854 garLoopResultBuilder]: At program point L825(lines 821 827) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:06:09,954 INFO L858 garLoopResultBuilder]: For program point L561(lines 561 567) no Hoare annotation was computed. [2022-02-20 18:06:09,954 INFO L854 garLoopResultBuilder]: At program point L561-2(lines 555 568) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:09,954 INFO L854 garLoopResultBuilder]: At program point L904(lines 900 906) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)) [2022-02-20 18:06:09,954 INFO L854 garLoopResultBuilder]: At program point L776(lines 764 778) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:09,954 INFO L858 garLoopResultBuilder]: For program point L545(lines 545 551) no Hoare annotation was computed. [2022-02-20 18:06:09,954 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:06:09,954 INFO L858 garLoopResultBuilder]: For program point L545-1(lines 545 551) no Hoare annotation was computed. [2022-02-20 18:06:09,955 INFO L858 garLoopResultBuilder]: For program point L768(lines 768 774) no Hoare annotation was computed. [2022-02-20 18:06:09,955 INFO L858 garLoopResultBuilder]: For program point L768-1(lines 768 774) no Hoare annotation was computed. [2022-02-20 18:06:09,955 INFO L854 garLoopResultBuilder]: At program point L570(lines 525 572) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:09,955 INFO L854 garLoopResultBuilder]: At program point L537(line 537) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:09,956 INFO L861 garLoopResultBuilder]: At program point L914(lines 907 916) the Hoare annotation is: true [2022-02-20 18:06:09,956 INFO L858 garLoopResultBuilder]: For program point L526(lines 525 572) no Hoare annotation was computed. [2022-02-20 18:06:09,956 INFO L858 garLoopResultBuilder]: For program point L555(lines 555 568) no Hoare annotation was computed. [2022-02-20 18:06:09,956 INFO L854 garLoopResultBuilder]: At program point L840(lines 835 843) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) [2022-02-20 18:06:09,956 INFO L854 garLoopResultBuilder]: At program point L547(line 547) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:09,956 INFO L854 garLoopResultBuilder]: At program point L770(line 770) the Hoare annotation is: false [2022-02-20 18:06:09,971 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 437 448) no Hoare annotation was computed. [2022-02-20 18:06:09,971 INFO L858 garLoopResultBuilder]: For program point L441-1(lines 437 448) no Hoare annotation was computed. [2022-02-20 18:06:09,971 INFO L861 garLoopResultBuilder]: At program point waterRiseENTRY(lines 437 448) the Hoare annotation is: true [2022-02-20 18:06:09,972 INFO L854 garLoopResultBuilder]: At program point L636(line 636) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:06:09,972 INFO L854 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 622 646) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (= 0 ~systemActive~0)) [2022-02-20 18:06:09,972 INFO L854 garLoopResultBuilder]: At program point L760(lines 745 763) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:06:09,972 INFO L854 garLoopResultBuilder]: At program point L632(line 632) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:06:09,972 INFO L858 garLoopResultBuilder]: For program point L630(lines 630 638) no Hoare annotation was computed. [2022-02-20 18:06:09,972 INFO L858 garLoopResultBuilder]: For program point L626(lines 626 643) no Hoare annotation was computed. [2022-02-20 18:06:09,972 INFO L858 garLoopResultBuilder]: For program point L754(lines 754 758) no Hoare annotation was computed. [2022-02-20 18:06:09,972 INFO L858 garLoopResultBuilder]: For program point L754-2(lines 754 758) no Hoare annotation was computed. [2022-02-20 18:06:09,972 INFO L854 garLoopResultBuilder]: At program point L641(line 641) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (= 0 ~systemActive~0)) [2022-02-20 18:06:09,972 INFO L858 garLoopResultBuilder]: For program point L641-1(lines 622 646) no Hoare annotation was computed. [2022-02-20 18:06:09,973 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 622 646) no Hoare annotation was computed. [2022-02-20 18:06:09,973 INFO L854 garLoopResultBuilder]: At program point L507(lines 502 510) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:06:09,975 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1] [2022-02-20 18:06:09,976 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:06:09,978 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:06:09,978 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: L453-1 has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: L453-1 has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: L429 has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: L594-1 has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: L441-1 has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: L441-1 has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: L626 has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:06:09,979 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:06:09,980 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:06:09,980 WARN L170 areAnnotationChecker]: L453-1 has no Hoare annotation [2022-02-20 18:06:09,980 WARN L170 areAnnotationChecker]: L852-1 has no Hoare annotation [2022-02-20 18:06:09,980 WARN L170 areAnnotationChecker]: L429 has no Hoare annotation [2022-02-20 18:06:09,980 WARN L170 areAnnotationChecker]: L429 has no Hoare annotation [2022-02-20 18:06:09,980 WARN L170 areAnnotationChecker]: L594-1 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L594-1 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L441-1 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L626 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L626 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L852-1 has no Hoare annotation [2022-02-20 18:06:09,981 WARN L170 areAnnotationChecker]: L594-1 has no Hoare annotation [2022-02-20 18:06:09,982 WARN L170 areAnnotationChecker]: L652 has no Hoare annotation [2022-02-20 18:06:09,982 WARN L170 areAnnotationChecker]: L652 has no Hoare annotation [2022-02-20 18:06:09,982 WARN L170 areAnnotationChecker]: L601-1 has no Hoare annotation [2022-02-20 18:06:09,982 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:06:09,982 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:06:09,982 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:06:09,982 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: L601-1 