./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec1_product28.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_product28.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash ecbd3b7927e701d55fc39288fc091a7415141c93c89521192fc4dc52b10e4c6c --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:06:07,705 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:06:07,706 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:06:07,744 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:06:07,744 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:06:07,748 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:06:07,749 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:06:07,752 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:06:07,754 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:06:07,759 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:06:07,760 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:06:07,761 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:06:07,761 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:06:07,764 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:06:07,764 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:06:07,765 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:06:07,766 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:06:07,767 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:06:07,768 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:06:07,769 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:06:07,770 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:06:07,771 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:06:07,772 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:06:07,773 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:06:07,775 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:06:07,776 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:06:07,776 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:06:07,777 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:06:07,778 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:06:07,779 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:06:07,780 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:06:07,780 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:06:07,781 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:06:07,782 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:06:07,783 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:06:07,784 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:06:07,785 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:06:07,785 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:06:07,785 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:06:07,786 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:06:07,786 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:06:07,787 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:06:07,819 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:06:07,819 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:06:07,819 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:06:07,820 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:06:07,820 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:06:07,821 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:06:07,821 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:06:07,821 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:06:07,821 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:06:07,822 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:06:07,823 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:06:07,823 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:06:07,823 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:06:07,823 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:06:07,823 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:06:07,824 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:06:07,824 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:06:07,824 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:06:07,824 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:06:07,824 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:06:07,825 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:06:07,825 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:06:07,825 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:06:07,825 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:06:07,825 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:07,826 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:06:07,826 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:06:07,826 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:06:07,826 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:06:07,826 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:06:07,827 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:06:07,827 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:06:07,827 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:06:07,827 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> ecbd3b7927e701d55fc39288fc091a7415141c93c89521192fc4dc52b10e4c6c [2022-02-20 18:06:08,080 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:06:08,107 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:06:08,109 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:06:08,110 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:06:08,111 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:06:08,112 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_product28.cil.c [2022-02-20 18:06:08,167 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/56087ef5c/7e00e826d8234afa9bacb37997cdafa8/FLAG9afd2124f [2022-02-20 18:06:08,635 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:06:08,636 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product28.cil.c [2022-02-20 18:06:08,648 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/56087ef5c/7e00e826d8234afa9bacb37997cdafa8/FLAG9afd2124f [2022-02-20 18:06:08,662 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/56087ef5c/7e00e826d8234afa9bacb37997cdafa8 [2022-02-20 18:06:08,664 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:06:08,666 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:06:08,668 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:08,669 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:06:08,671 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:06:08,673 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:08" (1/1) ... [2022-02-20 18:06:08,674 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@63c53888 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:08, skipping insertion in model container [2022-02-20 18:06:08,674 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:08" (1/1) ... [2022-02-20 18:06:08,680 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:06:08,728 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:06:08,862 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product28.cil.c[1605,1618] [2022-02-20 18:06:08,965 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:08,973 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:06:08,984 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product28.cil.c[1605,1618] [2022-02-20 18:06:09,046 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:09,074 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:06:09,074 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09 WrapperNode [2022-02-20 18:06:09,074 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:09,075 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:09,075 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:06:09,075 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:06:09,082 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,103 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,137 INFO L137 Inliner]: procedures = 55, calls = 154, calls flagged for inlining = 22, calls inlined = 17, statements flattened = 219 [2022-02-20 18:06:09,137 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:09,138 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:06:09,138 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:06:09,138 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:06:09,145 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,145 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,147 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,147 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,151 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,162 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,163 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,165 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:06:09,166 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:06:09,166 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:06:09,167 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:06:09,180 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (1/1) ... [2022-02-20 18:06:09,186 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:09,194 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:09,204 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:06:09,211 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:06:09,233 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:06:09,233 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:06:09,233 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:06:09,234 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:06:09,234 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:06:09,234 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:06:09,234 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:06:09,234 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:06:09,234 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:06:09,235 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:06:09,235 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:06:09,235 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:06:09,235 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:06:09,235 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:06:09,236 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:06:09,236 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:06:09,236 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:06:09,236 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:06:09,317 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:06:09,319 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:06:09,699 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:06:09,705 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:06:09,706 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:06:09,707 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:09 BoogieIcfgContainer [2022-02-20 18:06:09,710 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:06:09,711 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:06:09,712 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:06:09,715 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:06:09,716 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:06:08" (1/3) ... [2022-02-20 18:06:09,717 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7d64e721 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:09, skipping insertion in model container [2022-02-20 18:06:09,717 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:09" (2/3) ... [2022-02-20 18:06:09,718 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7d64e721 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:09, skipping insertion in model container [2022-02-20 18:06:09,718 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:09" (3/3) ... [2022-02-20 18:06:09,719 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec1_product28.cil.c [2022-02-20 18:06:09,725 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:06:09,726 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:06:09,779 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:06:09,786 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:06:09,786 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:06:09,816 INFO L276 IsEmpty]: Start isEmpty. Operand has 81 states, 61 states have (on average 1.3770491803278688) internal successors, (84), 68 states have internal predecessors, (84), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:09,823 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2022-02-20 18:06:09,823 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:09,824 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:09,824 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:09,829 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:09,829 INFO L85 PathProgramCache]: Analyzing trace with hash -27240357, now seen corresponding path program 1 times [2022-02-20 18:06:09,837 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:09,837 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [802673826] [2022-02-20 18:06:09,837 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:09,838 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:09,945 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:10,010 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:06:10,016 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:10,031 INFO L290 TraceCheckUtils]: 0: Hoare triple {84#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {84#true} is VALID [2022-02-20 18:06:10,031 INFO L290 TraceCheckUtils]: 1: Hoare triple {84#true} assume true; {84#true} is VALID [2022-02-20 18:06:10,032 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {84#true} {85#false} #215#return; {85#false} is VALID [2022-02-20 18:06:10,038 INFO L290 TraceCheckUtils]: 0: Hoare triple {84#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {84#true} is VALID [2022-02-20 18:06:10,038 INFO L290 TraceCheckUtils]: 1: Hoare triple {84#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {84#true} is VALID [2022-02-20 18:06:10,039 INFO L290 TraceCheckUtils]: 2: Hoare triple {84#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {84#true} is VALID [2022-02-20 18:06:10,039 INFO L290 TraceCheckUtils]: 3: Hoare triple {84#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {84#true} is VALID [2022-02-20 18:06:10,040 INFO L290 TraceCheckUtils]: 4: Hoare triple {84#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {84#true} is VALID [2022-02-20 18:06:10,041 INFO L290 TraceCheckUtils]: 5: Hoare triple {84#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {84#true} is VALID [2022-02-20 18:06:10,041 INFO L290 TraceCheckUtils]: 6: Hoare triple {84#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {84#true} is VALID [2022-02-20 18:06:10,042 INFO L290 TraceCheckUtils]: 7: Hoare triple {84#true} assume false; {85#false} is VALID [2022-02-20 18:06:10,043 INFO L272 TraceCheckUtils]: 8: Hoare triple {85#false} call cleanup(); {85#false} is VALID [2022-02-20 18:06:10,043 INFO L290 TraceCheckUtils]: 9: Hoare triple {85#false} havoc ~i~0;havoc ~__cil_tmp2~0; {85#false} is VALID [2022-02-20 18:06:10,043 INFO L272 TraceCheckUtils]: 10: Hoare triple {85#false} call timeShift(); {85#false} is VALID [2022-02-20 18:06:10,044 INFO L290 TraceCheckUtils]: 11: Hoare triple {85#false} assume !(0 != ~pumpRunning~0); {85#false} is VALID [2022-02-20 18:06:10,044 INFO L290 TraceCheckUtils]: 12: Hoare triple {85#false} assume !(0 != ~systemActive~0); {85#false} is VALID [2022-02-20 18:06:10,044 INFO L290 TraceCheckUtils]: 13: Hoare triple {85#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {85#false} is VALID [2022-02-20 18:06:10,044 INFO L272 TraceCheckUtils]: 14: Hoare triple {85#false} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {84#true} is VALID [2022-02-20 18:06:10,044 INFO L290 TraceCheckUtils]: 15: Hoare triple {84#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {84#true} is VALID [2022-02-20 18:06:10,045 INFO L290 TraceCheckUtils]: 16: Hoare triple {84#true} assume true; {84#true} is VALID [2022-02-20 18:06:10,045 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {84#true} {85#false} #215#return; {85#false} is VALID [2022-02-20 18:06:10,045 INFO L290 TraceCheckUtils]: 18: Hoare triple {85#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {85#false} is VALID [2022-02-20 18:06:10,045 INFO L290 TraceCheckUtils]: 19: Hoare triple {85#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {85#false} is VALID [2022-02-20 18:06:10,045 INFO L290 TraceCheckUtils]: 20: Hoare triple {85#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {85#false} is VALID [2022-02-20 18:06:10,046 INFO L290 TraceCheckUtils]: 21: Hoare triple {85#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {85#false} is VALID [2022-02-20 18:06:10,046 INFO L290 TraceCheckUtils]: 22: Hoare triple {85#false} assume !false; {85#false} is VALID [2022-02-20 18:06:10,046 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:10,047 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:10,047 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [802673826] [2022-02-20 18:06:10,047 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [802673826] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:10,048 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:10,048 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:06:10,049 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1681289914] [2022-02-20 18:06:10,049 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:10,058 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:10,059 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:10,062 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,105 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:10,105 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:06:10,105 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:10,133 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:06:10,134 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:10,137 INFO L87 Difference]: Start difference. First operand has 81 states, 61 states have (on average 1.3770491803278688) internal successors, (84), 68 states have internal predecessors, (84), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) Second operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,266 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,268 INFO L93 Difference]: Finished difference Result 154 states and 207 transitions. [2022-02-20 18:06:10,268 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:06:10,268 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:10,268 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:10,271 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,287 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 207 transitions. [2022-02-20 18:06:10,287 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,295 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 207 transitions. [2022-02-20 18:06:10,295 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 207 transitions. [2022-02-20 18:06:10,480 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 207 edges. 207 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:10,490 INFO L225 Difference]: With dead ends: 154 [2022-02-20 18:06:10,490 INFO L226 Difference]: Without dead ends: 72 [2022-02-20 18:06:10,493 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:10,496 INFO L933 BasicCegarLoop]: 100 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 100 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:10,497 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 100 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:10,511 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 72 states. [2022-02-20 18:06:10,534 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 72 to 72. [2022-02-20 18:06:10,535 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:10,537 INFO L82 GeneralOperation]: Start isEquivalent. First operand 72 states. Second operand has 72 states, 54 states have (on average 1.2962962962962963) internal successors, (70), 60 states have internal predecessors, (70), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:06:10,541 INFO L74 IsIncluded]: Start isIncluded. First operand 72 states. Second operand has 72 states, 54 states have (on average 1.2962962962962963) internal successors, (70), 60 states have internal predecessors, (70), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:06:10,545 INFO L87 Difference]: Start difference. First operand 72 states. Second operand has 72 states, 54 states have (on average 1.2962962962962963) internal successors, (70), 60 states have internal predecessors, (70), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:06:10,556 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,556 INFO L93 Difference]: Finished difference Result 72 states and 91 transitions. [2022-02-20 18:06:10,557 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 91 transitions. [2022-02-20 18:06:10,558 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:10,559 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:10,560 INFO L74 IsIncluded]: Start isIncluded. First operand has 72 states, 54 states have (on average 1.2962962962962963) internal successors, (70), 60 states have internal predecessors, (70), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 72 states. [2022-02-20 18:06:10,561 INFO L87 Difference]: Start difference. First operand has 72 states, 54 states have (on average 1.2962962962962963) internal successors, (70), 60 states have internal predecessors, (70), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 72 states. [2022-02-20 18:06:10,573 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,575 INFO L93 Difference]: Finished difference Result 72 states and 91 transitions. [2022-02-20 18:06:10,575 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 91 transitions. [2022-02-20 18:06:10,577 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:10,578 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:10,579 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:10,579 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:10,580 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 72 states, 54 states have (on average 1.2962962962962963) internal successors, (70), 60 states have internal predecessors, (70), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:06:10,587 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 72 states to 72 states and 91 transitions. [2022-02-20 18:06:10,589 INFO L78 Accepts]: Start accepts. Automaton has 72 states and 91 transitions. Word has length 23 [2022-02-20 18:06:10,589 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:10,589 INFO L470 AbstractCegarLoop]: Abstraction has 72 states and 91 transitions. [2022-02-20 18:06:10,590 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,590 INFO L276 IsEmpty]: Start isEmpty. Operand 72 states and 91 transitions. [2022-02-20 18:06:10,594 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:06:10,594 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:10,594 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:10,594 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:06:10,595 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:10,597 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:10,597 INFO L85 PathProgramCache]: Analyzing trace with hash 701165360, now seen corresponding path program 1 times [2022-02-20 18:06:10,598 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:10,598 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1524117696] [2022-02-20 18:06:10,598 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:10,599 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:10,647 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:10,703 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:06:10,705 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:10,713 INFO L290 TraceCheckUtils]: 0: Hoare triple {562#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {562#true} is VALID [2022-02-20 18:06:10,713 INFO L290 TraceCheckUtils]: 1: Hoare triple {562#true} assume true; {562#true} is VALID [2022-02-20 18:06:10,713 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {562#true} {563#false} #215#return; {563#false} is VALID [2022-02-20 18:06:10,714 INFO L290 TraceCheckUtils]: 0: Hoare triple {562#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {562#true} is VALID [2022-02-20 18:06:10,714 INFO L290 TraceCheckUtils]: 1: Hoare triple {562#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {562#true} is VALID [2022-02-20 18:06:10,714 INFO L290 TraceCheckUtils]: 2: Hoare triple {562#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {562#true} is VALID [2022-02-20 18:06:10,715 INFO L290 TraceCheckUtils]: 3: Hoare triple {562#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {562#true} is VALID [2022-02-20 18:06:10,715 INFO L290 TraceCheckUtils]: 4: Hoare triple {562#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {562#true} is VALID [2022-02-20 18:06:10,715 INFO L290 TraceCheckUtils]: 5: Hoare triple {562#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {562#true} is VALID [2022-02-20 18:06:10,716 INFO L290 TraceCheckUtils]: 6: Hoare triple {562#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {564#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:10,716 INFO L290 TraceCheckUtils]: 7: Hoare triple {564#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {564#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:10,717 INFO L290 TraceCheckUtils]: 8: Hoare triple {564#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {563#false} is VALID [2022-02-20 18:06:10,717 INFO L272 TraceCheckUtils]: 9: Hoare triple {563#false} call cleanup(); {563#false} is VALID [2022-02-20 18:06:10,718 INFO L290 TraceCheckUtils]: 10: Hoare triple {563#false} havoc ~i~0;havoc ~__cil_tmp2~0; {563#false} is VALID [2022-02-20 18:06:10,718 INFO L272 TraceCheckUtils]: 11: Hoare triple {563#false} call timeShift(); {563#false} is VALID [2022-02-20 18:06:10,718 INFO L290 TraceCheckUtils]: 12: Hoare triple {563#false} assume !(0 != ~pumpRunning~0); {563#false} is VALID [2022-02-20 18:06:10,718 INFO L290 TraceCheckUtils]: 13: Hoare triple {563#false} assume !(0 != ~systemActive~0); {563#false} is VALID [2022-02-20 18:06:10,718 INFO L290 TraceCheckUtils]: 14: Hoare triple {563#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {563#false} is VALID [2022-02-20 18:06:10,719 INFO L272 TraceCheckUtils]: 15: Hoare triple {563#false} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {562#true} is VALID [2022-02-20 18:06:10,719 INFO L290 TraceCheckUtils]: 16: Hoare triple {562#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {562#true} is VALID [2022-02-20 18:06:10,719 INFO L290 TraceCheckUtils]: 17: Hoare triple {562#true} assume true; {562#true} is VALID [2022-02-20 18:06:10,720 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {562#true} {563#false} #215#return; {563#false} is VALID [2022-02-20 18:06:10,720 INFO L290 TraceCheckUtils]: 19: Hoare triple {563#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {563#false} is VALID [2022-02-20 18:06:10,723 INFO L290 TraceCheckUtils]: 20: Hoare triple {563#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {563#false} is VALID [2022-02-20 18:06:10,723 INFO L290 TraceCheckUtils]: 21: Hoare triple {563#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {563#false} is VALID [2022-02-20 18:06:10,723 INFO L290 TraceCheckUtils]: 22: Hoare triple {563#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {563#false} is VALID [2022-02-20 18:06:10,723 INFO L290 TraceCheckUtils]: 23: Hoare triple {563#false} assume !false; {563#false} is VALID [2022-02-20 18:06:10,724 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:10,724 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:10,724 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1524117696] [2022-02-20 18:06:10,725 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1524117696] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:10,725 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:10,725 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:06:10,726 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [942667136] [2022-02-20 18:06:10,726 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:10,727 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:10,728 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:10,729 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,749 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:10,750 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:10,750 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:10,751 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:10,751 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:10,752 INFO L87 Difference]: Start difference. First operand 72 states and 91 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,847 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,847 INFO L93 Difference]: Finished difference Result 105 states and 131 transitions. [2022-02-20 18:06:10,847 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:10,848 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:10,848 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:10,848 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,851 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 131 transitions. [2022-02-20 18:06:10,852 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:10,855 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 131 transitions. [2022-02-20 18:06:10,855 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 131 transitions. [2022-02-20 18:06:10,973 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 131 edges. 131 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:10,975 INFO L225 Difference]: With dead ends: 105 [2022-02-20 18:06:10,975 INFO L226 Difference]: Without dead ends: 63 [2022-02-20 18:06:10,976 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:10,977 INFO L933 BasicCegarLoop]: 78 mSDtfsCounter, 17 mSDsluCounter, 56 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 134 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:10,977 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 134 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:10,978 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 63 states. [2022-02-20 18:06:10,982 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 63 to 63. [2022-02-20 18:06:10,982 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:10,983 INFO L82 GeneralOperation]: Start isEquivalent. First operand 63 states. Second operand has 63 states, 48 states have (on average 1.3125) internal successors, (63), 54 states have internal predecessors, (63), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:06:10,983 INFO L74 IsIncluded]: Start isIncluded. First operand 63 states. Second operand has 63 states, 48 states have (on average 1.3125) internal successors, (63), 54 states have internal predecessors, (63), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:06:10,983 INFO L87 Difference]: Start difference. First operand 63 states. Second operand has 63 states, 48 states have (on average 1.3125) internal successors, (63), 54 states have internal predecessors, (63), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:06:10,986 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,986 INFO L93 Difference]: Finished difference Result 63 states and 79 transitions. [2022-02-20 18:06:10,986 INFO L276 IsEmpty]: Start isEmpty. Operand 63 states and 79 transitions. [2022-02-20 18:06:10,989 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:10,989 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:10,990 INFO L74 IsIncluded]: Start isIncluded. First operand has 63 states, 48 states have (on average 1.3125) internal successors, (63), 54 states have internal predecessors, (63), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) Second operand 63 states. [2022-02-20 18:06:10,990 INFO L87 Difference]: Start difference. First operand has 63 states, 48 states have (on average 1.3125) internal successors, (63), 54 states have internal predecessors, (63), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) Second operand 63 states. [2022-02-20 18:06:10,993 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:10,993 INFO L93 Difference]: Finished difference Result 63 states and 79 transitions. [2022-02-20 18:06:10,993 INFO L276 IsEmpty]: Start isEmpty. Operand 63 states and 79 transitions. [2022-02-20 18:06:10,995 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:10,995 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:10,995 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:10,996 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:10,996 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 63 states, 48 states have (on average 1.3125) internal successors, (63), 54 states have internal predecessors, (63), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:06:10,998 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 63 states to 63 states and 79 transitions. [2022-02-20 18:06:10,999 INFO L78 Accepts]: Start accepts. Automaton has 63 states and 79 transitions. Word has length 24 [2022-02-20 18:06:10,999 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:11,000 INFO L470 AbstractCegarLoop]: Abstraction has 63 states and 79 transitions. [2022-02-20 18:06:11,000 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:11,000 INFO L276 IsEmpty]: Start isEmpty. Operand 63 states and 79 transitions. [2022-02-20 18:06:11,001 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:06:11,001 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:11,001 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:11,002 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:06:11,005 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:11,012 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:11,012 INFO L85 PathProgramCache]: Analyzing trace with hash -1063301461, now seen corresponding path program 1 times [2022-02-20 18:06:11,012 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:11,012 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1786274012] [2022-02-20 18:06:11,013 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:11,013 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:11,055 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:06:11,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {937#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {937#true} is VALID [2022-02-20 18:06:11,134 INFO L290 TraceCheckUtils]: 1: Hoare triple {937#true} assume true; {937#true} is VALID [2022-02-20 18:06:11,135 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {937#true} {938#false} #215#return; {938#false} is VALID [2022-02-20 18:06:11,137 INFO L290 TraceCheckUtils]: 0: Hoare triple {937#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {937#true} is VALID [2022-02-20 18:06:11,137 INFO L290 TraceCheckUtils]: 1: Hoare triple {937#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {937#true} is VALID [2022-02-20 18:06:11,137 INFO L290 TraceCheckUtils]: 2: Hoare triple {937#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {937#true} is VALID [2022-02-20 18:06:11,138 INFO L290 TraceCheckUtils]: 3: Hoare triple {937#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {939#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:06:11,138 INFO L290 TraceCheckUtils]: 4: Hoare triple {939#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {940#(= |ULTIMATE.start_main_~tmp~8#1| 1)} is VALID [2022-02-20 18:06:11,139 INFO L290 TraceCheckUtils]: 5: Hoare triple {940#(= |ULTIMATE.start_main_~tmp~8#1| 1)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {937#true} is VALID [2022-02-20 18:06:11,139 INFO L290 TraceCheckUtils]: 6: Hoare triple {937#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {937#true} is VALID [2022-02-20 18:06:11,139 INFO L290 TraceCheckUtils]: 7: Hoare triple {937#true} assume !false; {937#true} is VALID [2022-02-20 18:06:11,140 INFO L290 TraceCheckUtils]: 8: Hoare triple {937#true} assume test_~splverifierCounter~0#1 < 4; {937#true} is VALID [2022-02-20 18:06:11,140 INFO L290 TraceCheckUtils]: 9: Hoare triple {937#true} assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {937#true} is VALID [2022-02-20 18:06:11,141 INFO L290 TraceCheckUtils]: 10: Hoare triple {937#true} assume !(0 != test_~tmp~3#1); {937#true} is VALID [2022-02-20 18:06:11,141 INFO L290 TraceCheckUtils]: 11: Hoare triple {937#true} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {937#true} is VALID [2022-02-20 18:06:11,141 INFO L290 TraceCheckUtils]: 12: Hoare triple {937#true} assume !(0 != test_~tmp___0~0#1); {937#true} is VALID [2022-02-20 18:06:11,141 INFO L290 TraceCheckUtils]: 13: Hoare triple {937#true} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {937#true} is VALID [2022-02-20 18:06:11,142 INFO L290 TraceCheckUtils]: 14: Hoare triple {937#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {941#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:11,142 INFO L290 TraceCheckUtils]: 15: Hoare triple {941#(not (= 0 ~systemActive~0))} assume { :end_inline_startSystem } true; {941#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:11,143 INFO L272 TraceCheckUtils]: 16: Hoare triple {941#(not (= 0 ~systemActive~0))} call timeShift(); {941#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:11,144 INFO L290 TraceCheckUtils]: 17: Hoare triple {941#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {941#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:06:11,144 INFO L290 TraceCheckUtils]: 18: Hoare triple {941#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {938#false} is VALID [2022-02-20 18:06:11,144 INFO L290 TraceCheckUtils]: 19: Hoare triple {938#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {938#false} is VALID [2022-02-20 18:06:11,145 INFO L272 TraceCheckUtils]: 20: Hoare triple {938#false} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {937#true} is VALID [2022-02-20 18:06:11,145 INFO L290 TraceCheckUtils]: 21: Hoare triple {937#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {937#true} is VALID [2022-02-20 18:06:11,145 INFO L290 TraceCheckUtils]: 22: Hoare triple {937#true} assume true; {937#true} is VALID [2022-02-20 18:06:11,145 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {937#true} {938#false} #215#return; {938#false} is VALID [2022-02-20 18:06:11,145 INFO L290 TraceCheckUtils]: 24: Hoare triple {938#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {938#false} is VALID [2022-02-20 18:06:11,146 INFO L290 TraceCheckUtils]: 25: Hoare triple {938#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {938#false} is VALID [2022-02-20 18:06:11,146 INFO L290 TraceCheckUtils]: 26: Hoare triple {938#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {938#false} is VALID [2022-02-20 18:06:11,146 INFO L290 TraceCheckUtils]: 27: Hoare triple {938#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {938#false} is VALID [2022-02-20 18:06:11,146 INFO L290 TraceCheckUtils]: 28: Hoare triple {938#false} assume !false; {938#false} is VALID [2022-02-20 18:06:11,147 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:11,148 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:11,148 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1786274012] [2022-02-20 18:06:11,148 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1786274012] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:11,149 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:11,149 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:06:11,149 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [115340048] [2022-02-20 18:06:11,149 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:11,150 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.2) internal successors, (26), 5 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:06:11,150 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:11,150 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 5.2) internal successors, (26), 5 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:11,174 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:11,174 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:06:11,175 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:11,176 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:06:11,176 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:06:11,176 INFO L87 Difference]: Start difference. First operand 63 states and 79 transitions. Second operand has 5 states, 5 states have (on average 5.2) internal successors, (26), 5 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:11,462 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:11,462 INFO L93 Difference]: Finished difference Result 161 states and 206 transitions. [2022-02-20 18:06:11,463 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:11,463 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.2) internal successors, (26), 5 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:06:11,463 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:11,463 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.2) internal successors, (26), 5 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:11,469 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 206 transitions. [2022-02-20 18:06:11,469 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.2) internal successors, (26), 5 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:11,473 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 206 transitions. [2022-02-20 18:06:11,473 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 206 transitions. [2022-02-20 18:06:11,625 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 206 edges. 206 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:11,631 INFO L225 Difference]: With dead ends: 161 [2022-02-20 18:06:11,631 INFO L226 Difference]: Without dead ends: 105 [2022-02-20 18:06:11,634 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:06:11,640 INFO L933 BasicCegarLoop]: 91 mSDtfsCounter, 142 mSDsluCounter, 182 mSDsCounter, 0 mSdLazyCounter, 12 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 142 SdHoareTripleChecker+Valid, 273 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 12 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:11,641 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [142 Valid, 273 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 12 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:11,643 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 105 states. [2022-02-20 18:06:11,657 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 105 to 102. [2022-02-20 18:06:11,661 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:11,662 INFO L82 GeneralOperation]: Start isEquivalent. First operand 105 states. Second operand has 102 states, 77 states have (on average 1.3376623376623376) internal successors, (103), 86 states have internal predecessors, (103), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 10 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:06:11,663 INFO L74 IsIncluded]: Start isIncluded. First operand 105 states. Second operand has 102 states, 77 states have (on average 1.3376623376623376) internal successors, (103), 86 states have internal predecessors, (103), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 10 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:06:11,663 INFO L87 Difference]: Start difference. First operand 105 states. Second operand has 102 states, 77 states have (on average 1.3376623376623376) internal successors, (103), 86 states have internal predecessors, (103), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 10 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:06:11,668 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:11,668 INFO L93 Difference]: Finished difference Result 105 states and 132 transitions. [2022-02-20 18:06:11,668 INFO L276 IsEmpty]: Start isEmpty. Operand 105 states and 132 transitions. [2022-02-20 18:06:11,668 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:11,668 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:11,669 INFO L74 IsIncluded]: Start isIncluded. First operand has 102 states, 77 states have (on average 1.3376623376623376) internal successors, (103), 86 states have internal predecessors, (103), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 10 states have call predecessors, (14), 13 states have call successors, (14) Second operand 105 states. [2022-02-20 18:06:11,669 INFO L87 Difference]: Start difference. First operand has 102 states, 77 states have (on average 1.3376623376623376) internal successors, (103), 86 states have internal predecessors, (103), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 10 states have call predecessors, (14), 13 states have call successors, (14) Second operand 105 states. [2022-02-20 18:06:11,674 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:11,674 INFO L93 Difference]: Finished difference Result 105 states and 132 transitions. [2022-02-20 18:06:11,674 INFO L276 IsEmpty]: Start isEmpty. Operand 105 states and 132 transitions. [2022-02-20 18:06:11,674 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:11,675 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:11,675 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:11,675 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:11,676 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 102 states, 77 states have (on average 1.3376623376623376) internal successors, (103), 86 states have internal predecessors, (103), 13 states have call successors, (13), 11 states have call predecessors, (13), 11 states have return successors, (14), 10 states have call predecessors, (14), 13 states have call successors, (14) [2022-02-20 18:06:11,680 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 102 states to 102 states and 130 transitions. [2022-02-20 18:06:11,680 INFO L78 Accepts]: Start accepts. Automaton has 102 states and 130 transitions. Word has length 29 [2022-02-20 18:06:11,681 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:11,681 INFO L470 AbstractCegarLoop]: Abstraction has 102 states and 130 transitions. [2022-02-20 18:06:11,681 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 5.2) internal successors, (26), 5 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:11,681 INFO L276 IsEmpty]: Start isEmpty. Operand 102 states and 130 transitions. [2022-02-20 18:06:11,682 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:06:11,682 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:11,682 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:11,682 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:06:11,683 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:11,683 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:11,683 INFO L85 PathProgramCache]: Analyzing trace with hash -2055969773, now seen corresponding path program 1 times [2022-02-20 18:06:11,684 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:11,684 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [940254961] [2022-02-20 18:06:11,684 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:11,684 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:11,726 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,786 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:11,788 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:11,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {1533#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:11,797 INFO L290 TraceCheckUtils]: 1: Hoare triple {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:11,798 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1535#(= ~methaneLevelCritical~0 0)} #215#return; {1539#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret48#1| 0)} is VALID [2022-02-20 18:06:11,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {1533#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,800 INFO L290 TraceCheckUtils]: 1: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,801 INFO L290 TraceCheckUtils]: 3: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,801 INFO L290 TraceCheckUtils]: 4: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,801 INFO L290 TraceCheckUtils]: 5: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,802 INFO L290 TraceCheckUtils]: 6: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,802 INFO L290 TraceCheckUtils]: 7: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume !false; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,803 INFO L290 TraceCheckUtils]: 8: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume test_~splverifierCounter~0#1 < 4; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,803 INFO L290 TraceCheckUtils]: 9: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,804 INFO L290 TraceCheckUtils]: 10: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp~3#1); {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,804 INFO L290 TraceCheckUtils]: 11: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,805 INFO L290 TraceCheckUtils]: 12: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___0~0#1); {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,805 INFO L290 TraceCheckUtils]: 13: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,806 INFO L290 TraceCheckUtils]: 14: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,806 INFO L290 TraceCheckUtils]: 15: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,806 INFO L290 TraceCheckUtils]: 16: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,807 INFO L290 TraceCheckUtils]: 17: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} ~systemActive~0 := 0; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,807 INFO L290 TraceCheckUtils]: 18: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume { :end_inline_stopSystem } true; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,808 INFO L272 TraceCheckUtils]: 19: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} call timeShift(); {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,808 INFO L290 TraceCheckUtils]: 20: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,809 INFO L290 TraceCheckUtils]: 21: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume !(0 != ~systemActive~0); {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,809 INFO L290 TraceCheckUtils]: 22: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {1535#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:11,809 INFO L272 TraceCheckUtils]: 23: Hoare triple {1535#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {1533#true} is VALID [2022-02-20 18:06:11,810 INFO L290 TraceCheckUtils]: 24: Hoare triple {1533#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:11,810 INFO L290 TraceCheckUtils]: 25: Hoare triple {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:11,811 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {1541#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1535#(= ~methaneLevelCritical~0 0)} #215#return; {1539#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret48#1| 0)} is VALID [2022-02-20 18:06:11,812 INFO L290 TraceCheckUtils]: 27: Hoare triple {1539#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret48#1| 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {1540#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~7#1| 0)} is VALID [2022-02-20 18:06:11,812 INFO L290 TraceCheckUtils]: 28: Hoare triple {1540#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~7#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {1534#false} is VALID [2022-02-20 18:06:11,812 INFO L290 TraceCheckUtils]: 29: Hoare triple {1534#false} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {1534#false} is VALID [2022-02-20 18:06:11,813 INFO L290 TraceCheckUtils]: 30: Hoare triple {1534#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {1534#false} is VALID [2022-02-20 18:06:11,813 INFO L290 TraceCheckUtils]: 31: Hoare triple {1534#false} assume !false; {1534#false} is VALID [2022-02-20 18:06:11,813 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:11,814 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:11,814 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [940254961] [2022-02-20 18:06:11,814 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [940254961] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:11,814 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:11,814 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:11,814 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1475944738] [2022-02-20 18:06:11,815 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:11,815 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:06:11,816 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:11,816 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:11,840 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:11,841 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:11,841 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:11,842 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:11,842 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:11,843 INFO L87 Difference]: Start difference. First operand 102 states and 130 transitions. Second operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:12,137 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:12,138 INFO L93 Difference]: Finished difference Result 292 states and 383 transitions. [2022-02-20 18:06:12,138 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:06:12,138 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:06:12,139 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:12,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:12,144 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 225 transitions. [2022-02-20 18:06:12,144 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:12,148 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 225 transitions. [2022-02-20 18:06:12,148 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 225 transitions. [2022-02-20 18:06:12,303 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 225 edges. 225 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:12,310 INFO L225 Difference]: With dead ends: 292 [2022-02-20 18:06:12,310 INFO L226 Difference]: Without dead ends: 197 [2022-02-20 18:06:12,312 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:06:12,320 INFO L933 BasicCegarLoop]: 84 mSDtfsCounter, 51 mSDsluCounter, 296 mSDsCounter, 0 mSdLazyCounter, 40 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 53 SdHoareTripleChecker+Valid, 380 SdHoareTripleChecker+Invalid, 44 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 40 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:12,321 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [53 Valid, 380 Invalid, 44 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 40 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:12,322 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 197 states. [2022-02-20 18:06:12,352 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 197 to 191. [2022-02-20 18:06:12,352 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:12,354 INFO L82 GeneralOperation]: Start isEquivalent. First operand 197 states. Second operand has 191 states, 142 states have (on average 1.323943661971831) internal successors, (188), 159 states have internal predecessors, (188), 26 states have call successors, (26), 22 states have call predecessors, (26), 22 states have return successors, (30), 20 states have call predecessors, (30), 26 states have call successors, (30) [2022-02-20 18:06:12,356 INFO L74 IsIncluded]: Start isIncluded. First operand 197 states. Second operand has 191 states, 142 states have (on average 1.323943661971831) internal successors, (188), 159 states have internal predecessors, (188), 26 states have call successors, (26), 22 states have call predecessors, (26), 22 states have return successors, (30), 20 states have call predecessors, (30), 26 states have call successors, (30) [2022-02-20 18:06:12,357 INFO L87 Difference]: Start difference. First operand 197 states. Second operand has 191 states, 142 states have (on average 1.323943661971831) internal successors, (188), 159 states have internal predecessors, (188), 26 states have call successors, (26), 22 states have call predecessors, (26), 22 states have return successors, (30), 20 states have call predecessors, (30), 26 states have call successors, (30) [2022-02-20 18:06:12,365 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:12,365 INFO L93 Difference]: Finished difference Result 197 states and 251 transitions. [2022-02-20 18:06:12,365 INFO L276 IsEmpty]: Start isEmpty. Operand 197 states and 251 transitions. [2022-02-20 18:06:12,366 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:12,367 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:12,369 INFO L74 IsIncluded]: Start isIncluded. First operand has 191 states, 142 states have (on average 1.323943661971831) internal successors, (188), 159 states have internal predecessors, (188), 26 states have call successors, (26), 22 states have call predecessors, (26), 22 states have return successors, (30), 20 states have call predecessors, (30), 26 states have call successors, (30) Second operand 197 states. [2022-02-20 18:06:12,370 INFO L87 Difference]: Start difference. First operand has 191 states, 142 states have (on average 1.323943661971831) internal successors, (188), 159 states have internal predecessors, (188), 26 states have call successors, (26), 22 states have call predecessors, (26), 22 states have return successors, (30), 20 states have call predecessors, (30), 26 states have call successors, (30) Second operand 197 states. [2022-02-20 18:06:12,378 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:12,378 INFO L93 Difference]: Finished difference Result 197 states and 251 transitions. [2022-02-20 18:06:12,378 INFO L276 IsEmpty]: Start isEmpty. Operand 197 states and 251 transitions. [2022-02-20 18:06:12,379 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:12,379 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:12,379 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:12,379 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:12,380 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 191 states, 142 states have (on average 1.323943661971831) internal successors, (188), 159 states have internal predecessors, (188), 26 states have call successors, (26), 22 states have call predecessors, (26), 22 states have return successors, (30), 20 states have call predecessors, (30), 26 states have call successors, (30) [2022-02-20 18:06:12,388 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 191 states to 191 states and 244 transitions. [2022-02-20 18:06:12,388 INFO L78 Accepts]: Start accepts. Automaton has 191 states and 244 transitions. Word has length 32 [2022-02-20 18:06:12,389 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:12,389 INFO L470 AbstractCegarLoop]: Abstraction has 191 states and 244 transitions. [2022-02-20 18:06:12,390 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 4 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:12,390 INFO L276 IsEmpty]: Start isEmpty. Operand 191 states and 244 transitions. [2022-02-20 18:06:12,392 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 37 [2022-02-20 18:06:12,392 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:12,392 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:12,393 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:06:12,393 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:12,393 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:12,393 INFO L85 PathProgramCache]: Analyzing trace with hash -1611941385, now seen corresponding path program 1 times [2022-02-20 18:06:12,394 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:12,394 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1692063805] [2022-02-20 18:06:12,394 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:12,394 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:12,438 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:12,484 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:12,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:12,490 INFO L290 TraceCheckUtils]: 0: Hoare triple {2629#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {2618#true} is VALID [2022-02-20 18:06:12,491 INFO L290 TraceCheckUtils]: 1: Hoare triple {2618#true} assume true; {2618#true} is VALID [2022-02-20 18:06:12,491 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2618#true} {2620#(= ~pumpRunning~0 0)} #219#return; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,491 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:06:12,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:12,502 INFO L290 TraceCheckUtils]: 0: Hoare triple {2618#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {2618#true} is VALID [2022-02-20 18:06:12,502 INFO L290 TraceCheckUtils]: 1: Hoare triple {2618#true} assume true; {2618#true} is VALID [2022-02-20 18:06:12,503 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2618#true} {2620#(= ~pumpRunning~0 0)} #215#return; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,503 INFO L290 TraceCheckUtils]: 0: Hoare triple {2618#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,504 INFO L290 TraceCheckUtils]: 1: Hoare triple {2620#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,504 INFO L290 TraceCheckUtils]: 2: Hoare triple {2620#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,504 INFO L290 TraceCheckUtils]: 3: Hoare triple {2620#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~10#1;havoc valid_product_~retValue_acc~10#1;valid_product_~retValue_acc~10#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~10#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,505 INFO L290 TraceCheckUtils]: 4: Hoare triple {2620#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,505 INFO L290 TraceCheckUtils]: 5: Hoare triple {2620#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,506 INFO L290 TraceCheckUtils]: 6: Hoare triple {2620#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet32#1, test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,506 INFO L290 TraceCheckUtils]: 7: Hoare triple {2620#(= ~pumpRunning~0 0)} assume !false; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,506 INFO L290 TraceCheckUtils]: 8: Hoare triple {2620#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,507 INFO L290 TraceCheckUtils]: 9: Hoare triple {2620#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet32#1 && test_#t~nondet32#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet32#1;havoc test_#t~nondet32#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,507 INFO L290 TraceCheckUtils]: 10: Hoare triple {2620#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~3#1); {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,507 INFO L290 TraceCheckUtils]: 11: Hoare triple {2620#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,508 INFO L290 TraceCheckUtils]: 12: Hoare triple {2620#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___0~0#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,508 INFO L272 TraceCheckUtils]: 13: Hoare triple {2620#(= ~pumpRunning~0 0)} call changeMethaneLevel(); {2629#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:12,509 INFO L290 TraceCheckUtils]: 14: Hoare triple {2629#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {2618#true} is VALID [2022-02-20 18:06:12,509 INFO L290 TraceCheckUtils]: 15: Hoare triple {2618#true} assume true; {2618#true} is VALID [2022-02-20 18:06:12,509 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {2618#true} {2620#(= ~pumpRunning~0 0)} #219#return; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,510 INFO L290 TraceCheckUtils]: 17: Hoare triple {2620#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,510 INFO L290 TraceCheckUtils]: 18: Hoare triple {2620#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,510 INFO L290 TraceCheckUtils]: 19: Hoare triple {2620#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,511 INFO L290 TraceCheckUtils]: 20: Hoare triple {2620#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,511 INFO L290 TraceCheckUtils]: 21: Hoare triple {2620#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,511 INFO L290 TraceCheckUtils]: 22: Hoare triple {2620#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,512 INFO L272 TraceCheckUtils]: 23: Hoare triple {2620#(= ~pumpRunning~0 0)} call timeShift(); {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,512 INFO L290 TraceCheckUtils]: 24: Hoare triple {2620#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,512 INFO L290 TraceCheckUtils]: 25: Hoare triple {2620#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,513 INFO L290 TraceCheckUtils]: 26: Hoare triple {2620#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret48#1, __utac_acc__Specification1_spec__1_#t~ret49#1, __utac_acc__Specification1_spec__1_~tmp~7#1, __utac_acc__Specification1_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification1_spec__1_~tmp~7#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~2#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,513 INFO L272 TraceCheckUtils]: 27: Hoare triple {2620#(= ~pumpRunning~0 0)} call __utac_acc__Specification1_spec__1_#t~ret48#1 := isMethaneLevelCritical(); {2618#true} is VALID [2022-02-20 18:06:12,513 INFO L290 TraceCheckUtils]: 28: Hoare triple {2618#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {2618#true} is VALID [2022-02-20 18:06:12,513 INFO L290 TraceCheckUtils]: 29: Hoare triple {2618#true} assume true; {2618#true} is VALID [2022-02-20 18:06:12,514 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {2618#true} {2620#(= ~pumpRunning~0 0)} #215#return; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,514 INFO L290 TraceCheckUtils]: 31: Hoare triple {2620#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret48#1 && __utac_acc__Specification1_spec__1_#t~ret48#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~7#1 := __utac_acc__Specification1_spec__1_#t~ret48#1;havoc __utac_acc__Specification1_spec__1_#t~ret48#1; {2620#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:12,515 INFO L290 TraceCheckUtils]: 32: Hoare triple {2620#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {2627#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:06:12,515 INFO L290 TraceCheckUtils]: 33: Hoare triple {2627#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification1_spec__1_#t~ret49#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret49#1 && __utac_acc__Specification1_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~2#1 := __utac_acc__Specification1_spec__1_#t~ret49#1;havoc __utac_acc__Specification1_spec__1_#t~ret49#1; {2628#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:06:12,516 INFO L290 TraceCheckUtils]: 34: Hoare triple {2628#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {2619#false} is VALID [2022-02-20 18:06:12,516 INFO L290 TraceCheckUtils]: 35: Hoare triple {2619#false} assume !false; {2619#false} is VALID [2022-02-20 18:06:12,516 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:12,516 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:12,516 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1692063805] [2022-02-20 18:06:12,517 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1692063805] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:12,517 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:12,517 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:12,517 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1988283850] [2022-02-20 18:06:12,517 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:12,518 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 36 [2022-02-20 18:06:12,518 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:12,518 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:12,543 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 36 edges. 36 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:12,543 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:12,543 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:12,544 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:12,544 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:12,544 INFO L87 Difference]: Start difference. First operand 191 states and 244 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:12,791 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:12,791 INFO L93 Difference]: Finished difference Result 341 states and 443 transitions. [2022-02-20 18:06:12,791 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:12,791 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 36 [2022-02-20 18:06:12,792 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:12,792 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:12,794 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 136 transitions. [2022-02-20 18:06:12,794 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:12,796 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 136 transitions. [2022-02-20 18:06:12,796 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 136 transitions. [2022-02-20 18:06:12,890 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 136 edges. 136 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:12,890 INFO L225 Difference]: With dead ends: 341 [2022-02-20 18:06:12,890 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:06:12,891 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:06:12,892 INFO L933 BasicCegarLoop]: 48 mSDtfsCounter, 49 mSDsluCounter, 80 mSDsCounter, 0 mSdLazyCounter, 71 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 50 SdHoareTripleChecker+Valid, 128 SdHoareTripleChecker+Invalid, 86 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 71 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:12,892 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [50 Valid, 128 Invalid, 86 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 71 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:12,892 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:06:12,892 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:06:12,892 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:12,893 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:12,893 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:12,893 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:12,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:12,893 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:06:12,893 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:12,893 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:12,893 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:12,893 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:06:12,893 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:06:12,893 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:12,893 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:06:12,893 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:12,895 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:12,895 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:12,895 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:12,896 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:12,896 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:06:12,896 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:06:12,896 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 36 [2022-02-20 18:06:12,897 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:12,897 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:06:12,897 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:06:12,897 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:06:12,897 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:12,900 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:06:12,900 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:06:12,901 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:06:13,388 INFO L861 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 685 692) the Hoare annotation is: true [2022-02-20 18:06:13,388 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 685 692) no Hoare annotation was computed. [2022-02-20 18:06:13,388 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 685 692) no Hoare annotation was computed. [2022-02-20 18:06:13,388 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 626 632) no Hoare annotation was computed. [2022-02-20 18:06:13,388 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 626 632) the Hoare annotation is: true [2022-02-20 18:06:13,388 INFO L858 garLoopResultBuilder]: For program point L462-1(lines 458 469) no Hoare annotation was computed. [2022-02-20 18:06:13,388 INFO L854 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 458 469) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) [2022-02-20 18:06:13,388 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 458 469) no Hoare annotation was computed. [2022-02-20 18:06:13,388 INFO L861 garLoopResultBuilder]: At program point L867-2(lines 867 881) the Hoare annotation is: true [2022-02-20 18:06:13,388 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 857 886) no Hoare annotation was computed. [2022-02-20 18:06:13,388 INFO L861 garLoopResultBuilder]: At program point L863(line 863) the Hoare annotation is: true [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L863-1(line 863) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 857 886) the Hoare annotation is: true [2022-02-20 18:06:13,389 INFO L861 garLoopResultBuilder]: At program point L882(lines 857 886) the Hoare annotation is: true [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L878(line 878) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L871(lines 871 875) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L861 garLoopResultBuilder]: At program point L871-1(lines 871 875) the Hoare annotation is: true [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L868(line 868) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L638(lines 638 655) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L758(lines 758 762) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L758-2(lines 758 762) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 602 625) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L854 garLoopResultBuilder]: At program point L709(lines 704 712) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0))) (or .cse0 (and (= ~pumpRunning~0 0) (= |timeShift_isPumpRunning_#res#1| 0))))) [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L804(lines 804 810) no Hoare annotation was computed. [2022-02-20 18:06:13,389 INFO L858 garLoopResultBuilder]: For program point L800(lines 800 813) no Hoare annotation was computed. [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L800-1(lines 792 816) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (= ~pumpRunning~0 0)) (or .cse0 (not (= ~methaneLevelCritical~0 0)) (= |timeShift___utac_acc__Specification1_spec__1_~tmp~7#1| 0)))) [2022-02-20 18:06:13,390 INFO L858 garLoopResultBuilder]: For program point L606-1(lines 605 624) no Hoare annotation was computed. [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L648(line 648) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L516(lines 511 519) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L644(line 644) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L764(lines 749 767) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:13,390 INFO L858 garLoopResultBuilder]: For program point L438(lines 438 442) no Hoare annotation was computed. [2022-02-20 18:06:13,390 INFO L858 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L438-2(lines 434 445) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L653(line 653) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L653-1(lines 634 658) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:06:13,390 INFO L854 garLoopResultBuilder]: At program point L798(line 798) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:13,390 INFO L858 garLoopResultBuilder]: For program point L798-1(line 798) no Hoare annotation was computed. [2022-02-20 18:06:13,391 INFO L854 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:06:13,391 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 602 625) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:06:13,391 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 602 625) no Hoare annotation was computed. [2022-02-20 18:06:13,391 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-02-20 18:06:13,391 INFO L858 garLoopResultBuilder]: For program point L613-1(lines 613 619) no Hoare annotation was computed. [2022-02-20 18:06:13,391 INFO L858 garLoopResultBuilder]: For program point L642(lines 642 650) no Hoare annotation was computed. [2022-02-20 18:06:13,391 INFO L861 garLoopResultBuilder]: At program point isMethaneLevelCriticalENTRY(lines 470 478) the Hoare annotation is: true [2022-02-20 18:06:13,391 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 470 478) no Hoare annotation was computed. [2022-02-20 18:06:13,391 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 470 478) no Hoare annotation was computed. [2022-02-20 18:06:13,391 INFO L854 garLoopResultBuilder]: At program point L915(lines 911 917) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:06:13,391 INFO L854 garLoopResultBuilder]: At program point L585(lines 534 586) the Hoare annotation is: false [2022-02-20 18:06:13,391 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:06:13,392 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:06:13,392 INFO L858 garLoopResultBuilder]: For program point L573(lines 573 579) no Hoare annotation was computed. [2022-02-20 18:06:13,392 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:06:13,392 INFO L854 garLoopResultBuilder]: At program point L573-2(lines 565 580) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:13,392 INFO L858 garLoopResultBuilder]: For program point L536(lines 535 584) no Hoare annotation was computed. [2022-02-20 18:06:13,392 INFO L858 garLoopResultBuilder]: For program point L565(lines 565 580) no Hoare annotation was computed. [2022-02-20 18:06:13,392 INFO L854 garLoopResultBuilder]: At program point L788(lines 783 790) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (not (= 0 ~systemActive~0))) [2022-02-20 18:06:13,392 INFO L854 garLoopResultBuilder]: At program point L557(line 557) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:13,392 INFO L854 garLoopResultBuilder]: At program point L780(lines 768 782) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:13,392 INFO L854 garLoopResultBuilder]: At program point L582(lines 535 584) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:13,392 INFO L858 garLoopResultBuilder]: For program point L772(lines 772 778) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L858 garLoopResultBuilder]: For program point L772-1(lines 772 778) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L858 garLoopResultBuilder]: For program point L545(lines 545 551) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L858 garLoopResultBuilder]: For program point L545-1(lines 545 551) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L861 garLoopResultBuilder]: At program point L925(lines 918 927) the Hoare annotation is: true [2022-02-20 18:06:13,393 INFO L858 garLoopResultBuilder]: For program point L537(lines 537 541) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L854 garLoopResultBuilder]: At program point L851(lines 846 854) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:06:13,393 INFO L854 garLoopResultBuilder]: At program point L843(lines 839 845) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (not (= 0 ~systemActive~0))) [2022-02-20 18:06:13,393 INFO L858 garLoopResultBuilder]: For program point L938(lines 938 945) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L858 garLoopResultBuilder]: For program point L938-2(lines 938 945) no Hoare annotation was computed. [2022-02-20 18:06:13,393 INFO L861 garLoopResultBuilder]: At program point L947(lines 928 950) the Hoare annotation is: true [2022-02-20 18:06:13,393 INFO L861 garLoopResultBuilder]: At program point L588(lines 525 592) the Hoare annotation is: true [2022-02-20 18:06:13,394 INFO L858 garLoopResultBuilder]: For program point L555(lines 555 561) no Hoare annotation was computed. [2022-02-20 18:06:13,394 INFO L858 garLoopResultBuilder]: For program point L555-1(lines 555 561) no Hoare annotation was computed. [2022-02-20 18:06:13,394 INFO L854 garLoopResultBuilder]: At program point L774(line 774) the Hoare annotation is: false [2022-02-20 18:06:13,394 INFO L854 garLoopResultBuilder]: At program point L836(lines 832 838) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (not (= 0 ~systemActive~0))) [2022-02-20 18:06:13,394 INFO L854 garLoopResultBuilder]: At program point L547(line 547) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_main_~tmp~8#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:06:13,394 INFO L858 garLoopResultBuilder]: For program point L450-1(lines 446 457) no Hoare annotation was computed. [2022-02-20 18:06:13,394 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 446 457) no Hoare annotation was computed. [2022-02-20 18:06:13,394 INFO L861 garLoopResultBuilder]: At program point waterRiseENTRY(lines 446 457) the Hoare annotation is: true [2022-02-20 18:06:13,397 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1] [2022-02-20 18:06:13,398 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:06:13,400 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:06:13,400 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L606-1 has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:06:13,401 WARN L170 areAnnotationChecker]: L863-1 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: L606-1 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: L606-1 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: L613-1 has no Hoare annotation [2022-02-20 18:06:13,402 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: L863-1 has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: L606-1 has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: L638 has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: L638 has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: L613-1 has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: L772-1 has no Hoare annotation [2022-02-20 18:06:13,403 WARN L170 areAnnotationChecker]: L555-1 has no Hoare annotation [2022-02-20 18:06:13,404 WARN L170 areAnnotationChecker]: L868 has no Hoare annotation [2022-02-20 18:06:13,404 WARN L170 areAnnotationChecker]: L758 has no Hoare annotation [2022-02-20 18:06:13,404 WARN L170 areAnnotationChecker]: L798-1 has no Hoare annotation [2022-02-20 18:06:13,404 WARN L170 areAnnotationChecker]: L798-1 has no Hoare annotation [2022-02-20 18:06:13,404 WARN L170 areAnnotationChecker]: L545-1 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L565 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L565 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L868 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L758 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L758 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L800 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L800 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L938 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L555 has no Hoare annotation [2022-02-20 18:06:13,405 WARN L170 areAnnotationChecker]: L555 has no Hoare annotation [2022-02-20 18:06:13,406 WARN L170 areAnnotationChecker]: L573 has no Hoare annotation [2022-02-20 18:06:13,406 WARN L170 areAnnotationChecker]: L573 has no Hoare annotation [2022-02-20 18:06:13,406 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:06:13,406 WARN L170 areAnnotationChecker]: L871 has no Hoare annotation [2022-02-20 18:06:13,406 WARN L170 areAnnotationChecker]: L871 has no Hoare annotation [2022-02-20 18:06:13,406 WARN L170 areAnnotationChecker]: L758-2 has no Hoare annotation [2022-02-20 18:06:13,406 WARN L170 areAnnotationChecker]: L804 has no Hoare annotation [2022-02-20 18:06:13,407 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:06:13,407 WARN L170 areAnnotationChecker]: L938 has no Hoare annotation [2022-02-20 18:06:13,407 WARN L170 areAnnotationChecker]: L938 has no Hoare annotation [2022-02-20 18:06:13,407 WARN L170 areAnnotationChecker]: L555-1 has no Hoare annotation [2022-02-20 18:06:13,408 WARN L170 areAnnotationChecker]: L536 has no Hoare annotation [2022-02-20 18:06:13,408 WARN L170 areAnnotationChecker]: L772 has no Hoare annotation [2022-02-20 18:06:13,408 WARN L170 areAnnotationChecker]: L772 has no Hoare annotation [2022-02-20 18:06:13,408 WARN L170 areAnnotationChecker]: L878 has no Hoare annotation [2022-02-20 18:06:13,408 WARN L170 areAnnotationChecker]: L642 has no Hoare annotation [2022-02-20 18:06:13,408 WARN L170 areAnnotationChecker]: L804 has no Hoare annotation [2022-02-20 18:06:13,408 WARN L170 areAnnotationChecker]: L804 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L938-2 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L536 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L536 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L772-1 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L938-2 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L878 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L642 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L642 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:06:13,409 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: L537 has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: L545 has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: L545 has no Hoare annotation [2022-02-20 18:06:13,410 WARN L170 areAnnotationChecker]: L545-1 has no Hoare annotation [2022-02-20 18:06:13,410 INFO L163 areAnnotationChecker]: CFG has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:06:13,434 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:06:13 BoogieIcfgContainer [2022-02-20 18:06:13,434 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:06:13,435 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:06:13,436 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:06:13,436 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:06:13,436 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:09" (3/4) ... [2022-02-20 18:06:13,438 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:06:13,443 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:06:13,443 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:06:13,443 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:06:13,443 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:06:13,443 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:06:13,443 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2022-02-20 18:06:13,443 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:06:13,454 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 48 nodes and edges [2022-02-20 18:06:13,455 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:06:13,455 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:06:13,455 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:06:13,456 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:06:13,456 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:06:13,456 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:06:13,477 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) [2022-02-20 18:06:13,478 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && methaneLevelCritical == 0) && \result == 1) && tmp == 1) && !(0 == systemActive) [2022-02-20 18:06:13,478 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0 [2022-02-20 18:06:13,479 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:13,480 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) [2022-02-20 18:06:13,481 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || tmp == 0) [2022-02-20 18:06:13,482 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive) [2022-02-20 18:06:13,482 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0 [2022-02-20 18:06:13,482 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) [2022-02-20 18:06:13,482 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:13,483 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:13,483 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:06:13,503 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:06:13,504 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:06:13,505 INFO L158 Benchmark]: Toolchain (without parser) took 4839.02ms. Allocated memory was 90.2MB in the beginning and 155.2MB in the end (delta: 65.0MB). Free memory was 54.8MB in the beginning and 116.6MB in the end (delta: -61.8MB). Peak memory consumption was 1.3MB. Max. memory is 16.1GB. [2022-02-20 18:06:13,505 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 90.2MB. Free memory was 60.5MB in the beginning and 60.4MB in the end (delta: 27.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:06:13,505 INFO L158 Benchmark]: CACSL2BoogieTranslator took 406.15ms. Allocated memory is still 90.2MB. Free memory was 54.6MB in the beginning and 54.2MB in the end (delta: 399.5kB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 18:06:13,506 INFO L158 Benchmark]: Boogie Procedure Inliner took 62.15ms. Allocated memory is still 90.2MB. Free memory was 54.2MB in the beginning and 51.7MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:13,506 INFO L158 Benchmark]: Boogie Preprocessor took 27.53ms. Allocated memory is still 90.2MB. Free memory was 51.7MB in the beginning and 50.0MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:13,506 INFO L158 Benchmark]: RCFGBuilder took 543.47ms. Allocated memory was 90.2MB in the beginning and 117.4MB in the end (delta: 27.3MB). Free memory was 50.0MB in the beginning and 89.3MB in the end (delta: -39.3MB). Peak memory consumption was 19.4MB. Max. memory is 16.1GB. [2022-02-20 18:06:13,507 INFO L158 Benchmark]: TraceAbstraction took 3722.98ms. Allocated memory was 117.4MB in the beginning and 155.2MB in the end (delta: 37.7MB). Free memory was 88.7MB in the beginning and 121.9MB in the end (delta: -33.2MB). Peak memory consumption was 70.9MB. Max. memory is 16.1GB. [2022-02-20 18:06:13,507 INFO L158 Benchmark]: Witness Printer took 68.18ms. Allocated memory is still 155.2MB. Free memory was 121.9MB in the beginning and 117.7MB in the end (delta: 4.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:06:13,509 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 90.2MB. Free memory was 60.5MB in the beginning and 60.4MB in the end (delta: 27.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 406.15ms. Allocated memory is still 90.2MB. Free memory was 54.6MB in the beginning and 54.2MB in the end (delta: 399.5kB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 62.15ms. Allocated memory is still 90.2MB. Free memory was 54.2MB in the beginning and 51.7MB in the end (delta: 2.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 27.53ms. Allocated memory is still 90.2MB. Free memory was 51.7MB in the beginning and 50.0MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 543.47ms. Allocated memory was 90.2MB in the beginning and 117.4MB in the end (delta: 27.3MB). Free memory was 50.0MB in the beginning and 89.3MB in the end (delta: -39.3MB). Peak memory consumption was 19.4MB. Max. memory is 16.1GB. * TraceAbstraction took 3722.98ms. Allocated memory was 117.4MB in the beginning and 155.2MB in the end (delta: 37.7MB). Free memory was 88.7MB in the beginning and 121.9MB in the end (delta: -33.2MB). Peak memory consumption was 70.9MB. Max. memory is 16.1GB. * Witness Printer took 68.18ms. Allocated memory is still 155.2MB. Free memory was 121.9MB in the beginning and 117.7MB in the end (delta: 4.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 81 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.6s, OverallIterations: 5, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 1.9s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.5s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 266 SdHoareTripleChecker+Valid, 0.1s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 259 mSDsluCounter, 1015 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 614 mSDsCounter, 40 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 124 IncrementalHoareTripleChecker+Invalid, 164 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 40 mSolverCounterUnsat, 401 mSDtfsCounter, 124 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 44 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=191occurred in iteration=4, InterpolantAutomatonStates: 25, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 5 MinimizatonAttempts, 9 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 37 LocationsWithAnnotation, 282 PreInvPairs, 332 NumberOfFragments, 266 HoareAnnotationTreeSize, 282 FomulaSimplifications, 36 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 37 FomulaSimplificationsInter, 1054 FormulaSimplificationTreeSizeReductionInter, 0.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 0.4s InterpolantComputationTime, 144 NumberOfCodeBlocks, 144 NumberOfCodeBlocksAsserted, 5 NumberOfCheckSat, 139 ConstructedInterpolants, 0 QuantifiedInterpolants, 271 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 5 InterpolantComputations, 5 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 768]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0 - InvariantResult [Line: 792]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || tmp == 0) - InvariantResult [Line: 839]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && !(0 == systemActive) - InvariantResult [Line: 434]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 525]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 911]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methaneLevelCritical == 0) && \result == 1) && tmp == 1) && !(0 == systemActive) - InvariantResult [Line: 634]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) - InvariantResult [Line: 511]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 534]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 704]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) - InvariantResult [Line: 535]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0 - InvariantResult [Line: 867]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 846]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 832]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && !(0 == systemActive) - InvariantResult [Line: 918]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 857]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 783]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == 1) && tmp == 1) && splverifierCounter == 0) && !(0 == systemActive) - InvariantResult [Line: 928]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 749]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) RESULT: Ultimate proved your program to be correct! [2022-02-20 18:06:13,544 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE