./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 577813f622c64f907053c4832aa01617433208d6dc94051427e21d3f2bb7bdeb --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:06:15,578 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:06:15,581 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:06:15,603 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:06:15,603 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:06:15,606 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:06:15,608 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:06:15,611 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:06:15,612 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:06:15,615 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:06:15,616 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:06:15,617 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:06:15,617 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:06:15,619 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:06:15,621 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:06:15,622 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:06:15,623 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:06:15,623 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:06:15,626 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:06:15,631 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:06:15,632 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:06:15,632 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:06:15,634 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:06:15,634 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:06:15,636 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:06:15,636 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:06:15,637 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:06:15,638 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:06:15,638 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:06:15,639 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:06:15,639 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:06:15,640 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:06:15,641 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:06:15,642 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:06:15,643 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:06:15,643 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:06:15,644 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:06:15,644 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:06:15,644 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:06:15,645 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:06:15,645 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:06:15,646 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:06:15,678 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:06:15,678 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:06:15,679 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:06:15,679 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:06:15,680 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:06:15,680 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:06:15,680 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:06:15,680 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:06:15,680 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:06:15,681 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:06:15,681 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:06:15,682 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:06:15,682 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:06:15,682 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:06:15,682 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:06:15,682 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:06:15,682 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:06:15,682 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:06:15,683 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:06:15,683 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:06:15,683 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:06:15,683 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:06:15,683 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:06:15,683 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:06:15,683 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:15,684 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:06:15,684 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:06:15,685 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:06:15,685 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:06:15,685 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:06:15,685 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:06:15,685 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:06:15,686 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:06:15,686 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 577813f622c64f907053c4832aa01617433208d6dc94051427e21d3f2bb7bdeb [2022-02-20 18:06:15,860 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:06:15,878 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:06:15,880 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:06:15,881 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:06:15,881 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:06:15,883 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c [2022-02-20 18:06:15,925 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/60c58a70a/7a18c96944054941aad93c97283853b9/FLAG89b019cda [2022-02-20 18:06:16,290 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:06:16,291 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c [2022-02-20 18:06:16,297 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/60c58a70a/7a18c96944054941aad93c97283853b9/FLAG89b019cda [2022-02-20 18:06:16,708 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/60c58a70a/7a18c96944054941aad93c97283853b9 [2022-02-20 18:06:16,710 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:06:16,713 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:06:16,715 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:16,716 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:06:16,719 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:06:16,724 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:16" (1/1) ... [2022-02-20 18:06:16,725 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@117ee6a7 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:16, skipping insertion in model container [2022-02-20 18:06:16,725 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:16" (1/1) ... [2022-02-20 18:06:16,743 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:06:16,783 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:06:16,995 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c[13023,13036] [2022-02-20 18:06:17,053 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:17,059 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:06:17,112 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c[13023,13036] [2022-02-20 18:06:17,127 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:17,145 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:06:17,146 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17 WrapperNode [2022-02-20 18:06:17,146 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:17,147 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:17,147 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:06:17,147 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:06:17,152 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,177 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,202 INFO L137 Inliner]: procedures = 53, calls = 153, calls flagged for inlining = 21, calls inlined = 18, statements flattened = 239 [2022-02-20 18:06:17,202 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:17,203 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:06:17,203 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:06:17,203 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:06:17,208 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,209 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,211 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,214 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,218 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,233 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,234 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,235 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:06:17,236 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:06:17,236 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:06:17,236 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:06:17,242 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (1/1) ... [2022-02-20 18:06:17,247 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:17,254 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:17,271 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:06:17,286 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:06:17,304 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:06:17,304 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:06:17,304 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:06:17,305 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:06:17,305 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:06:17,305 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:06:17,305 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:06:17,305 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:06:17,309 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:06:17,310 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:06:17,310 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:06:17,310 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:06:17,310 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:06:17,310 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:06:17,310 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:06:17,310 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:06:17,311 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:06:17,311 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:06:17,371 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:06:17,372 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:06:17,672 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:06:17,686 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:06:17,686 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:06:17,688 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:17 BoogieIcfgContainer [2022-02-20 18:06:17,688 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:06:17,689 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:06:17,689 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:06:17,691 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:06:17,692 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:06:16" (1/3) ... [2022-02-20 18:06:17,692 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@15e4e72c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:17, skipping insertion in model container [2022-02-20 18:06:17,707 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:17" (2/3) ... [2022-02-20 18:06:17,707 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@15e4e72c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:17, skipping insertion in model container [2022-02-20 18:06:17,707 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:17" (3/3) ... [2022-02-20 18:06:17,708 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec1_product37.cil.c [2022-02-20 18:06:17,712 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:06:17,712 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:06:17,803 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:06:17,807 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:06:17,808 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:06:17,825 INFO L276 IsEmpty]: Start isEmpty. Operand has 85 states, 64 states have (on average 1.390625) internal successors, (89), 72 states have internal predecessors, (89), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:06:17,829 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2022-02-20 18:06:17,829 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:17,830 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:17,830 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:17,833 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:17,834 INFO L85 PathProgramCache]: Analyzing trace with hash -706687540, now seen corresponding path program 1 times [2022-02-20 18:06:17,840 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:17,841 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [209496438] [2022-02-20 18:06:17,841 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:17,842 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:17,977 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:18,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:06:18,053 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:18,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {88#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {88#true} is VALID [2022-02-20 18:06:18,066 INFO L290 TraceCheckUtils]: 1: Hoare triple {88#true} assume true; {88#true} is VALID [2022-02-20 18:06:18,067 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {88#true} {89#false} #225#return; {89#false} is VALID [2022-02-20 18:06:18,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {88#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {88#true} is VALID [2022-02-20 18:06:18,072 INFO L290 TraceCheckUtils]: 1: Hoare triple {88#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {88#true} is VALID [2022-02-20 18:06:18,073 INFO L290 TraceCheckUtils]: 2: Hoare triple {88#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {88#true} is VALID [2022-02-20 18:06:18,073 INFO L290 TraceCheckUtils]: 3: Hoare triple {88#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {88#true} is VALID [2022-02-20 18:06:18,073 INFO L290 TraceCheckUtils]: 4: Hoare triple {88#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {88#true} is VALID [2022-02-20 18:06:18,074 INFO L290 TraceCheckUtils]: 5: Hoare triple {88#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {88#true} is VALID [2022-02-20 18:06:18,074 INFO L290 TraceCheckUtils]: 6: Hoare triple {88#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {88#true} is VALID [2022-02-20 18:06:18,075 INFO L290 TraceCheckUtils]: 7: Hoare triple {88#true} assume !true; {89#false} is VALID [2022-02-20 18:06:18,075 INFO L272 TraceCheckUtils]: 8: Hoare triple {89#false} call cleanup(); {89#false} is VALID [2022-02-20 18:06:18,076 INFO L290 TraceCheckUtils]: 9: Hoare triple {89#false} havoc ~i~0;havoc ~__cil_tmp2~0; {89#false} is VALID [2022-02-20 18:06:18,076 INFO L272 TraceCheckUtils]: 10: Hoare triple {89#false} call timeShift(); {89#false} is VALID [2022-02-20 18:06:18,076 INFO L290 TraceCheckUtils]: 11: Hoare triple {89#false} assume !(0 != ~pumpRunning~0); {89#false} is VALID [2022-02-20 18:06:18,076 INFO L290 TraceCheckUtils]: 12: Hoare triple {89#false} assume !(0 != ~systemActive~0); {89#false} is VALID [2022-02-20 18:06:18,077 INFO L290 TraceCheckUtils]: 13: Hoare triple {89#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {89#false} is VALID [2022-02-20 18:06:18,077 INFO L272 TraceCheckUtils]: 14: Hoare triple {89#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {88#true} is VALID [2022-02-20 18:06:18,079 INFO L290 TraceCheckUtils]: 15: Hoare triple {88#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {88#true} is VALID [2022-02-20 18:06:18,079 INFO L290 TraceCheckUtils]: 16: Hoare triple {88#true} assume true; {88#true} is VALID [2022-02-20 18:06:18,079 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {88#true} {89#false} #225#return; {89#false} is VALID [2022-02-20 18:06:18,079 INFO L290 TraceCheckUtils]: 18: Hoare triple {89#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {89#false} is VALID [2022-02-20 18:06:18,080 INFO L290 TraceCheckUtils]: 19: Hoare triple {89#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {89#false} is VALID [2022-02-20 18:06:18,080 INFO L290 TraceCheckUtils]: 20: Hoare triple {89#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {89#false} is VALID [2022-02-20 18:06:18,080 INFO L290 TraceCheckUtils]: 21: Hoare triple {89#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {89#false} is VALID [2022-02-20 18:06:18,080 INFO L290 TraceCheckUtils]: 22: Hoare triple {89#false} assume !false; {89#false} is VALID [2022-02-20 18:06:18,081 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:18,081 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:18,082 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [209496438] [2022-02-20 18:06:18,082 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [209496438] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:18,082 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:18,083 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:06:18,084 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [427783366] [2022-02-20 18:06:18,084 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:18,088 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:18,091 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:18,093 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,138 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:18,138 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:06:18,139 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:18,156 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:06:18,157 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:18,161 INFO L87 Difference]: Start difference. First operand has 85 states, 64 states have (on average 1.390625) internal successors, (89), 72 states have internal predecessors, (89), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,268 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:18,269 INFO L93 Difference]: Finished difference Result 162 states and 221 transitions. [2022-02-20 18:06:18,269 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:06:18,269 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:18,269 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:18,270 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,282 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 221 transitions. [2022-02-20 18:06:18,288 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,294 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 221 transitions. [2022-02-20 18:06:18,294 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 221 transitions. [2022-02-20 18:06:18,450 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 221 edges. 221 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:18,458 INFO L225 Difference]: With dead ends: 162 [2022-02-20 18:06:18,459 INFO L226 Difference]: Without dead ends: 76 [2022-02-20 18:06:18,462 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:18,464 INFO L933 BasicCegarLoop]: 107 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 107 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:18,465 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 107 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:18,476 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2022-02-20 18:06:18,488 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 76. [2022-02-20 18:06:18,488 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:18,489 INFO L82 GeneralOperation]: Start isEquivalent. First operand 76 states. Second operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:18,490 INFO L74 IsIncluded]: Start isIncluded. First operand 76 states. Second operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:18,491 INFO L87 Difference]: Start difference. First operand 76 states. Second operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:18,495 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:18,496 INFO L93 Difference]: Finished difference Result 76 states and 98 transitions. [2022-02-20 18:06:18,496 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:06:18,497 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:18,497 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:18,498 INFO L74 IsIncluded]: Start isIncluded. First operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) Second operand 76 states. [2022-02-20 18:06:18,498 INFO L87 Difference]: Start difference. First operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) Second operand 76 states. [2022-02-20 18:06:18,502 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:18,502 INFO L93 Difference]: Finished difference Result 76 states and 98 transitions. [2022-02-20 18:06:18,502 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:06:18,503 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:18,504 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:18,504 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:18,504 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:18,504 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:18,507 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 76 states to 76 states and 98 transitions. [2022-02-20 18:06:18,509 INFO L78 Accepts]: Start accepts. Automaton has 76 states and 98 transitions. Word has length 23 [2022-02-20 18:06:18,509 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:18,509 INFO L470 AbstractCegarLoop]: Abstraction has 76 states and 98 transitions. [2022-02-20 18:06:18,509 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,510 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:06:18,511 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:06:18,511 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:18,511 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:18,511 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:06:18,511 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:18,512 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:18,512 INFO L85 PathProgramCache]: Analyzing trace with hash -495697199, now seen corresponding path program 1 times [2022-02-20 18:06:18,512 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:18,512 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1063612206] [2022-02-20 18:06:18,513 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:18,513 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:18,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:18,582 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:06:18,584 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:18,587 INFO L290 TraceCheckUtils]: 0: Hoare triple {592#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {592#true} is VALID [2022-02-20 18:06:18,588 INFO L290 TraceCheckUtils]: 1: Hoare triple {592#true} assume true; {592#true} is VALID [2022-02-20 18:06:18,588 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {592#true} {593#false} #225#return; {593#false} is VALID [2022-02-20 18:06:18,588 INFO L290 TraceCheckUtils]: 0: Hoare triple {592#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {592#true} is VALID [2022-02-20 18:06:18,589 INFO L290 TraceCheckUtils]: 1: Hoare triple {592#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {592#true} is VALID [2022-02-20 18:06:18,589 INFO L290 TraceCheckUtils]: 2: Hoare triple {592#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {592#true} is VALID [2022-02-20 18:06:18,589 INFO L290 TraceCheckUtils]: 3: Hoare triple {592#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {592#true} is VALID [2022-02-20 18:06:18,589 INFO L290 TraceCheckUtils]: 4: Hoare triple {592#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {592#true} is VALID [2022-02-20 18:06:18,590 INFO L290 TraceCheckUtils]: 5: Hoare triple {592#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {592#true} is VALID [2022-02-20 18:06:18,590 INFO L290 TraceCheckUtils]: 6: Hoare triple {592#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {594#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:18,591 INFO L290 TraceCheckUtils]: 7: Hoare triple {594#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {594#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:06:18,591 INFO L290 TraceCheckUtils]: 8: Hoare triple {594#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {593#false} is VALID [2022-02-20 18:06:18,592 INFO L272 TraceCheckUtils]: 9: Hoare triple {593#false} call cleanup(); {593#false} is VALID [2022-02-20 18:06:18,592 INFO L290 TraceCheckUtils]: 10: Hoare triple {593#false} havoc ~i~0;havoc ~__cil_tmp2~0; {593#false} is VALID [2022-02-20 18:06:18,592 INFO L272 TraceCheckUtils]: 11: Hoare triple {593#false} call timeShift(); {593#false} is VALID [2022-02-20 18:06:18,592 INFO L290 TraceCheckUtils]: 12: Hoare triple {593#false} assume !(0 != ~pumpRunning~0); {593#false} is VALID [2022-02-20 18:06:18,593 INFO L290 TraceCheckUtils]: 13: Hoare triple {593#false} assume !(0 != ~systemActive~0); {593#false} is VALID [2022-02-20 18:06:18,593 INFO L290 TraceCheckUtils]: 14: Hoare triple {593#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {593#false} is VALID [2022-02-20 18:06:18,593 INFO L272 TraceCheckUtils]: 15: Hoare triple {593#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {592#true} is VALID [2022-02-20 18:06:18,593 INFO L290 TraceCheckUtils]: 16: Hoare triple {592#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {592#true} is VALID [2022-02-20 18:06:18,594 INFO L290 TraceCheckUtils]: 17: Hoare triple {592#true} assume true; {592#true} is VALID [2022-02-20 18:06:18,594 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {592#true} {593#false} #225#return; {593#false} is VALID [2022-02-20 18:06:18,594 INFO L290 TraceCheckUtils]: 19: Hoare triple {593#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {593#false} is VALID [2022-02-20 18:06:18,594 INFO L290 TraceCheckUtils]: 20: Hoare triple {593#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {593#false} is VALID [2022-02-20 18:06:18,595 INFO L290 TraceCheckUtils]: 21: Hoare triple {593#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {593#false} is VALID [2022-02-20 18:06:18,595 INFO L290 TraceCheckUtils]: 22: Hoare triple {593#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {593#false} is VALID [2022-02-20 18:06:18,595 INFO L290 TraceCheckUtils]: 23: Hoare triple {593#false} assume !false; {593#false} is VALID [2022-02-20 18:06:18,596 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:18,596 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:18,596 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1063612206] [2022-02-20 18:06:18,596 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1063612206] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:18,597 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:18,597 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:06:18,597 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [951327494] [2022-02-20 18:06:18,597 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:18,615 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:18,616 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:18,616 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,636 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:18,637 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:18,637 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:18,638 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:18,638 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:18,638 INFO L87 Difference]: Start difference. First operand 76 states and 98 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,748 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:18,748 INFO L93 Difference]: Finished difference Result 118 states and 152 transitions. [2022-02-20 18:06:18,748 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:18,748 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:18,749 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:18,749 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,751 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 152 transitions. [2022-02-20 18:06:18,751 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,753 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 152 transitions. [2022-02-20 18:06:18,754 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 152 transitions. [2022-02-20 18:06:18,879 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 152 edges. 152 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:18,882 INFO L225 Difference]: With dead ends: 118 [2022-02-20 18:06:18,882 INFO L226 Difference]: Without dead ends: 67 [2022-02-20 18:06:18,883 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:18,884 INFO L933 BasicCegarLoop]: 85 mSDtfsCounter, 12 mSDsluCounter, 69 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 154 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:18,884 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 154 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:18,885 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2022-02-20 18:06:18,891 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2022-02-20 18:06:18,891 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:18,891 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:18,892 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:18,893 INFO L87 Difference]: Start difference. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:18,896 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:18,896 INFO L93 Difference]: Finished difference Result 67 states and 86 transitions. [2022-02-20 18:06:18,897 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 86 transitions. [2022-02-20 18:06:18,897 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:18,898 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:18,898 INFO L74 IsIncluded]: Start isIncluded. First operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:18,899 INFO L87 Difference]: Start difference. First operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:18,902 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:18,902 INFO L93 Difference]: Finished difference Result 67 states and 86 transitions. [2022-02-20 18:06:18,902 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 86 transitions. [2022-02-20 18:06:18,903 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:18,903 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:18,903 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:18,903 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:18,904 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:18,907 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 86 transitions. [2022-02-20 18:06:18,907 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 86 transitions. Word has length 24 [2022-02-20 18:06:18,907 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:18,907 INFO L470 AbstractCegarLoop]: Abstraction has 67 states and 86 transitions. [2022-02-20 18:06:18,908 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:18,908 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 86 transitions. [2022-02-20 18:06:18,909 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-02-20 18:06:18,909 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:18,909 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:18,909 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:06:18,910 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:18,910 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:18,911 INFO L85 PathProgramCache]: Analyzing trace with hash 1824556621, now seen corresponding path program 1 times [2022-02-20 18:06:18,911 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:18,911 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [368236136] [2022-02-20 18:06:18,911 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:18,912 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:18,940 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:18,967 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:06:18,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:18,972 INFO L290 TraceCheckUtils]: 0: Hoare triple {1001#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1001#true} is VALID [2022-02-20 18:06:18,972 INFO L290 TraceCheckUtils]: 1: Hoare triple {1001#true} assume true; {1001#true} is VALID [2022-02-20 18:06:18,972 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1001#true} {1002#false} #225#return; {1002#false} is VALID [2022-02-20 18:06:18,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {1001#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {1003#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {1003#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,976 INFO L290 TraceCheckUtils]: 3: Hoare triple {1003#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,977 INFO L290 TraceCheckUtils]: 4: Hoare triple {1003#(= 1 ~systemActive~0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,977 INFO L290 TraceCheckUtils]: 5: Hoare triple {1003#(= 1 ~systemActive~0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,978 INFO L290 TraceCheckUtils]: 6: Hoare triple {1003#(= 1 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,978 INFO L290 TraceCheckUtils]: 7: Hoare triple {1003#(= 1 ~systemActive~0)} assume !false; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,979 INFO L290 TraceCheckUtils]: 8: Hoare triple {1003#(= 1 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,980 INFO L290 TraceCheckUtils]: 9: Hoare triple {1003#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet43#1 && test_#t~nondet43#1 <= 2147483647;test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,980 INFO L290 TraceCheckUtils]: 10: Hoare triple {1003#(= 1 ~systemActive~0)} assume !(0 != test_~tmp~8#1); {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,981 INFO L290 TraceCheckUtils]: 11: Hoare triple {1003#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet44#1 && test_#t~nondet44#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,981 INFO L290 TraceCheckUtils]: 12: Hoare triple {1003#(= 1 ~systemActive~0)} assume !(0 != test_~tmp___0~2#1); {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,982 INFO L290 TraceCheckUtils]: 13: Hoare triple {1003#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet45#1 && test_#t~nondet45#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,982 INFO L290 TraceCheckUtils]: 14: Hoare triple {1003#(= 1 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,983 INFO L272 TraceCheckUtils]: 15: Hoare triple {1003#(= 1 ~systemActive~0)} call timeShift(); {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,983 INFO L290 TraceCheckUtils]: 16: Hoare triple {1003#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {1003#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:18,984 INFO L290 TraceCheckUtils]: 17: Hoare triple {1003#(= 1 ~systemActive~0)} assume !(0 != ~systemActive~0); {1002#false} is VALID [2022-02-20 18:06:18,984 INFO L290 TraceCheckUtils]: 18: Hoare triple {1002#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {1002#false} is VALID [2022-02-20 18:06:18,984 INFO L272 TraceCheckUtils]: 19: Hoare triple {1002#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {1001#true} is VALID [2022-02-20 18:06:18,985 INFO L290 TraceCheckUtils]: 20: Hoare triple {1001#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1001#true} is VALID [2022-02-20 18:06:18,985 INFO L290 TraceCheckUtils]: 21: Hoare triple {1001#true} assume true; {1001#true} is VALID [2022-02-20 18:06:18,985 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1001#true} {1002#false} #225#return; {1002#false} is VALID [2022-02-20 18:06:18,985 INFO L290 TraceCheckUtils]: 23: Hoare triple {1002#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {1002#false} is VALID [2022-02-20 18:06:18,986 INFO L290 TraceCheckUtils]: 24: Hoare triple {1002#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {1002#false} is VALID [2022-02-20 18:06:18,986 INFO L290 TraceCheckUtils]: 25: Hoare triple {1002#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {1002#false} is VALID [2022-02-20 18:06:18,986 INFO L290 TraceCheckUtils]: 26: Hoare triple {1002#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1002#false} is VALID [2022-02-20 18:06:18,986 INFO L290 TraceCheckUtils]: 27: Hoare triple {1002#false} assume !false; {1002#false} is VALID [2022-02-20 18:06:18,987 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:18,987 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:18,987 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [368236136] [2022-02-20 18:06:18,987 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [368236136] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:18,988 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:18,988 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:06:18,988 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2067974204] [2022-02-20 18:06:18,988 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:18,989 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 28 [2022-02-20 18:06:18,989 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:18,989 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:19,013 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:19,014 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:19,014 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:19,014 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:19,014 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:19,015 INFO L87 Difference]: Start difference. First operand 67 states and 86 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:19,102 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:19,102 INFO L93 Difference]: Finished difference Result 127 states and 166 transitions. [2022-02-20 18:06:19,102 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:19,102 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 28 [2022-02-20 18:06:19,103 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:19,103 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:19,105 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2022-02-20 18:06:19,105 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:19,107 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2022-02-20 18:06:19,107 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 166 transitions. [2022-02-20 18:06:19,247 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 166 edges. 166 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:19,249 INFO L225 Difference]: With dead ends: 127 [2022-02-20 18:06:19,249 INFO L226 Difference]: Without dead ends: 67 [2022-02-20 18:06:19,250 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:19,251 INFO L933 BasicCegarLoop]: 84 mSDtfsCounter, 68 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 84 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:19,251 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [68 Valid, 84 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:19,252 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2022-02-20 18:06:19,256 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2022-02-20 18:06:19,256 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:19,257 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:19,257 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:19,258 INFO L87 Difference]: Start difference. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:19,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:19,261 INFO L93 Difference]: Finished difference Result 67 states and 85 transitions. [2022-02-20 18:06:19,261 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2022-02-20 18:06:19,262 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:19,262 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:19,262 INFO L74 IsIncluded]: Start isIncluded. First operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:19,263 INFO L87 Difference]: Start difference. First operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:19,266 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:19,266 INFO L93 Difference]: Finished difference Result 67 states and 85 transitions. [2022-02-20 18:06:19,266 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2022-02-20 18:06:19,267 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:19,267 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:19,267 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:19,267 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:19,268 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:19,270 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 85 transitions. [2022-02-20 18:06:19,271 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 85 transitions. Word has length 28 [2022-02-20 18:06:19,271 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:19,271 INFO L470 AbstractCegarLoop]: Abstraction has 67 states and 85 transitions. [2022-02-20 18:06:19,272 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 3 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:19,272 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2022-02-20 18:06:19,273 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:06:19,273 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:19,273 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:19,273 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:06:19,273 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:19,274 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:19,274 INFO L85 PathProgramCache]: Analyzing trace with hash -412666649, now seen corresponding path program 1 times [2022-02-20 18:06:19,274 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:19,275 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [569284754] [2022-02-20 18:06:19,275 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:19,275 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:19,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:19,329 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:06:19,330 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:19,338 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:06:19,339 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:19,341 INFO L290 TraceCheckUtils]: 0: Hoare triple {1420#true} assume true; {1420#true} is VALID [2022-02-20 18:06:19,341 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1420#true} {1434#(not (= |old(~pumpRunning~0)| 0))} #241#return; {1434#(not (= |old(~pumpRunning~0)| 0))} is VALID [2022-02-20 18:06:19,342 INFO L290 TraceCheckUtils]: 0: Hoare triple {1433#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {1433#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:19,342 INFO L290 TraceCheckUtils]: 1: Hoare triple {1433#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} assume !(0 == ~pumpRunning~0); {1434#(not (= |old(~pumpRunning~0)| 0))} is VALID [2022-02-20 18:06:19,342 INFO L272 TraceCheckUtils]: 2: Hoare triple {1434#(not (= |old(~pumpRunning~0)| 0))} call processEnvironment__wrappee__base(); {1420#true} is VALID [2022-02-20 18:06:19,343 INFO L290 TraceCheckUtils]: 3: Hoare triple {1420#true} assume true; {1420#true} is VALID [2022-02-20 18:06:19,343 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {1420#true} {1434#(not (= |old(~pumpRunning~0)| 0))} #241#return; {1434#(not (= |old(~pumpRunning~0)| 0))} is VALID [2022-02-20 18:06:19,344 INFO L290 TraceCheckUtils]: 5: Hoare triple {1434#(not (= |old(~pumpRunning~0)| 0))} assume true; {1434#(not (= |old(~pumpRunning~0)| 0))} is VALID [2022-02-20 18:06:19,344 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {1434#(not (= |old(~pumpRunning~0)| 0))} {1422#(= ~pumpRunning~0 0)} #223#return; {1421#false} is VALID [2022-02-20 18:06:19,344 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-02-20 18:06:19,345 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:19,347 INFO L290 TraceCheckUtils]: 0: Hoare triple {1420#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1420#true} is VALID [2022-02-20 18:06:19,348 INFO L290 TraceCheckUtils]: 1: Hoare triple {1420#true} assume true; {1420#true} is VALID [2022-02-20 18:06:19,348 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1420#true} {1421#false} #225#return; {1421#false} is VALID [2022-02-20 18:06:19,350 INFO L290 TraceCheckUtils]: 0: Hoare triple {1420#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,351 INFO L290 TraceCheckUtils]: 1: Hoare triple {1422#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,351 INFO L290 TraceCheckUtils]: 2: Hoare triple {1422#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,351 INFO L290 TraceCheckUtils]: 3: Hoare triple {1422#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,352 INFO L290 TraceCheckUtils]: 4: Hoare triple {1422#(= ~pumpRunning~0 0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,352 INFO L290 TraceCheckUtils]: 5: Hoare triple {1422#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,353 INFO L290 TraceCheckUtils]: 6: Hoare triple {1422#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,357 INFO L290 TraceCheckUtils]: 7: Hoare triple {1422#(= ~pumpRunning~0 0)} assume !false; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,358 INFO L290 TraceCheckUtils]: 8: Hoare triple {1422#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,358 INFO L290 TraceCheckUtils]: 9: Hoare triple {1422#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet43#1 && test_#t~nondet43#1 <= 2147483647;test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,358 INFO L290 TraceCheckUtils]: 10: Hoare triple {1422#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~8#1); {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,359 INFO L290 TraceCheckUtils]: 11: Hoare triple {1422#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet44#1 && test_#t~nondet44#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,359 INFO L290 TraceCheckUtils]: 12: Hoare triple {1422#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~2#1); {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,360 INFO L290 TraceCheckUtils]: 13: Hoare triple {1422#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet45#1 && test_#t~nondet45#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,361 INFO L290 TraceCheckUtils]: 14: Hoare triple {1422#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,361 INFO L272 TraceCheckUtils]: 15: Hoare triple {1422#(= ~pumpRunning~0 0)} call timeShift(); {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,362 INFO L290 TraceCheckUtils]: 16: Hoare triple {1422#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,363 INFO L290 TraceCheckUtils]: 17: Hoare triple {1422#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,369 INFO L290 TraceCheckUtils]: 18: Hoare triple {1422#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1422#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:19,370 INFO L272 TraceCheckUtils]: 19: Hoare triple {1422#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__highWaterSensor(); {1433#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:19,370 INFO L290 TraceCheckUtils]: 20: Hoare triple {1433#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {1433#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:19,371 INFO L290 TraceCheckUtils]: 21: Hoare triple {1433#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} assume !(0 == ~pumpRunning~0); {1434#(not (= |old(~pumpRunning~0)| 0))} is VALID [2022-02-20 18:06:19,371 INFO L272 TraceCheckUtils]: 22: Hoare triple {1434#(not (= |old(~pumpRunning~0)| 0))} call processEnvironment__wrappee__base(); {1420#true} is VALID [2022-02-20 18:06:19,371 INFO L290 TraceCheckUtils]: 23: Hoare triple {1420#true} assume true; {1420#true} is VALID [2022-02-20 18:06:19,372 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {1420#true} {1434#(not (= |old(~pumpRunning~0)| 0))} #241#return; {1434#(not (= |old(~pumpRunning~0)| 0))} is VALID [2022-02-20 18:06:19,372 INFO L290 TraceCheckUtils]: 25: Hoare triple {1434#(not (= |old(~pumpRunning~0)| 0))} assume true; {1434#(not (= |old(~pumpRunning~0)| 0))} is VALID [2022-02-20 18:06:19,373 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {1434#(not (= |old(~pumpRunning~0)| 0))} {1422#(= ~pumpRunning~0 0)} #223#return; {1421#false} is VALID [2022-02-20 18:06:19,373 INFO L290 TraceCheckUtils]: 27: Hoare triple {1421#false} assume { :end_inline_processEnvironment } true; {1421#false} is VALID [2022-02-20 18:06:19,373 INFO L290 TraceCheckUtils]: 28: Hoare triple {1421#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {1421#false} is VALID [2022-02-20 18:06:19,373 INFO L272 TraceCheckUtils]: 29: Hoare triple {1421#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {1420#true} is VALID [2022-02-20 18:06:19,374 INFO L290 TraceCheckUtils]: 30: Hoare triple {1420#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1420#true} is VALID [2022-02-20 18:06:19,374 INFO L290 TraceCheckUtils]: 31: Hoare triple {1420#true} assume true; {1420#true} is VALID [2022-02-20 18:06:19,374 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {1420#true} {1421#false} #225#return; {1421#false} is VALID [2022-02-20 18:06:19,374 INFO L290 TraceCheckUtils]: 33: Hoare triple {1421#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {1421#false} is VALID [2022-02-20 18:06:19,374 INFO L290 TraceCheckUtils]: 34: Hoare triple {1421#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {1421#false} is VALID [2022-02-20 18:06:19,375 INFO L290 TraceCheckUtils]: 35: Hoare triple {1421#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {1421#false} is VALID [2022-02-20 18:06:19,375 INFO L290 TraceCheckUtils]: 36: Hoare triple {1421#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1421#false} is VALID [2022-02-20 18:06:19,375 INFO L290 TraceCheckUtils]: 37: Hoare triple {1421#false} assume !false; {1421#false} is VALID [2022-02-20 18:06:19,375 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:19,376 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:19,376 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [569284754] [2022-02-20 18:06:19,376 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [569284754] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:19,376 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:19,376 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:06:19,377 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [974374479] [2022-02-20 18:06:19,377 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:19,377 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 38 [2022-02-20 18:06:19,378 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:19,378 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:19,409 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 38 edges. 38 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:19,409 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:06:19,409 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:19,410 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:06:19,410 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:06:19,411 INFO L87 Difference]: Start difference. First operand 67 states and 85 transitions. Second operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:19,781 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:19,781 INFO L93 Difference]: Finished difference Result 198 states and 251 transitions. [2022-02-20 18:06:19,781 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:06:19,781 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 38 [2022-02-20 18:06:19,782 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:19,782 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:19,784 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 251 transitions. [2022-02-20 18:06:19,785 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:19,787 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 251 transitions. [2022-02-20 18:06:19,787 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 251 transitions. [2022-02-20 18:06:19,944 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 251 edges. 251 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:19,947 INFO L225 Difference]: With dead ends: 198 [2022-02-20 18:06:19,947 INFO L226 Difference]: Without dead ends: 138 [2022-02-20 18:06:19,947 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=19, Invalid=37, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:06:19,948 INFO L933 BasicCegarLoop]: 120 mSDtfsCounter, 149 mSDsluCounter, 152 mSDsCounter, 0 mSdLazyCounter, 98 mSolverCounterSat, 45 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 151 SdHoareTripleChecker+Valid, 272 SdHoareTripleChecker+Invalid, 143 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 45 IncrementalHoareTripleChecker+Valid, 98 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:19,949 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [151 Valid, 272 Invalid, 143 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [45 Valid, 98 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:19,949 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 138 states. [2022-02-20 18:06:19,956 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 138 to 132. [2022-02-20 18:06:19,956 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:19,956 INFO L82 GeneralOperation]: Start isEquivalent. First operand 138 states. Second operand has 132 states, 100 states have (on average 1.26) internal successors, (126), 107 states have internal predecessors, (126), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:19,957 INFO L74 IsIncluded]: Start isIncluded. First operand 138 states. Second operand has 132 states, 100 states have (on average 1.26) internal successors, (126), 107 states have internal predecessors, (126), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:19,957 INFO L87 Difference]: Start difference. First operand 138 states. Second operand has 132 states, 100 states have (on average 1.26) internal successors, (126), 107 states have internal predecessors, (126), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:19,960 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:19,960 INFO L93 Difference]: Finished difference Result 138 states and 164 transitions. [2022-02-20 18:06:19,960 INFO L276 IsEmpty]: Start isEmpty. Operand 138 states and 164 transitions. [2022-02-20 18:06:19,961 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:19,961 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:19,961 INFO L74 IsIncluded]: Start isIncluded. First operand has 132 states, 100 states have (on average 1.26) internal successors, (126), 107 states have internal predecessors, (126), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) Second operand 138 states. [2022-02-20 18:06:19,962 INFO L87 Difference]: Start difference. First operand has 132 states, 100 states have (on average 1.26) internal successors, (126), 107 states have internal predecessors, (126), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) Second operand 138 states. [2022-02-20 18:06:19,965 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:19,965 INFO L93 Difference]: Finished difference Result 138 states and 164 transitions. [2022-02-20 18:06:19,965 INFO L276 IsEmpty]: Start isEmpty. Operand 138 states and 164 transitions. [2022-02-20 18:06:19,966 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:19,966 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:19,966 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:19,966 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:19,966 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 132 states, 100 states have (on average 1.26) internal successors, (126), 107 states have internal predecessors, (126), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:19,969 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 132 states to 132 states and 161 transitions. [2022-02-20 18:06:19,970 INFO L78 Accepts]: Start accepts. Automaton has 132 states and 161 transitions. Word has length 38 [2022-02-20 18:06:19,970 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:19,970 INFO L470 AbstractCegarLoop]: Abstraction has 132 states and 161 transitions. [2022-02-20 18:06:19,970 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:19,970 INFO L276 IsEmpty]: Start isEmpty. Operand 132 states and 161 transitions. [2022-02-20 18:06:19,971 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:06:19,971 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:19,971 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:19,971 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:06:19,971 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:19,972 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:19,972 INFO L85 PathProgramCache]: Analyzing trace with hash 1939232781, now seen corresponding path program 1 times [2022-02-20 18:06:19,972 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:19,972 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1954262138] [2022-02-20 18:06:19,972 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:19,972 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:19,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,029 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:06:20,048 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,066 INFO L290 TraceCheckUtils]: 0: Hoare triple {2199#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {2182#true} is VALID [2022-02-20 18:06:20,069 INFO L290 TraceCheckUtils]: 1: Hoare triple {2182#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {2182#true} is VALID [2022-02-20 18:06:20,069 INFO L290 TraceCheckUtils]: 2: Hoare triple {2182#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {2200#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:06:20,070 INFO L290 TraceCheckUtils]: 3: Hoare triple {2200#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {2201#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~7#1| 0))} is VALID [2022-02-20 18:06:20,070 INFO L290 TraceCheckUtils]: 4: Hoare triple {2201#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~7#1| 0))} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {2183#false} is VALID [2022-02-20 18:06:20,070 INFO L290 TraceCheckUtils]: 5: Hoare triple {2183#false} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {2183#false} is VALID [2022-02-20 18:06:20,070 INFO L290 TraceCheckUtils]: 6: Hoare triple {2183#false} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {2183#false} is VALID [2022-02-20 18:06:20,071 INFO L290 TraceCheckUtils]: 7: Hoare triple {2183#false} assume 0 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {2183#false} is VALID [2022-02-20 18:06:20,071 INFO L290 TraceCheckUtils]: 8: Hoare triple {2183#false} assume { :end_inline_activatePump } true; {2183#false} is VALID [2022-02-20 18:06:20,071 INFO L290 TraceCheckUtils]: 9: Hoare triple {2183#false} assume true; {2183#false} is VALID [2022-02-20 18:06:20,071 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {2183#false} {2182#true} #223#return; {2183#false} is VALID [2022-02-20 18:06:20,071 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:20,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {2182#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {2182#true} is VALID [2022-02-20 18:06:20,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {2182#true} assume true; {2182#true} is VALID [2022-02-20 18:06:20,090 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2182#true} {2183#false} #225#return; {2183#false} is VALID [2022-02-20 18:06:20,092 INFO L290 TraceCheckUtils]: 0: Hoare triple {2182#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,092 INFO L290 TraceCheckUtils]: 1: Hoare triple {2184#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,093 INFO L290 TraceCheckUtils]: 2: Hoare triple {2184#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,093 INFO L290 TraceCheckUtils]: 3: Hoare triple {2184#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,094 INFO L290 TraceCheckUtils]: 4: Hoare triple {2184#(= 1 ~systemActive~0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,094 INFO L290 TraceCheckUtils]: 5: Hoare triple {2184#(= 1 ~systemActive~0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,094 INFO L290 TraceCheckUtils]: 6: Hoare triple {2184#(= 1 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,095 INFO L290 TraceCheckUtils]: 7: Hoare triple {2184#(= 1 ~systemActive~0)} assume !false; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,095 INFO L290 TraceCheckUtils]: 8: Hoare triple {2184#(= 1 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,095 INFO L290 TraceCheckUtils]: 9: Hoare triple {2184#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet43#1 && test_#t~nondet43#1 <= 2147483647;test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,096 INFO L290 TraceCheckUtils]: 10: Hoare triple {2184#(= 1 ~systemActive~0)} assume !(0 != test_~tmp~8#1); {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,096 INFO L290 TraceCheckUtils]: 11: Hoare triple {2184#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet44#1 && test_#t~nondet44#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,096 INFO L290 TraceCheckUtils]: 12: Hoare triple {2184#(= 1 ~systemActive~0)} assume !(0 != test_~tmp___0~2#1); {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,097 INFO L290 TraceCheckUtils]: 13: Hoare triple {2184#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet45#1 && test_#t~nondet45#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,097 INFO L290 TraceCheckUtils]: 14: Hoare triple {2184#(= 1 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,098 INFO L272 TraceCheckUtils]: 15: Hoare triple {2184#(= 1 ~systemActive~0)} call timeShift(); {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,098 INFO L290 TraceCheckUtils]: 16: Hoare triple {2184#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {2184#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:06:20,098 INFO L290 TraceCheckUtils]: 17: Hoare triple {2184#(= 1 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {2182#true} is VALID [2022-02-20 18:06:20,098 INFO L290 TraceCheckUtils]: 18: Hoare triple {2182#true} assume !(0 != ~pumpRunning~0); {2182#true} is VALID [2022-02-20 18:06:20,099 INFO L272 TraceCheckUtils]: 19: Hoare triple {2182#true} call processEnvironment__wrappee__highWaterSensor(); {2199#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:20,099 INFO L290 TraceCheckUtils]: 20: Hoare triple {2199#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {2182#true} is VALID [2022-02-20 18:06:20,099 INFO L290 TraceCheckUtils]: 21: Hoare triple {2182#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {2182#true} is VALID [2022-02-20 18:06:20,099 INFO L290 TraceCheckUtils]: 22: Hoare triple {2182#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {2200#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:06:20,100 INFO L290 TraceCheckUtils]: 23: Hoare triple {2200#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {2201#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~7#1| 0))} is VALID [2022-02-20 18:06:20,100 INFO L290 TraceCheckUtils]: 24: Hoare triple {2201#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~7#1| 0))} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {2183#false} is VALID [2022-02-20 18:06:20,100 INFO L290 TraceCheckUtils]: 25: Hoare triple {2183#false} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {2183#false} is VALID [2022-02-20 18:06:20,100 INFO L290 TraceCheckUtils]: 26: Hoare triple {2183#false} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {2183#false} is VALID [2022-02-20 18:06:20,100 INFO L290 TraceCheckUtils]: 27: Hoare triple {2183#false} assume 0 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {2183#false} is VALID [2022-02-20 18:06:20,100 INFO L290 TraceCheckUtils]: 28: Hoare triple {2183#false} assume { :end_inline_activatePump } true; {2183#false} is VALID [2022-02-20 18:06:20,101 INFO L290 TraceCheckUtils]: 29: Hoare triple {2183#false} assume true; {2183#false} is VALID [2022-02-20 18:06:20,101 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {2183#false} {2182#true} #223#return; {2183#false} is VALID [2022-02-20 18:06:20,101 INFO L290 TraceCheckUtils]: 31: Hoare triple {2183#false} assume { :end_inline_processEnvironment } true; {2183#false} is VALID [2022-02-20 18:06:20,101 INFO L290 TraceCheckUtils]: 32: Hoare triple {2183#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {2183#false} is VALID [2022-02-20 18:06:20,101 INFO L272 TraceCheckUtils]: 33: Hoare triple {2183#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {2182#true} is VALID [2022-02-20 18:06:20,101 INFO L290 TraceCheckUtils]: 34: Hoare triple {2182#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {2182#true} is VALID [2022-02-20 18:06:20,101 INFO L290 TraceCheckUtils]: 35: Hoare triple {2182#true} assume true; {2182#true} is VALID [2022-02-20 18:06:20,101 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {2182#true} {2183#false} #225#return; {2183#false} is VALID [2022-02-20 18:06:20,102 INFO L290 TraceCheckUtils]: 37: Hoare triple {2183#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {2183#false} is VALID [2022-02-20 18:06:20,102 INFO L290 TraceCheckUtils]: 38: Hoare triple {2183#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {2183#false} is VALID [2022-02-20 18:06:20,102 INFO L290 TraceCheckUtils]: 39: Hoare triple {2183#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {2183#false} is VALID [2022-02-20 18:06:20,102 INFO L290 TraceCheckUtils]: 40: Hoare triple {2183#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {2183#false} is VALID [2022-02-20 18:06:20,102 INFO L290 TraceCheckUtils]: 41: Hoare triple {2183#false} assume !false; {2183#false} is VALID [2022-02-20 18:06:20,102 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:20,103 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:20,103 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1954262138] [2022-02-20 18:06:20,103 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1954262138] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:20,103 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:20,103 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:20,103 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1442661856] [2022-02-20 18:06:20,103 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:20,104 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:20,115 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:20,115 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:20,142 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:20,142 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:20,142 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:20,143 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:20,143 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:20,143 INFO L87 Difference]: Start difference. First operand 132 states and 161 transitions. Second operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:20,531 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:20,531 INFO L93 Difference]: Finished difference Result 279 states and 347 transitions. [2022-02-20 18:06:20,531 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:06:20,531 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:20,532 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:20,532 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:20,534 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 206 transitions. [2022-02-20 18:06:20,534 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:20,536 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 206 transitions. [2022-02-20 18:06:20,536 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 206 transitions. [2022-02-20 18:06:20,685 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 206 edges. 206 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:20,690 INFO L225 Difference]: With dead ends: 279 [2022-02-20 18:06:20,690 INFO L226 Difference]: Without dead ends: 154 [2022-02-20 18:06:20,691 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 17 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 11 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=47, Invalid=85, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:06:20,692 INFO L933 BasicCegarLoop]: 85 mSDtfsCounter, 133 mSDsluCounter, 182 mSDsCounter, 0 mSdLazyCounter, 90 mSolverCounterSat, 35 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 136 SdHoareTripleChecker+Valid, 267 SdHoareTripleChecker+Invalid, 125 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 35 IncrementalHoareTripleChecker+Valid, 90 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:20,692 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [136 Valid, 267 Invalid, 125 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [35 Valid, 90 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:20,693 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 154 states. [2022-02-20 18:06:20,713 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 154 to 134. [2022-02-20 18:06:20,719 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:20,720 INFO L82 GeneralOperation]: Start isEquivalent. First operand 154 states. Second operand has 134 states, 102 states have (on average 1.2549019607843137) internal successors, (128), 109 states have internal predecessors, (128), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:20,721 INFO L74 IsIncluded]: Start isIncluded. First operand 154 states. Second operand has 134 states, 102 states have (on average 1.2549019607843137) internal successors, (128), 109 states have internal predecessors, (128), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:20,721 INFO L87 Difference]: Start difference. First operand 154 states. Second operand has 134 states, 102 states have (on average 1.2549019607843137) internal successors, (128), 109 states have internal predecessors, (128), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:20,725 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:20,739 INFO L93 Difference]: Finished difference Result 154 states and 186 transitions. [2022-02-20 18:06:20,739 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 186 transitions. [2022-02-20 18:06:20,740 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:20,740 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:20,741 INFO L74 IsIncluded]: Start isIncluded. First operand has 134 states, 102 states have (on average 1.2549019607843137) internal successors, (128), 109 states have internal predecessors, (128), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) Second operand 154 states. [2022-02-20 18:06:20,741 INFO L87 Difference]: Start difference. First operand has 134 states, 102 states have (on average 1.2549019607843137) internal successors, (128), 109 states have internal predecessors, (128), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) Second operand 154 states. [2022-02-20 18:06:20,746 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:20,746 INFO L93 Difference]: Finished difference Result 154 states and 186 transitions. [2022-02-20 18:06:20,747 INFO L276 IsEmpty]: Start isEmpty. Operand 154 states and 186 transitions. [2022-02-20 18:06:20,747 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:20,747 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:20,747 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:20,747 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:20,748 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 134 states, 102 states have (on average 1.2549019607843137) internal successors, (128), 109 states have internal predecessors, (128), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:20,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 134 states to 134 states and 163 transitions. [2022-02-20 18:06:20,764 INFO L78 Accepts]: Start accepts. Automaton has 134 states and 163 transitions. Word has length 42 [2022-02-20 18:06:20,764 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:20,765 INFO L470 AbstractCegarLoop]: Abstraction has 134 states and 163 transitions. [2022-02-20 18:06:20,765 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 3 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:20,765 INFO L276 IsEmpty]: Start isEmpty. Operand 134 states and 163 transitions. [2022-02-20 18:06:20,766 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:06:20,766 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:20,766 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:20,766 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:06:20,767 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:20,767 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:20,767 INFO L85 PathProgramCache]: Analyzing trace with hash -361589809, now seen corresponding path program 1 times [2022-02-20 18:06:20,767 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:20,767 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [176797786] [2022-02-20 18:06:20,768 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:20,768 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:20,787 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,800 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:06:20,804 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,821 INFO L290 TraceCheckUtils]: 0: Hoare triple {3114#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {3098#true} is VALID [2022-02-20 18:06:20,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {3098#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {3098#true} is VALID [2022-02-20 18:06:20,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {3098#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {3098#true} is VALID [2022-02-20 18:06:20,821 INFO L290 TraceCheckUtils]: 3: Hoare triple {3098#true} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {3098#true} is VALID [2022-02-20 18:06:20,822 INFO L290 TraceCheckUtils]: 4: Hoare triple {3098#true} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0; {3115#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0)} is VALID [2022-02-20 18:06:20,822 INFO L290 TraceCheckUtils]: 5: Hoare triple {3115#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {3116#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:06:20,822 INFO L290 TraceCheckUtils]: 6: Hoare triple {3116#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {3117#(= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| 0)} is VALID [2022-02-20 18:06:20,823 INFO L290 TraceCheckUtils]: 7: Hoare triple {3117#(= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| 0)} assume 0 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {3099#false} is VALID [2022-02-20 18:06:20,823 INFO L290 TraceCheckUtils]: 8: Hoare triple {3099#false} assume { :end_inline_activatePump } true; {3099#false} is VALID [2022-02-20 18:06:20,823 INFO L290 TraceCheckUtils]: 9: Hoare triple {3099#false} assume true; {3099#false} is VALID [2022-02-20 18:06:20,823 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3099#false} {3098#true} #223#return; {3099#false} is VALID [2022-02-20 18:06:20,823 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:20,824 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:20,827 INFO L290 TraceCheckUtils]: 0: Hoare triple {3098#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {3098#true} is VALID [2022-02-20 18:06:20,827 INFO L290 TraceCheckUtils]: 1: Hoare triple {3098#true} assume true; {3098#true} is VALID [2022-02-20 18:06:20,827 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3098#true} {3099#false} #225#return; {3099#false} is VALID [2022-02-20 18:06:20,827 INFO L290 TraceCheckUtils]: 0: Hoare triple {3098#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 1: Hoare triple {3098#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 2: Hoare triple {3098#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 3: Hoare triple {3098#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 4: Hoare triple {3098#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 5: Hoare triple {3098#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 6: Hoare triple {3098#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 7: Hoare triple {3098#true} assume !false; {3098#true} is VALID [2022-02-20 18:06:20,828 INFO L290 TraceCheckUtils]: 8: Hoare triple {3098#true} assume test_~splverifierCounter~0#1 < 4; {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L290 TraceCheckUtils]: 9: Hoare triple {3098#true} assume -2147483648 <= test_#t~nondet43#1 && test_#t~nondet43#1 <= 2147483647;test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L290 TraceCheckUtils]: 10: Hoare triple {3098#true} assume !(0 != test_~tmp~8#1); {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L290 TraceCheckUtils]: 11: Hoare triple {3098#true} assume -2147483648 <= test_#t~nondet44#1 && test_#t~nondet44#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L290 TraceCheckUtils]: 12: Hoare triple {3098#true} assume !(0 != test_~tmp___0~2#1); {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L290 TraceCheckUtils]: 13: Hoare triple {3098#true} assume -2147483648 <= test_#t~nondet45#1 && test_#t~nondet45#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L290 TraceCheckUtils]: 14: Hoare triple {3098#true} assume 0 != test_~tmp___2~0#1; {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L272 TraceCheckUtils]: 15: Hoare triple {3098#true} call timeShift(); {3098#true} is VALID [2022-02-20 18:06:20,829 INFO L290 TraceCheckUtils]: 16: Hoare triple {3098#true} assume !(0 != ~pumpRunning~0); {3098#true} is VALID [2022-02-20 18:06:20,830 INFO L290 TraceCheckUtils]: 17: Hoare triple {3098#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {3098#true} is VALID [2022-02-20 18:06:20,830 INFO L290 TraceCheckUtils]: 18: Hoare triple {3098#true} assume !(0 != ~pumpRunning~0); {3098#true} is VALID [2022-02-20 18:06:20,830 INFO L272 TraceCheckUtils]: 19: Hoare triple {3098#true} call processEnvironment__wrappee__highWaterSensor(); {3114#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:20,830 INFO L290 TraceCheckUtils]: 20: Hoare triple {3114#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {3098#true} is VALID [2022-02-20 18:06:20,830 INFO L290 TraceCheckUtils]: 21: Hoare triple {3098#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {3098#true} is VALID [2022-02-20 18:06:20,831 INFO L290 TraceCheckUtils]: 22: Hoare triple {3098#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {3098#true} is VALID [2022-02-20 18:06:20,831 INFO L290 TraceCheckUtils]: 23: Hoare triple {3098#true} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {3098#true} is VALID [2022-02-20 18:06:20,831 INFO L290 TraceCheckUtils]: 24: Hoare triple {3098#true} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0; {3115#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0)} is VALID [2022-02-20 18:06:20,831 INFO L290 TraceCheckUtils]: 25: Hoare triple {3115#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1| 0)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {3116#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:06:20,832 INFO L290 TraceCheckUtils]: 26: Hoare triple {3116#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {3117#(= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| 0)} is VALID [2022-02-20 18:06:20,832 INFO L290 TraceCheckUtils]: 27: Hoare triple {3117#(= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| 0)} assume 0 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {3099#false} is VALID [2022-02-20 18:06:20,832 INFO L290 TraceCheckUtils]: 28: Hoare triple {3099#false} assume { :end_inline_activatePump } true; {3099#false} is VALID [2022-02-20 18:06:20,832 INFO L290 TraceCheckUtils]: 29: Hoare triple {3099#false} assume true; {3099#false} is VALID [2022-02-20 18:06:20,832 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {3099#false} {3098#true} #223#return; {3099#false} is VALID [2022-02-20 18:06:20,833 INFO L290 TraceCheckUtils]: 31: Hoare triple {3099#false} assume { :end_inline_processEnvironment } true; {3099#false} is VALID [2022-02-20 18:06:20,833 INFO L290 TraceCheckUtils]: 32: Hoare triple {3099#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {3099#false} is VALID [2022-02-20 18:06:20,833 INFO L272 TraceCheckUtils]: 33: Hoare triple {3099#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {3098#true} is VALID [2022-02-20 18:06:20,833 INFO L290 TraceCheckUtils]: 34: Hoare triple {3098#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {3098#true} is VALID [2022-02-20 18:06:20,833 INFO L290 TraceCheckUtils]: 35: Hoare triple {3098#true} assume true; {3098#true} is VALID [2022-02-20 18:06:20,833 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {3098#true} {3099#false} #225#return; {3099#false} is VALID [2022-02-20 18:06:20,833 INFO L290 TraceCheckUtils]: 37: Hoare triple {3099#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {3099#false} is VALID [2022-02-20 18:06:20,833 INFO L290 TraceCheckUtils]: 38: Hoare triple {3099#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {3099#false} is VALID [2022-02-20 18:06:20,834 INFO L290 TraceCheckUtils]: 39: Hoare triple {3099#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {3099#false} is VALID [2022-02-20 18:06:20,834 INFO L290 TraceCheckUtils]: 40: Hoare triple {3099#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {3099#false} is VALID [2022-02-20 18:06:20,834 INFO L290 TraceCheckUtils]: 41: Hoare triple {3099#false} assume !false; {3099#false} is VALID [2022-02-20 18:06:20,834 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:20,834 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:20,834 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [176797786] [2022-02-20 18:06:20,834 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [176797786] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:20,835 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:20,835 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:20,835 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2025439566] [2022-02-20 18:06:20,835 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:20,835 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:20,835 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:20,836 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:20,860 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:20,861 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:20,861 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:20,861 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:20,861 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:20,862 INFO L87 Difference]: Start difference. First operand 134 states and 163 transitions. Second operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:21,212 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:21,212 INFO L93 Difference]: Finished difference Result 269 states and 331 transitions. [2022-02-20 18:06:21,212 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:06:21,213 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:21,213 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:21,213 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:21,217 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 190 transitions. [2022-02-20 18:06:21,217 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:21,220 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 190 transitions. [2022-02-20 18:06:21,220 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 190 transitions. [2022-02-20 18:06:21,378 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 190 edges. 190 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:21,381 INFO L225 Difference]: With dead ends: 269 [2022-02-20 18:06:21,381 INFO L226 Difference]: Without dead ends: 142 [2022-02-20 18:06:21,382 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:06:21,382 INFO L933 BasicCegarLoop]: 85 mSDtfsCounter, 58 mSDsluCounter, 251 mSDsCounter, 0 mSdLazyCounter, 108 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 61 SdHoareTripleChecker+Valid, 336 SdHoareTripleChecker+Invalid, 127 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 108 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:21,383 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [61 Valid, 336 Invalid, 127 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 108 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:21,384 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 142 states. [2022-02-20 18:06:21,391 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 142 to 137. [2022-02-20 18:06:21,392 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:21,392 INFO L82 GeneralOperation]: Start isEquivalent. First operand 142 states. Second operand has 137 states, 105 states have (on average 1.2476190476190476) internal successors, (131), 112 states have internal predecessors, (131), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:21,392 INFO L74 IsIncluded]: Start isIncluded. First operand 142 states. Second operand has 137 states, 105 states have (on average 1.2476190476190476) internal successors, (131), 112 states have internal predecessors, (131), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:21,393 INFO L87 Difference]: Start difference. First operand 142 states. Second operand has 137 states, 105 states have (on average 1.2476190476190476) internal successors, (131), 112 states have internal predecessors, (131), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:21,397 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:21,397 INFO L93 Difference]: Finished difference Result 142 states and 171 transitions. [2022-02-20 18:06:21,397 INFO L276 IsEmpty]: Start isEmpty. Operand 142 states and 171 transitions. [2022-02-20 18:06:21,398 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:21,398 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:21,398 INFO L74 IsIncluded]: Start isIncluded. First operand has 137 states, 105 states have (on average 1.2476190476190476) internal successors, (131), 112 states have internal predecessors, (131), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) Second operand 142 states. [2022-02-20 18:06:21,399 INFO L87 Difference]: Start difference. First operand has 137 states, 105 states have (on average 1.2476190476190476) internal successors, (131), 112 states have internal predecessors, (131), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) Second operand 142 states. [2022-02-20 18:06:21,402 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:21,403 INFO L93 Difference]: Finished difference Result 142 states and 171 transitions. [2022-02-20 18:06:21,403 INFO L276 IsEmpty]: Start isEmpty. Operand 142 states and 171 transitions. [2022-02-20 18:06:21,403 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:21,403 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:21,403 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:21,404 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:21,404 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 137 states, 105 states have (on average 1.2476190476190476) internal successors, (131), 112 states have internal predecessors, (131), 15 states have call successors, (15), 13 states have call predecessors, (15), 16 states have return successors, (20), 16 states have call predecessors, (20), 15 states have call successors, (20) [2022-02-20 18:06:21,408 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 137 states to 137 states and 166 transitions. [2022-02-20 18:06:21,408 INFO L78 Accepts]: Start accepts. Automaton has 137 states and 166 transitions. Word has length 42 [2022-02-20 18:06:21,408 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:21,408 INFO L470 AbstractCegarLoop]: Abstraction has 137 states and 166 transitions. [2022-02-20 18:06:21,409 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:21,409 INFO L276 IsEmpty]: Start isEmpty. Operand 137 states and 166 transitions. [2022-02-20 18:06:21,409 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:06:21,410 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:21,410 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:21,410 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:06:21,410 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:21,411 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:21,411 INFO L85 PathProgramCache]: Analyzing trace with hash 1121584331, now seen corresponding path program 1 times [2022-02-20 18:06:21,411 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:21,411 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1623022691] [2022-02-20 18:06:21,411 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:21,412 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:21,448 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:06:21,485 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,499 INFO L290 TraceCheckUtils]: 0: Hoare triple {3993#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {3976#true} is VALID [2022-02-20 18:06:21,500 INFO L290 TraceCheckUtils]: 1: Hoare triple {3976#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {3976#true} is VALID [2022-02-20 18:06:21,500 INFO L290 TraceCheckUtils]: 2: Hoare triple {3976#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~11#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,501 INFO L290 TraceCheckUtils]: 3: Hoare triple {3994#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,501 INFO L290 TraceCheckUtils]: 4: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,501 INFO L290 TraceCheckUtils]: 5: Hoare triple {3994#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,502 INFO L290 TraceCheckUtils]: 6: Hoare triple {3994#(<= 2 ~waterLevel~0)} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,502 INFO L290 TraceCheckUtils]: 7: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume 0 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,503 INFO L290 TraceCheckUtils]: 8: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,505 INFO L290 TraceCheckUtils]: 9: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume true; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,506 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {3994#(<= 2 ~waterLevel~0)} {3978#(= ~waterLevel~0 1)} #223#return; {3977#false} is VALID [2022-02-20 18:06:21,506 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:06:21,507 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:21,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {3976#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {3976#true} is VALID [2022-02-20 18:06:21,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {3976#true} assume true; {3976#true} is VALID [2022-02-20 18:06:21,513 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3976#true} {3977#false} #225#return; {3977#false} is VALID [2022-02-20 18:06:21,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {3976#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,514 INFO L290 TraceCheckUtils]: 1: Hoare triple {3978#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,514 INFO L290 TraceCheckUtils]: 2: Hoare triple {3978#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,514 INFO L290 TraceCheckUtils]: 3: Hoare triple {3978#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,515 INFO L290 TraceCheckUtils]: 4: Hoare triple {3978#(= ~waterLevel~0 1)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,515 INFO L290 TraceCheckUtils]: 5: Hoare triple {3978#(= ~waterLevel~0 1)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,516 INFO L290 TraceCheckUtils]: 6: Hoare triple {3978#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,516 INFO L290 TraceCheckUtils]: 7: Hoare triple {3978#(= ~waterLevel~0 1)} assume !false; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,516 INFO L290 TraceCheckUtils]: 8: Hoare triple {3978#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,517 INFO L290 TraceCheckUtils]: 9: Hoare triple {3978#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet43#1 && test_#t~nondet43#1 <= 2147483647;test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,517 INFO L290 TraceCheckUtils]: 10: Hoare triple {3978#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~8#1); {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,517 INFO L290 TraceCheckUtils]: 11: Hoare triple {3978#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet44#1 && test_#t~nondet44#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,518 INFO L290 TraceCheckUtils]: 12: Hoare triple {3978#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~2#1); {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,519 INFO L290 TraceCheckUtils]: 13: Hoare triple {3978#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet45#1 && test_#t~nondet45#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,519 INFO L290 TraceCheckUtils]: 14: Hoare triple {3978#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,519 INFO L272 TraceCheckUtils]: 15: Hoare triple {3978#(= ~waterLevel~0 1)} call timeShift(); {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,520 INFO L290 TraceCheckUtils]: 16: Hoare triple {3978#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,520 INFO L290 TraceCheckUtils]: 17: Hoare triple {3978#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,520 INFO L290 TraceCheckUtils]: 18: Hoare triple {3978#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {3978#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:06:21,521 INFO L272 TraceCheckUtils]: 19: Hoare triple {3978#(= ~waterLevel~0 1)} call processEnvironment__wrappee__highWaterSensor(); {3993#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:21,521 INFO L290 TraceCheckUtils]: 20: Hoare triple {3993#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {3976#true} is VALID [2022-02-20 18:06:21,521 INFO L290 TraceCheckUtils]: 21: Hoare triple {3976#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {3976#true} is VALID [2022-02-20 18:06:21,522 INFO L290 TraceCheckUtils]: 22: Hoare triple {3976#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~11#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,522 INFO L290 TraceCheckUtils]: 23: Hoare triple {3994#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,522 INFO L290 TraceCheckUtils]: 24: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,523 INFO L290 TraceCheckUtils]: 25: Hoare triple {3994#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,523 INFO L290 TraceCheckUtils]: 26: Hoare triple {3994#(<= 2 ~waterLevel~0)} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,523 INFO L290 TraceCheckUtils]: 27: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume 0 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,524 INFO L290 TraceCheckUtils]: 28: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,524 INFO L290 TraceCheckUtils]: 29: Hoare triple {3994#(<= 2 ~waterLevel~0)} assume true; {3994#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:06:21,524 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {3994#(<= 2 ~waterLevel~0)} {3978#(= ~waterLevel~0 1)} #223#return; {3977#false} is VALID [2022-02-20 18:06:21,524 INFO L290 TraceCheckUtils]: 31: Hoare triple {3977#false} assume { :end_inline_processEnvironment } true; {3977#false} is VALID [2022-02-20 18:06:21,525 INFO L290 TraceCheckUtils]: 32: Hoare triple {3977#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {3977#false} is VALID [2022-02-20 18:06:21,525 INFO L272 TraceCheckUtils]: 33: Hoare triple {3977#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {3976#true} is VALID [2022-02-20 18:06:21,525 INFO L290 TraceCheckUtils]: 34: Hoare triple {3976#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {3976#true} is VALID [2022-02-20 18:06:21,525 INFO L290 TraceCheckUtils]: 35: Hoare triple {3976#true} assume true; {3976#true} is VALID [2022-02-20 18:06:21,525 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {3976#true} {3977#false} #225#return; {3977#false} is VALID [2022-02-20 18:06:21,525 INFO L290 TraceCheckUtils]: 37: Hoare triple {3977#false} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {3977#false} is VALID [2022-02-20 18:06:21,525 INFO L290 TraceCheckUtils]: 38: Hoare triple {3977#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {3977#false} is VALID [2022-02-20 18:06:21,525 INFO L290 TraceCheckUtils]: 39: Hoare triple {3977#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {3977#false} is VALID [2022-02-20 18:06:21,526 INFO L290 TraceCheckUtils]: 40: Hoare triple {3977#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {3977#false} is VALID [2022-02-20 18:06:21,526 INFO L290 TraceCheckUtils]: 41: Hoare triple {3977#false} assume !false; {3977#false} is VALID [2022-02-20 18:06:21,527 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:21,527 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:21,527 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1623022691] [2022-02-20 18:06:21,527 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1623022691] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:21,528 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:21,528 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:06:21,528 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1575510117] [2022-02-20 18:06:21,528 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:21,528 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:21,529 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:21,529 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 7.4) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:21,554 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:21,554 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:06:21,555 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:21,555 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:06:21,555 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:06:21,556 INFO L87 Difference]: Start difference. First operand 137 states and 166 transitions. Second operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:22,049 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:22,050 INFO L93 Difference]: Finished difference Result 387 states and 491 transitions. [2022-02-20 18:06:22,050 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:06:22,050 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:22,050 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:22,050 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:22,064 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 324 transitions. [2022-02-20 18:06:22,066 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:22,070 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 324 transitions. [2022-02-20 18:06:22,070 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 324 transitions. [2022-02-20 18:06:22,332 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 324 edges. 324 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:22,339 INFO L225 Difference]: With dead ends: 387 [2022-02-20 18:06:22,339 INFO L226 Difference]: Without dead ends: 257 [2022-02-20 18:06:22,339 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 12 GetRequests, 6 SyntacticMatches, 1 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:06:22,343 INFO L933 BasicCegarLoop]: 136 mSDtfsCounter, 185 mSDsluCounter, 152 mSDsCounter, 0 mSdLazyCounter, 139 mSolverCounterSat, 51 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 192 SdHoareTripleChecker+Valid, 288 SdHoareTripleChecker+Invalid, 190 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 51 IncrementalHoareTripleChecker+Valid, 139 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:22,343 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [192 Valid, 288 Invalid, 190 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [51 Valid, 139 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:06:22,345 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 257 states. [2022-02-20 18:06:22,383 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 257 to 249. [2022-02-20 18:06:22,384 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:22,385 INFO L82 GeneralOperation]: Start isEquivalent. First operand 257 states. Second operand has 249 states, 189 states have (on average 1.2433862433862435) internal successors, (235), 200 states have internal predecessors, (235), 30 states have call successors, (30), 28 states have call predecessors, (30), 29 states have return successors, (45), 30 states have call predecessors, (45), 30 states have call successors, (45) [2022-02-20 18:06:22,386 INFO L74 IsIncluded]: Start isIncluded. First operand 257 states. Second operand has 249 states, 189 states have (on average 1.2433862433862435) internal successors, (235), 200 states have internal predecessors, (235), 30 states have call successors, (30), 28 states have call predecessors, (30), 29 states have return successors, (45), 30 states have call predecessors, (45), 30 states have call successors, (45) [2022-02-20 18:06:22,387 INFO L87 Difference]: Start difference. First operand 257 states. Second operand has 249 states, 189 states have (on average 1.2433862433862435) internal successors, (235), 200 states have internal predecessors, (235), 30 states have call successors, (30), 28 states have call predecessors, (30), 29 states have return successors, (45), 30 states have call predecessors, (45), 30 states have call successors, (45) [2022-02-20 18:06:22,393 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:22,393 INFO L93 Difference]: Finished difference Result 257 states and 314 transitions. [2022-02-20 18:06:22,393 INFO L276 IsEmpty]: Start isEmpty. Operand 257 states and 314 transitions. [2022-02-20 18:06:22,394 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:22,394 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:22,395 INFO L74 IsIncluded]: Start isIncluded. First operand has 249 states, 189 states have (on average 1.2433862433862435) internal successors, (235), 200 states have internal predecessors, (235), 30 states have call successors, (30), 28 states have call predecessors, (30), 29 states have return successors, (45), 30 states have call predecessors, (45), 30 states have call successors, (45) Second operand 257 states. [2022-02-20 18:06:22,395 INFO L87 Difference]: Start difference. First operand has 249 states, 189 states have (on average 1.2433862433862435) internal successors, (235), 200 states have internal predecessors, (235), 30 states have call successors, (30), 28 states have call predecessors, (30), 29 states have return successors, (45), 30 states have call predecessors, (45), 30 states have call successors, (45) Second operand 257 states. [2022-02-20 18:06:22,400 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:22,401 INFO L93 Difference]: Finished difference Result 257 states and 314 transitions. [2022-02-20 18:06:22,401 INFO L276 IsEmpty]: Start isEmpty. Operand 257 states and 314 transitions. [2022-02-20 18:06:22,402 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:22,402 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:22,402 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:22,402 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:22,403 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 249 states, 189 states have (on average 1.2433862433862435) internal successors, (235), 200 states have internal predecessors, (235), 30 states have call successors, (30), 28 states have call predecessors, (30), 29 states have return successors, (45), 30 states have call predecessors, (45), 30 states have call successors, (45) [2022-02-20 18:06:22,409 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 249 states to 249 states and 310 transitions. [2022-02-20 18:06:22,409 INFO L78 Accepts]: Start accepts. Automaton has 249 states and 310 transitions. Word has length 42 [2022-02-20 18:06:22,409 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:22,409 INFO L470 AbstractCegarLoop]: Abstraction has 249 states and 310 transitions. [2022-02-20 18:06:22,409 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 3 states have call predecessors, (3), 2 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:22,410 INFO L276 IsEmpty]: Start isEmpty. Operand 249 states and 310 transitions. [2022-02-20 18:06:22,411 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2022-02-20 18:06:22,411 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:22,411 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:22,412 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:06:22,412 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:22,412 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:22,412 INFO L85 PathProgramCache]: Analyzing trace with hash 1480072959, now seen corresponding path program 1 times [2022-02-20 18:06:22,412 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:22,412 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [865937814] [2022-02-20 18:06:22,413 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:22,413 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:22,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:22,469 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:06:22,472 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:22,475 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:06:22,476 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:22,477 INFO L290 TraceCheckUtils]: 0: Hoare triple {5395#true} assume true; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {5395#true} {5395#true} #239#return; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L290 TraceCheckUtils]: 0: Hoare triple {5416#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L290 TraceCheckUtils]: 1: Hoare triple {5395#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L290 TraceCheckUtils]: 2: Hoare triple {5395#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L290 TraceCheckUtils]: 3: Hoare triple {5395#true} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L290 TraceCheckUtils]: 4: Hoare triple {5395#true} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L290 TraceCheckUtils]: 5: Hoare triple {5395#true} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {5395#true} is VALID [2022-02-20 18:06:22,478 INFO L290 TraceCheckUtils]: 6: Hoare triple {5395#true} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {5395#true} is VALID [2022-02-20 18:06:22,479 INFO L290 TraceCheckUtils]: 7: Hoare triple {5395#true} assume !(0 != ~tmp~5#1); {5395#true} is VALID [2022-02-20 18:06:22,479 INFO L272 TraceCheckUtils]: 8: Hoare triple {5395#true} call processEnvironment__wrappee__base(); {5395#true} is VALID [2022-02-20 18:06:22,479 INFO L290 TraceCheckUtils]: 9: Hoare triple {5395#true} assume true; {5395#true} is VALID [2022-02-20 18:06:22,479 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5395#true} {5395#true} #239#return; {5395#true} is VALID [2022-02-20 18:06:22,479 INFO L290 TraceCheckUtils]: 11: Hoare triple {5395#true} assume true; {5395#true} is VALID [2022-02-20 18:06:22,479 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {5395#true} {5397#(= ~methaneLevelCritical~0 0)} #223#return; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 35 [2022-02-20 18:06:22,481 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:22,488 INFO L290 TraceCheckUtils]: 0: Hoare triple {5395#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:22,488 INFO L290 TraceCheckUtils]: 1: Hoare triple {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:22,489 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {5397#(= ~methaneLevelCritical~0 0)} #225#return; {5414#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret28#1| 0)} is VALID [2022-02-20 18:06:22,489 INFO L290 TraceCheckUtils]: 0: Hoare triple {5395#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,490 INFO L290 TraceCheckUtils]: 1: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,490 INFO L290 TraceCheckUtils]: 2: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,490 INFO L290 TraceCheckUtils]: 3: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,491 INFO L290 TraceCheckUtils]: 4: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,491 INFO L290 TraceCheckUtils]: 5: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,491 INFO L290 TraceCheckUtils]: 6: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,492 INFO L290 TraceCheckUtils]: 7: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume !false; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,492 INFO L290 TraceCheckUtils]: 8: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume test_~splverifierCounter~0#1 < 4; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,492 INFO L290 TraceCheckUtils]: 9: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet43#1 && test_#t~nondet43#1 <= 2147483647;test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,493 INFO L290 TraceCheckUtils]: 10: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp~8#1); {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,493 INFO L290 TraceCheckUtils]: 11: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet44#1 && test_#t~nondet44#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,493 INFO L290 TraceCheckUtils]: 12: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___0~2#1); {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,493 INFO L290 TraceCheckUtils]: 13: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet45#1 && test_#t~nondet45#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,494 INFO L290 TraceCheckUtils]: 14: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume 0 != test_~tmp___2~0#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,494 INFO L272 TraceCheckUtils]: 15: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} call timeShift(); {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,494 INFO L290 TraceCheckUtils]: 16: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,495 INFO L290 TraceCheckUtils]: 17: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,495 INFO L290 TraceCheckUtils]: 18: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,495 INFO L272 TraceCheckUtils]: 19: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} call processEnvironment__wrappee__highWaterSensor(); {5416#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 20: Hoare triple {5416#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {5395#true} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 21: Hoare triple {5395#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {5395#true} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 22: Hoare triple {5395#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {5395#true} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 23: Hoare triple {5395#true} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {5395#true} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 24: Hoare triple {5395#true} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0; {5395#true} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 25: Hoare triple {5395#true} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {5395#true} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 26: Hoare triple {5395#true} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {5395#true} is VALID [2022-02-20 18:06:22,496 INFO L290 TraceCheckUtils]: 27: Hoare triple {5395#true} assume !(0 != ~tmp~5#1); {5395#true} is VALID [2022-02-20 18:06:22,497 INFO L272 TraceCheckUtils]: 28: Hoare triple {5395#true} call processEnvironment__wrappee__base(); {5395#true} is VALID [2022-02-20 18:06:22,497 INFO L290 TraceCheckUtils]: 29: Hoare triple {5395#true} assume true; {5395#true} is VALID [2022-02-20 18:06:22,497 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {5395#true} {5395#true} #239#return; {5395#true} is VALID [2022-02-20 18:06:22,497 INFO L290 TraceCheckUtils]: 31: Hoare triple {5395#true} assume true; {5395#true} is VALID [2022-02-20 18:06:22,497 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {5395#true} {5397#(= ~methaneLevelCritical~0 0)} #223#return; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,498 INFO L290 TraceCheckUtils]: 33: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume { :end_inline_processEnvironment } true; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,498 INFO L290 TraceCheckUtils]: 34: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {5397#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:06:22,498 INFO L272 TraceCheckUtils]: 35: Hoare triple {5397#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {5395#true} is VALID [2022-02-20 18:06:22,498 INFO L290 TraceCheckUtils]: 36: Hoare triple {5395#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:22,499 INFO L290 TraceCheckUtils]: 37: Hoare triple {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:22,499 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {5419#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {5397#(= ~methaneLevelCritical~0 0)} #225#return; {5414#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret28#1| 0)} is VALID [2022-02-20 18:06:22,500 INFO L290 TraceCheckUtils]: 39: Hoare triple {5414#(= |timeShift___utac_acc__Specification1_spec__1_#t~ret28#1| 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {5415#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~4#1| 0)} is VALID [2022-02-20 18:06:22,500 INFO L290 TraceCheckUtils]: 40: Hoare triple {5415#(= |timeShift___utac_acc__Specification1_spec__1_~tmp~4#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {5396#false} is VALID [2022-02-20 18:06:22,500 INFO L290 TraceCheckUtils]: 41: Hoare triple {5396#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {5396#false} is VALID [2022-02-20 18:06:22,500 INFO L290 TraceCheckUtils]: 42: Hoare triple {5396#false} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {5396#false} is VALID [2022-02-20 18:06:22,500 INFO L290 TraceCheckUtils]: 43: Hoare triple {5396#false} assume !false; {5396#false} is VALID [2022-02-20 18:06:22,501 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:22,501 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:22,501 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [865937814] [2022-02-20 18:06:22,501 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [865937814] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:22,501 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:22,501 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:06:22,501 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [629136583] [2022-02-20 18:06:22,501 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:22,502 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) Word has length 44 [2022-02-20 18:06:22,502 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:22,502 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:06:22,529 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 44 edges. 44 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:22,529 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:06:22,529 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:22,530 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:06:22,530 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:06:22,530 INFO L87 Difference]: Start difference. First operand 249 states and 310 transitions. Second operand has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:06:23,142 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:23,143 INFO L93 Difference]: Finished difference Result 739 states and 950 transitions. [2022-02-20 18:06:23,143 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-02-20 18:06:23,143 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) Word has length 44 [2022-02-20 18:06:23,143 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:23,144 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:06:23,163 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 274 transitions. [2022-02-20 18:06:23,163 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:06:23,166 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 274 transitions. [2022-02-20 18:06:23,166 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states and 274 transitions. [2022-02-20 18:06:23,376 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 274 edges. 274 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:23,390 INFO L225 Difference]: With dead ends: 739 [2022-02-20 18:06:23,390 INFO L226 Difference]: Without dead ends: 497 [2022-02-20 18:06:23,391 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 19 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 25 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=53, Invalid=157, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:06:23,391 INFO L933 BasicCegarLoop]: 74 mSDtfsCounter, 135 mSDsluCounter, 251 mSDsCounter, 0 mSdLazyCounter, 183 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 143 SdHoareTripleChecker+Valid, 325 SdHoareTripleChecker+Invalid, 230 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 183 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:23,391 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [143 Valid, 325 Invalid, 230 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 183 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:06:23,392 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 497 states. [2022-02-20 18:06:23,434 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 497 to 477. [2022-02-20 18:06:23,434 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:23,435 INFO L82 GeneralOperation]: Start isEquivalent. First operand 497 states. Second operand has 477 states, 358 states have (on average 1.2094972067039107) internal successors, (433), 379 states have internal predecessors, (433), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:23,436 INFO L74 IsIncluded]: Start isIncluded. First operand 497 states. Second operand has 477 states, 358 states have (on average 1.2094972067039107) internal successors, (433), 379 states have internal predecessors, (433), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:23,437 INFO L87 Difference]: Start difference. First operand 497 states. Second operand has 477 states, 358 states have (on average 1.2094972067039107) internal successors, (433), 379 states have internal predecessors, (433), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:23,448 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:23,448 INFO L93 Difference]: Finished difference Result 497 states and 616 transitions. [2022-02-20 18:06:23,449 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 616 transitions. [2022-02-20 18:06:23,450 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:23,450 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:23,452 INFO L74 IsIncluded]: Start isIncluded. First operand has 477 states, 358 states have (on average 1.2094972067039107) internal successors, (433), 379 states have internal predecessors, (433), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) Second operand 497 states. [2022-02-20 18:06:23,452 INFO L87 Difference]: Start difference. First operand has 477 states, 358 states have (on average 1.2094972067039107) internal successors, (433), 379 states have internal predecessors, (433), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) Second operand 497 states. [2022-02-20 18:06:23,464 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:23,464 INFO L93 Difference]: Finished difference Result 497 states and 616 transitions. [2022-02-20 18:06:23,465 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 616 transitions. [2022-02-20 18:06:23,466 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:23,466 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:23,466 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:23,466 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:23,467 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 477 states, 358 states have (on average 1.2094972067039107) internal successors, (433), 379 states have internal predecessors, (433), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:23,480 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 477 states to 477 states and 588 transitions. [2022-02-20 18:06:23,480 INFO L78 Accepts]: Start accepts. Automaton has 477 states and 588 transitions. Word has length 44 [2022-02-20 18:06:23,480 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:23,480 INFO L470 AbstractCegarLoop]: Abstraction has 477 states and 588 transitions. [2022-02-20 18:06:23,480 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.285714285714286) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:06:23,481 INFO L276 IsEmpty]: Start isEmpty. Operand 477 states and 588 transitions. [2022-02-20 18:06:23,481 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-02-20 18:06:23,481 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:23,481 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:23,482 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:06:23,482 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:23,482 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:23,482 INFO L85 PathProgramCache]: Analyzing trace with hash 934540643, now seen corresponding path program 1 times [2022-02-20 18:06:23,482 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:23,482 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [190124164] [2022-02-20 18:06:23,483 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:23,483 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:23,500 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,526 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 13 [2022-02-20 18:06:23,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 0: Hoare triple {8135#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {8111#true} is VALID [2022-02-20 18:06:23,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {8111#true} assume true; {8111#true} is VALID [2022-02-20 18:06:23,530 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8111#true} {8113#(= ~pumpRunning~0 0)} #233#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,534 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:06:23,536 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,540 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 8 [2022-02-20 18:06:23,541 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,542 INFO L290 TraceCheckUtils]: 0: Hoare triple {8111#true} assume true; {8111#true} is VALID [2022-02-20 18:06:23,543 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {8111#true} {8113#(= ~pumpRunning~0 0)} #239#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,543 INFO L290 TraceCheckUtils]: 0: Hoare triple {8136#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {8111#true} is VALID [2022-02-20 18:06:23,546 INFO L290 TraceCheckUtils]: 1: Hoare triple {8111#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,547 INFO L290 TraceCheckUtils]: 2: Hoare triple {8113#(= ~pumpRunning~0 0)} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,547 INFO L290 TraceCheckUtils]: 3: Hoare triple {8113#(= ~pumpRunning~0 0)} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,547 INFO L290 TraceCheckUtils]: 4: Hoare triple {8113#(= ~pumpRunning~0 0)} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,548 INFO L290 TraceCheckUtils]: 5: Hoare triple {8113#(= ~pumpRunning~0 0)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,548 INFO L290 TraceCheckUtils]: 6: Hoare triple {8113#(= ~pumpRunning~0 0)} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,549 INFO L290 TraceCheckUtils]: 7: Hoare triple {8113#(= ~pumpRunning~0 0)} assume !(0 != ~tmp~5#1); {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,549 INFO L272 TraceCheckUtils]: 8: Hoare triple {8113#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {8111#true} is VALID [2022-02-20 18:06:23,549 INFO L290 TraceCheckUtils]: 9: Hoare triple {8111#true} assume true; {8111#true} is VALID [2022-02-20 18:06:23,549 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {8111#true} {8113#(= ~pumpRunning~0 0)} #239#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,550 INFO L290 TraceCheckUtils]: 11: Hoare triple {8113#(= ~pumpRunning~0 0)} assume true; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,550 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {8113#(= ~pumpRunning~0 0)} {8113#(= ~pumpRunning~0 0)} #223#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,550 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:06:23,551 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:23,553 INFO L290 TraceCheckUtils]: 0: Hoare triple {8111#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {8111#true} is VALID [2022-02-20 18:06:23,554 INFO L290 TraceCheckUtils]: 1: Hoare triple {8111#true} assume true; {8111#true} is VALID [2022-02-20 18:06:23,554 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {8111#true} {8113#(= ~pumpRunning~0 0)} #225#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {8111#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,555 INFO L290 TraceCheckUtils]: 1: Hoare triple {8113#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,555 INFO L290 TraceCheckUtils]: 2: Hoare triple {8113#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,555 INFO L290 TraceCheckUtils]: 3: Hoare triple {8113#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,556 INFO L290 TraceCheckUtils]: 4: Hoare triple {8113#(= ~pumpRunning~0 0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret27#1 && main_#t~ret27#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,556 INFO L290 TraceCheckUtils]: 5: Hoare triple {8113#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,556 INFO L290 TraceCheckUtils]: 6: Hoare triple {8113#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,556 INFO L290 TraceCheckUtils]: 7: Hoare triple {8113#(= ~pumpRunning~0 0)} assume !false; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,557 INFO L290 TraceCheckUtils]: 8: Hoare triple {8113#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,557 INFO L290 TraceCheckUtils]: 9: Hoare triple {8113#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet43#1 && test_#t~nondet43#1 <= 2147483647;test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,557 INFO L290 TraceCheckUtils]: 10: Hoare triple {8113#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~8#1); {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,558 INFO L290 TraceCheckUtils]: 11: Hoare triple {8113#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet44#1 && test_#t~nondet44#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,558 INFO L290 TraceCheckUtils]: 12: Hoare triple {8113#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___0~2#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,558 INFO L272 TraceCheckUtils]: 13: Hoare triple {8113#(= ~pumpRunning~0 0)} call changeMethaneLevel(); {8135#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:06:23,558 INFO L290 TraceCheckUtils]: 14: Hoare triple {8135#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {8111#true} is VALID [2022-02-20 18:06:23,559 INFO L290 TraceCheckUtils]: 15: Hoare triple {8111#true} assume true; {8111#true} is VALID [2022-02-20 18:06:23,559 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {8111#true} {8113#(= ~pumpRunning~0 0)} #233#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,559 INFO L290 TraceCheckUtils]: 17: Hoare triple {8113#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet45#1 && test_#t~nondet45#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,559 INFO L290 TraceCheckUtils]: 18: Hoare triple {8113#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,560 INFO L272 TraceCheckUtils]: 19: Hoare triple {8113#(= ~pumpRunning~0 0)} call timeShift(); {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,560 INFO L290 TraceCheckUtils]: 20: Hoare triple {8113#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,560 INFO L290 TraceCheckUtils]: 21: Hoare triple {8113#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,561 INFO L290 TraceCheckUtils]: 22: Hoare triple {8113#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,561 INFO L272 TraceCheckUtils]: 23: Hoare triple {8113#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__highWaterSensor(); {8136#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:06:23,561 INFO L290 TraceCheckUtils]: 24: Hoare triple {8136#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~5#1; {8111#true} is VALID [2022-02-20 18:06:23,561 INFO L290 TraceCheckUtils]: 25: Hoare triple {8111#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,562 INFO L290 TraceCheckUtils]: 26: Hoare triple {8113#(= ~pumpRunning~0 0)} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~11#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,562 INFO L290 TraceCheckUtils]: 27: Hoare triple {8113#(= ~pumpRunning~0 0)} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret42#1 && isHighWaterLevel_#t~ret42#1 <= 2147483647;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,562 INFO L290 TraceCheckUtils]: 28: Hoare triple {8113#(= ~pumpRunning~0 0)} assume 0 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,563 INFO L290 TraceCheckUtils]: 29: Hoare triple {8113#(= ~pumpRunning~0 0)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,563 INFO L290 TraceCheckUtils]: 30: Hoare triple {8113#(= ~pumpRunning~0 0)} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret31#1 && #t~ret31#1 <= 2147483647;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,563 INFO L290 TraceCheckUtils]: 31: Hoare triple {8113#(= ~pumpRunning~0 0)} assume !(0 != ~tmp~5#1); {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,563 INFO L272 TraceCheckUtils]: 32: Hoare triple {8113#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {8111#true} is VALID [2022-02-20 18:06:23,563 INFO L290 TraceCheckUtils]: 33: Hoare triple {8111#true} assume true; {8111#true} is VALID [2022-02-20 18:06:23,564 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8111#true} {8113#(= ~pumpRunning~0 0)} #239#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,564 INFO L290 TraceCheckUtils]: 35: Hoare triple {8113#(= ~pumpRunning~0 0)} assume true; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,564 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {8113#(= ~pumpRunning~0 0)} {8113#(= ~pumpRunning~0 0)} #223#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,565 INFO L290 TraceCheckUtils]: 37: Hoare triple {8113#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,565 INFO L290 TraceCheckUtils]: 38: Hoare triple {8113#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,565 INFO L272 TraceCheckUtils]: 39: Hoare triple {8113#(= ~pumpRunning~0 0)} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {8111#true} is VALID [2022-02-20 18:06:23,565 INFO L290 TraceCheckUtils]: 40: Hoare triple {8111#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {8111#true} is VALID [2022-02-20 18:06:23,565 INFO L290 TraceCheckUtils]: 41: Hoare triple {8111#true} assume true; {8111#true} is VALID [2022-02-20 18:06:23,566 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {8111#true} {8113#(= ~pumpRunning~0 0)} #225#return; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,566 INFO L290 TraceCheckUtils]: 43: Hoare triple {8113#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret28#1 && __utac_acc__Specification1_spec__1_#t~ret28#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {8113#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:06:23,566 INFO L290 TraceCheckUtils]: 44: Hoare triple {8113#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {8133#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:06:23,567 INFO L290 TraceCheckUtils]: 45: Hoare triple {8133#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification1_spec__1_#t~ret29#1 && __utac_acc__Specification1_spec__1_#t~ret29#1 <= 2147483647;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {8134#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:06:23,567 INFO L290 TraceCheckUtils]: 46: Hoare triple {8134#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~0#1| 0)} assume 0 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {8112#false} is VALID [2022-02-20 18:06:23,567 INFO L290 TraceCheckUtils]: 47: Hoare triple {8112#false} assume !false; {8112#false} is VALID [2022-02-20 18:06:23,567 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:23,568 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:06:23,568 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [190124164] [2022-02-20 18:06:23,568 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [190124164] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:23,568 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:23,568 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:06:23,568 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2054411078] [2022-02-20 18:06:23,568 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:23,569 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 5 states have internal predecessors, (39), 1 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) Word has length 48 [2022-02-20 18:06:23,569 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:23,569 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 5 states have internal predecessors, (39), 1 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:06:23,609 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:23,609 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:06:23,609 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:06:23,609 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:06:23,609 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:06:23,610 INFO L87 Difference]: Start difference. First operand 477 states and 588 transitions. Second operand has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 5 states have internal predecessors, (39), 1 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:06:24,385 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:24,389 INFO L93 Difference]: Finished difference Result 499 states and 617 transitions. [2022-02-20 18:06:24,390 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-02-20 18:06:24,390 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 5 states have internal predecessors, (39), 1 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) Word has length 48 [2022-02-20 18:06:24,390 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:24,390 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 5 states have internal predecessors, (39), 1 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:06:24,392 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 175 transitions. [2022-02-20 18:06:24,392 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 5 states have internal predecessors, (39), 1 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:06:24,393 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 175 transitions. [2022-02-20 18:06:24,393 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states and 175 transitions. [2022-02-20 18:06:24,563 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 175 edges. 175 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:24,576 INFO L225 Difference]: With dead ends: 499 [2022-02-20 18:06:24,576 INFO L226 Difference]: Without dead ends: 497 [2022-02-20 18:06:24,577 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 28 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 39 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=84, Invalid=188, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:06:24,578 INFO L933 BasicCegarLoop]: 77 mSDtfsCounter, 165 mSDsluCounter, 100 mSDsCounter, 0 mSdLazyCounter, 314 mSolverCounterSat, 55 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 167 SdHoareTripleChecker+Valid, 177 SdHoareTripleChecker+Invalid, 369 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 55 IncrementalHoareTripleChecker+Valid, 314 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:24,579 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [167 Valid, 177 Invalid, 369 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [55 Valid, 314 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:06:24,579 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 497 states. [2022-02-20 18:06:24,623 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 497 to 477. [2022-02-20 18:06:24,623 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:24,624 INFO L82 GeneralOperation]: Start isEquivalent. First operand 497 states. Second operand has 477 states, 358 states have (on average 1.1983240223463687) internal successors, (429), 379 states have internal predecessors, (429), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:24,624 INFO L74 IsIncluded]: Start isIncluded. First operand 497 states. Second operand has 477 states, 358 states have (on average 1.1983240223463687) internal successors, (429), 379 states have internal predecessors, (429), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:24,625 INFO L87 Difference]: Start difference. First operand 497 states. Second operand has 477 states, 358 states have (on average 1.1983240223463687) internal successors, (429), 379 states have internal predecessors, (429), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:24,636 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:24,636 INFO L93 Difference]: Finished difference Result 497 states and 612 transitions. [2022-02-20 18:06:24,636 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 612 transitions. [2022-02-20 18:06:24,637 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:24,637 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:24,638 INFO L74 IsIncluded]: Start isIncluded. First operand has 477 states, 358 states have (on average 1.1983240223463687) internal successors, (429), 379 states have internal predecessors, (429), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) Second operand 497 states. [2022-02-20 18:06:24,639 INFO L87 Difference]: Start difference. First operand has 477 states, 358 states have (on average 1.1983240223463687) internal successors, (429), 379 states have internal predecessors, (429), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) Second operand 497 states. [2022-02-20 18:06:24,650 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:24,650 INFO L93 Difference]: Finished difference Result 497 states and 612 transitions. [2022-02-20 18:06:24,650 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 612 transitions. [2022-02-20 18:06:24,651 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:24,651 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:24,651 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:24,651 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:24,652 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 477 states, 358 states have (on average 1.1983240223463687) internal successors, (429), 379 states have internal predecessors, (429), 60 states have call successors, (60), 56 states have call predecessors, (60), 58 states have return successors, (95), 60 states have call predecessors, (95), 60 states have call successors, (95) [2022-02-20 18:06:24,665 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 477 states to 477 states and 584 transitions. [2022-02-20 18:06:24,666 INFO L78 Accepts]: Start accepts. Automaton has 477 states and 584 transitions. Word has length 48 [2022-02-20 18:06:24,666 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:24,666 INFO L470 AbstractCegarLoop]: Abstraction has 477 states and 584 transitions. [2022-02-20 18:06:24,666 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 5.571428571428571) internal successors, (39), 5 states have internal predecessors, (39), 1 states have call successors, (5), 4 states have call predecessors, (5), 2 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:06:24,666 INFO L276 IsEmpty]: Start isEmpty. Operand 477 states and 584 transitions. [2022-02-20 18:06:24,667 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:06:24,667 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:24,667 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:24,667 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:06:24,667 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:24,668 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:24,668 INFO L85 PathProgramCache]: Analyzing trace with hash -129816747, now seen corresponding path program 1 times [2022-02-20 18:06:24,668 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:06:24,668 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [849873630] [2022-02-20 18:06:24,668 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:24,668 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:06:24,693 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:06:24,693 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:06:24,703 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:06:24,740 INFO L138 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2022-02-20 18:06:24,741 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:06:24,748 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:06:24,750 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2022-02-20 18:06:24,752 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:24,754 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:06:24,793 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:06:24,793 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:06:24,796 INFO L158 Benchmark]: Toolchain (without parser) took 8083.15ms. Allocated memory was 117.4MB in the beginning and 205.5MB in the end (delta: 88.1MB). Free memory was 87.3MB in the beginning and 90.9MB in the end (delta: -3.5MB). Peak memory consumption was 84.8MB. Max. memory is 16.1GB. [2022-02-20 18:06:24,797 INFO L158 Benchmark]: CDTParser took 0.17ms. Allocated memory is still 117.4MB. Free memory was 72.2MB in the beginning and 72.2MB in the end (delta: 85.4kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:06:24,797 INFO L158 Benchmark]: CACSL2BoogieTranslator took 430.83ms. Allocated memory is still 117.4MB. Free memory was 87.0MB in the beginning and 83.0MB in the end (delta: 4.0MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-20 18:06:24,797 INFO L158 Benchmark]: Boogie Procedure Inliner took 55.42ms. Allocated memory is still 117.4MB. Free memory was 83.0MB in the beginning and 80.3MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:06:24,797 INFO L158 Benchmark]: Boogie Preprocessor took 32.78ms. Allocated memory is still 117.4MB. Free memory was 80.3MB in the beginning and 78.8MB in the end (delta: 1.5MB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:06:24,797 INFO L158 Benchmark]: RCFGBuilder took 452.03ms. Allocated memory is still 117.4MB. Free memory was 78.8MB in the beginning and 58.8MB in the end (delta: 20.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:06:24,811 INFO L158 Benchmark]: TraceAbstraction took 7106.75ms. Allocated memory was 117.4MB in the beginning and 205.5MB in the end (delta: 88.1MB). Free memory was 58.3MB in the beginning and 90.9MB in the end (delta: -32.6MB). Peak memory consumption was 60.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:24,812 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.17ms. Allocated memory is still 117.4MB. Free memory was 72.2MB in the beginning and 72.2MB in the end (delta: 85.4kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 430.83ms. Allocated memory is still 117.4MB. Free memory was 87.0MB in the beginning and 83.0MB in the end (delta: 4.0MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 55.42ms. Allocated memory is still 117.4MB. Free memory was 83.0MB in the beginning and 80.3MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 32.78ms. Allocated memory is still 117.4MB. Free memory was 80.3MB in the beginning and 78.8MB in the end (delta: 1.5MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 452.03ms. Allocated memory is still 117.4MB. Free memory was 78.8MB in the beginning and 58.8MB in the end (delta: 20.0MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 7106.75ms. Allocated memory was 117.4MB in the beginning and 205.5MB in the end (delta: 88.1MB). Free memory was 58.3MB in the beginning and 90.9MB in the end (delta: -32.6MB). Peak memory consumption was 60.1MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:06:24,848 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 577813f622c64f907053c4832aa01617433208d6dc94051427e21d3f2bb7bdeb --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:06:26,655 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:06:26,656 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:06:26,680 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:06:26,681 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:06:26,682 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:06:26,683 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:06:26,684 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:06:26,685 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:06:26,685 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:06:26,686 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:06:26,687 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:06:26,687 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:06:26,688 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:06:26,688 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:06:26,689 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:06:26,690 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:06:26,690 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:06:26,691 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:06:26,693 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:06:26,694 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:06:26,695 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:06:26,695 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:06:26,696 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:06:26,698 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:06:26,698 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:06:26,698 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:06:26,699 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:06:26,699 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:06:26,700 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:06:26,700 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:06:26,701 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:06:26,701 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:06:26,702 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:06:26,703 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:06:26,703 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:06:26,703 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:06:26,704 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:06:26,704 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:06:26,704 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:06:26,705 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:06:26,706 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf [2022-02-20 18:06:26,721 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:06:26,721 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:06:26,721 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:06:26,721 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:06:26,722 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:06:26,722 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:06:26,722 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:06:26,722 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:06:26,723 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:06:26,723 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:06:26,723 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:06:26,723 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:06:26,723 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:06:26,723 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:06:26,723 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:06:26,724 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:06:26,724 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 18:06:26,724 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-02-20 18:06:26,724 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-02-20 18:06:26,724 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:06:26,724 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:06:26,724 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:06:26,725 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:06:26,725 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:06:26,725 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:06:26,725 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:06:26,725 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:26,725 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:06:26,725 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:06:26,726 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:06:26,726 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-02-20 18:06:26,726 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-02-20 18:06:26,726 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:06:26,726 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:06:26,726 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:06:26,726 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-02-20 18:06:26,727 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 577813f622c64f907053c4832aa01617433208d6dc94051427e21d3f2bb7bdeb [2022-02-20 18:06:26,953 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:06:26,965 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:06:26,967 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:06:26,968 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:06:26,971 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:06:26,972 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c [2022-02-20 18:06:27,025 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/22f8385a1/fbea518d0d5e4cc49a160e33b2d70b9c/FLAG904e18e80 [2022-02-20 18:06:27,447 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:06:27,448 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c [2022-02-20 18:06:27,456 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/22f8385a1/fbea518d0d5e4cc49a160e33b2d70b9c/FLAG904e18e80 [2022-02-20 18:06:27,465 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/22f8385a1/fbea518d0d5e4cc49a160e33b2d70b9c [2022-02-20 18:06:27,467 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:06:27,468 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:06:27,469 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:27,469 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:06:27,485 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:06:27,486 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:27" (1/1) ... [2022-02-20 18:06:27,487 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@486c722d and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:27, skipping insertion in model container [2022-02-20 18:06:27,487 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:06:27" (1/1) ... [2022-02-20 18:06:27,492 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:06:27,541 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:06:27,797 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c[13023,13036] [2022-02-20 18:06:27,842 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:27,863 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-02-20 18:06:27,873 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:06:27,918 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c[13023,13036] [2022-02-20 18:06:27,929 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:27,937 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:06:27,968 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec1_product37.cil.c[13023,13036] [2022-02-20 18:06:27,977 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:06:28,029 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:06:28,029 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28 WrapperNode [2022-02-20 18:06:28,029 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:06:28,030 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:28,030 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:06:28,030 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:06:28,034 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,062 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,095 INFO L137 Inliner]: procedures = 55, calls = 153, calls flagged for inlining = 21, calls inlined = 18, statements flattened = 228 [2022-02-20 18:06:28,096 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:06:28,097 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:06:28,097 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:06:28,098 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:06:28,104 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,104 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,111 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,127 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,132 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,135 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,136 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,138 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:06:28,139 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:06:28,139 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:06:28,139 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:06:28,140 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (1/1) ... [2022-02-20 18:06:28,159 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:06:28,169 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:06:28,198 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:06:28,203 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:06:28,225 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:06:28,226 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:06:28,226 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:06:28,226 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:06:28,227 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:06:28,227 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:06:28,227 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:06:28,227 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:06:28,227 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:06:28,228 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:06:28,228 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:06:28,228 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:06:28,228 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:06:28,228 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE1 [2022-02-20 18:06:28,228 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:06:28,228 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:06:28,228 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:06:28,229 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:06:28,283 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:06:28,284 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:06:28,551 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:06:28,557 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:06:28,557 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:06:28,558 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:28 BoogieIcfgContainer [2022-02-20 18:06:28,558 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:06:28,560 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:06:28,560 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:06:28,562 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:06:28,562 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:06:27" (1/3) ... [2022-02-20 18:06:28,562 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1f07f137 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:28, skipping insertion in model container [2022-02-20 18:06:28,563 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:06:28" (2/3) ... [2022-02-20 18:06:28,563 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@1f07f137 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:06:28, skipping insertion in model container [2022-02-20 18:06:28,563 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:06:28" (3/3) ... [2022-02-20 18:06:28,564 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec1_product37.cil.c [2022-02-20 18:06:28,567 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:06:28,567 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:06:28,610 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:06:28,643 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:06:28,643 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:06:28,658 INFO L276 IsEmpty]: Start isEmpty. Operand has 85 states, 64 states have (on average 1.390625) internal successors, (89), 72 states have internal predecessors, (89), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:06:28,663 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 24 [2022-02-20 18:06:28,664 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:28,664 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:28,665 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:28,670 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:28,670 INFO L85 PathProgramCache]: Analyzing trace with hash -706687540, now seen corresponding path program 1 times [2022-02-20 18:06:28,681 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:28,682 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1583846884] [2022-02-20 18:06:28,682 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:28,683 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:28,683 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:28,686 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:28,687 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-02-20 18:06:28,791 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:28,794 INFO L263 TraceCheckSpWp]: Trace formula consists of 150 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:06:28,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:28,809 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:28,888 INFO L290 TraceCheckUtils]: 0: Hoare triple {88#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {88#true} is VALID [2022-02-20 18:06:28,888 INFO L290 TraceCheckUtils]: 1: Hoare triple {88#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {88#true} is VALID [2022-02-20 18:06:28,889 INFO L290 TraceCheckUtils]: 2: Hoare triple {88#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {88#true} is VALID [2022-02-20 18:06:28,889 INFO L290 TraceCheckUtils]: 3: Hoare triple {88#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {88#true} is VALID [2022-02-20 18:06:28,889 INFO L290 TraceCheckUtils]: 4: Hoare triple {88#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {88#true} is VALID [2022-02-20 18:06:28,889 INFO L290 TraceCheckUtils]: 5: Hoare triple {88#true} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {88#true} is VALID [2022-02-20 18:06:28,889 INFO L290 TraceCheckUtils]: 6: Hoare triple {88#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {88#true} is VALID [2022-02-20 18:06:28,890 INFO L290 TraceCheckUtils]: 7: Hoare triple {88#true} assume !true; {89#false} is VALID [2022-02-20 18:06:28,890 INFO L272 TraceCheckUtils]: 8: Hoare triple {89#false} call cleanup(); {89#false} is VALID [2022-02-20 18:06:28,890 INFO L290 TraceCheckUtils]: 9: Hoare triple {89#false} havoc ~i~0;havoc ~__cil_tmp2~0; {89#false} is VALID [2022-02-20 18:06:28,891 INFO L272 TraceCheckUtils]: 10: Hoare triple {89#false} call timeShift(); {89#false} is VALID [2022-02-20 18:06:28,891 INFO L290 TraceCheckUtils]: 11: Hoare triple {89#false} assume !(0bv32 != ~pumpRunning~0); {89#false} is VALID [2022-02-20 18:06:28,891 INFO L290 TraceCheckUtils]: 12: Hoare triple {89#false} assume !(0bv32 != ~systemActive~0); {89#false} is VALID [2022-02-20 18:06:28,891 INFO L290 TraceCheckUtils]: 13: Hoare triple {89#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {89#false} is VALID [2022-02-20 18:06:28,891 INFO L272 TraceCheckUtils]: 14: Hoare triple {89#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {89#false} is VALID [2022-02-20 18:06:28,892 INFO L290 TraceCheckUtils]: 15: Hoare triple {89#false} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {89#false} is VALID [2022-02-20 18:06:28,892 INFO L290 TraceCheckUtils]: 16: Hoare triple {89#false} assume true; {89#false} is VALID [2022-02-20 18:06:28,892 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {89#false} {89#false} #225#return; {89#false} is VALID [2022-02-20 18:06:28,892 INFO L290 TraceCheckUtils]: 18: Hoare triple {89#false} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {89#false} is VALID [2022-02-20 18:06:28,893 INFO L290 TraceCheckUtils]: 19: Hoare triple {89#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {89#false} is VALID [2022-02-20 18:06:28,893 INFO L290 TraceCheckUtils]: 20: Hoare triple {89#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {89#false} is VALID [2022-02-20 18:06:28,893 INFO L290 TraceCheckUtils]: 21: Hoare triple {89#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {89#false} is VALID [2022-02-20 18:06:28,893 INFO L290 TraceCheckUtils]: 22: Hoare triple {89#false} assume !false; {89#false} is VALID [2022-02-20 18:06:28,894 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:28,894 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:28,895 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:28,895 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1583846884] [2022-02-20 18:06:28,895 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1583846884] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:28,896 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:28,896 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:06:28,897 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1947668897] [2022-02-20 18:06:28,897 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:28,901 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:28,902 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:28,904 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:28,930 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:28,930 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:06:28,931 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:28,947 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:06:28,948 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:28,951 INFO L87 Difference]: Start difference. First operand has 85 states, 64 states have (on average 1.390625) internal successors, (89), 72 states have internal predecessors, (89), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 10 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,034 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:29,035 INFO L93 Difference]: Finished difference Result 162 states and 221 transitions. [2022-02-20 18:06:29,035 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:06:29,035 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 23 [2022-02-20 18:06:29,035 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:29,036 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,045 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 221 transitions. [2022-02-20 18:06:29,046 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,052 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 221 transitions. [2022-02-20 18:06:29,053 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 221 transitions. [2022-02-20 18:06:29,228 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 221 edges. 221 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:29,236 INFO L225 Difference]: With dead ends: 162 [2022-02-20 18:06:29,237 INFO L226 Difference]: Without dead ends: 76 [2022-02-20 18:06:29,239 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 22 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:06:29,241 INFO L933 BasicCegarLoop]: 107 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 107 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:29,242 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 107 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:29,253 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2022-02-