has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: L768-1 has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: L545-1 has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: L857 has no Hoare annotation [2022-02-20 18:06:09,983 WARN L170 areAnnotationChecker]: L694-1 has no Hoare annotation [2022-02-20 18:06:09,984 WARN L170 areAnnotationChecker]: L787-1 has no Hoare annotation [2022-02-20 18:06:09,984 WARN L170 areAnnotationChecker]: L694-1 has no Hoare annotation [2022-02-20 18:06:09,984 WARN L170 areAnnotationChecker]: L787-1 has no Hoare annotation [2022-02-20 18:06:09,984 WARN L170 areAnnotationChecker]: L535-1 has no Hoare annotation [2022-02-20 18:06:09,984 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:06:09,984 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:06:09,995 WARN L170 areAnnotationChecker]: L555 has no Hoare annotation [2022-02-20 18:06:09,995 WARN L170 areAnnotationChecker]: L555 has no Hoare annotation [2022-02-20 18:06:09,995 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L857 has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L656 has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L789 has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L789 has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L927 has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L545 has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L545 has no Hoare annotation [2022-02-20 18:06:09,996 WARN L170 areAnnotationChecker]: L754-2 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L561 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L561 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L860 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L860 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L656 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L656 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L793 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L927 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L927 has no Hoare annotation [2022-02-20 18:06:09,997 WARN L170 areAnnotationChecker]: L545-1 has no Hoare annotation [2022-02-20 18:06:09,998 WARN L170 areAnnotationChecker]: L630 has no Hoare annotation [2022-02-20 18:06:09,998 WARN L170 areAnnotationChecker]: L526 has no Hoare annotation [2022-02-20 18:06:09,998 WARN L170 areAnnotationChecker]: L768 has no Hoare annotation [2022-02-20 18:06:09,998 WARN L170 areAnnotationChecker]: L768 has no Hoare annotation [2022-02-20 18:06:09,998 WARN L170 areAnnotationChecker]: L867 has no Hoare annotation [2022-02-20 18:06:09,999 WARN L170 areAnnotationChecker]: L793 has no Hoare annotation [2022-02-20 18:06:09,999 WARN L170 areAnnotationChecker]: L793 has no Hoare annotation [2022-02-20 18:06:09,999 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:06:09,999 WARN L170 areAnnotationChecker]: L927-2 has no Hoare annotation [2022-02-20 18:06:09,999 WARN L170 areAnnotationChecker]: L630 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L630 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L526 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L526 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L768-1 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L927-2 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L867 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L945 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L945 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L527 has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:06:10,000 WARN L170 areAnnotationChecker]: L535 has no Hoare annotation [2022-02-20 18:06:10,001 WARN L170 areAnnotationChecker]: L535 has no Hoare annotation [2022-02-20 18:06:10,001 WARN L170 areAnnotationChecker]: L535-1 has no Hoare annotation [2022-02-20 18:06:10,001 INFO L163 areAnnotationChecker]: CFG has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:06:10,011 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:06:10 BoogieIcfgContainer [2022-02-20 18:06:10,027 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:06:10,028 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:06:10,028 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:06:10,028 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:06:10,028 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:06" (3/4) ... [2022-02-20 18:06:10,030 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:06:10,034 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:06:10,034 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:06:10,034 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:06:10,034 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:06:10,034 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:06:10,034 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2022-02-20 18:06:10,035 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:06:10,035 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:06:10,039 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 50 nodes and edges [2022-02-20 18:06:10,039 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:06:10,039 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:06:10,040 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:06:10,040 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:06:10,040 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:06:10,040 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:06:10,075 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive [2022-02-20 18:06:10,075 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive) && tmp == systemActive [2022-02-20 18:06:10,075 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:10,076 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) [2022-02-20 18:06:10,076 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || tmp == 0) [2022-02-20 18:06:10,077 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:10,077 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) [2022-02-20 18:06:10,077 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || 0 == systemActive [2022-02-20 18:06:10,077 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:10,077 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || 0 == systemActive [2022-02-20 18:06:10,104 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:06:10,104 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:06:10,105 INFO L158 Benchmark]: Toolchain (without parser) took 5050.60ms. Allocated memory was 109.1MB in the beginning and 203.4MB in the end (delta: 94.4MB). Free memory was 77.2MB in the beginning and 94.6MB in the end (delta: -17.4MB). Peak memory consumption was 75.4MB. Max. memory is 16.1GB. [2022-02-20 18:06:10,105 INFO L158 Benchmark]: CDTParser took 0.17ms. Allocated memory is still 109.1MB. Free memory was 63.7MB in the beginning and 63.7MB in the end (delta: 46.6kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:06:10,106 INFO L158 Benchmark]: CACSL2BoogieTranslator took 453.52ms. Allocated memory is still 109.1MB. Free memory was 77.2MB in the beginning and 71.5MB in the end (delta: 5.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:06:10,106 INFO L158 Benchmark]: Boogie Procedure Inliner took 43.70ms. Allocated memory is still 109.1MB. Free memory was 71.5MB in the beginning and 68.8MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:10,106 INFO L158 Benchmark]: Boogie Preprocessor took 29.54ms. Allocated memory is still 109.1MB. Free memory was 68.8MB in the beginning and 67.0MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:10,106 INFO L158 Benchmark]: RCFGBuilder took 472.86ms. Allocated memory was 109.1MB in the beginning and 155.2MB in the end (delta: 46.1MB). Free memory was 67.0MB in the beginning and 124.2MB in the end (delta: -57.2MB). Peak memory consumption was 19.4MB. Max. memory is 16.1GB. [2022-02-20 18:06:10,107 INFO L158 Benchmark]: TraceAbstraction took 3968.93ms. Allocated memory was 155.2MB in the beginning and 203.4MB in the end (delta: 48.2MB). Free memory was 123.5MB in the beginning and 99.8MB in the end (delta: 23.6MB). Peak memory consumption was 71.5MB. Max. memory is 16.1GB. [2022-02-20 18:06:10,107 INFO L158 Benchmark]: Witness Printer took 76.85ms. Allocated memory is still 203.4MB. Free memory was 99.8MB in the beginning and 94.6MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:06:10,108 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.17ms. Allocated memory is still 109.1MB. Free memory was 63.7MB in the beginning and 63.7MB in the end (delta: 46.6kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 453.52ms. Allocated memory is still 109.1MB. Free memory was 77.2MB in the beginning and 71.5MB in the end (delta: 5.7MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 43.70ms. Allocated memory is still 109.1MB. Free memory was 71.5MB in the beginning and 68.8MB in the end (delta: 2.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 29.54ms. Allocated memory is still 109.1MB. Free memory was 68.8MB in the beginning and 67.0MB in the end (delta: 1.8MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 472.86ms. Allocated memory was 109.1MB in the beginning and 155.2MB in the end (delta: 46.1MB). Free memory was 67.0MB in the beginning and 124.2MB in the end (delta: -57.2MB). Peak memory consumption was 19.4MB. Max. memory is 16.1GB. * TraceAbstraction took 3968.93ms. Allocated memory was 155.2MB in the beginning and 203.4MB in the end (delta: 48.2MB). Free memory was 123.5MB in the beginning and 99.8MB in the end (delta: 23.6MB). Peak memory consumption was 71.5MB. Max. memory is 16.1GB. * Witness Printer took 76.85ms. Allocated memory is still 203.4MB. Free memory was 99.8MB in the beginning and 94.6MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 945]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 91 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.9s, OverallIterations: 5, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.2s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.5s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 391 SdHoareTripleChecker+Valid, 0.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 383 mSDsluCounter, 1280 SdHoareTripleChecker+Invalid, 0.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 803 mSDsCounter, 61 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 245 IncrementalHoareTripleChecker+Invalid, 306 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 61 mSolverCounterUnsat, 477 mSDtfsCounter, 245 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 40 GetRequests, 19 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=333occurred in iteration=4, InterpolantAutomatonStates: 25, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 5 MinimizatonAttempts, 15 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 42 LocationsWithAnnotation, 520 PreInvPairs, 586 NumberOfFragments, 269 HoareAnnotationTreeSize, 520 FomulaSimplifications, 52 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 42 FomulaSimplificationsInter, 1908 FormulaSimplificationTreeSizeReductionInter, 0.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.4s InterpolantComputationTime, 143 NumberOfCodeBlocks, 143 NumberOfCodeBlocksAsserted, 5 NumberOfCheckSat, 138 ConstructedInterpolants, 0 QuantifiedInterpolants, 300 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 5 InterpolantComputations, 5 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 828]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive - InvariantResult [Line: 745]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || 0 == systemActive - InvariantResult [Line: 941]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 835]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive - InvariantResult [Line: 524]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 846]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 515]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 917]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 900]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive) && tmp == systemActive - InvariantResult [Line: 648]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) - InvariantResult [Line: 502]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || 0 == systemActive - InvariantResult [Line: 525]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 821]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive - InvariantResult [Line: 689]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 781]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || tmp == 0) - InvariantResult [Line: 907]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 764]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 856]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 425]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 700]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) RESULT: Ultimate proved your program to be correct! [2022-02-20 18:06:10,148 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE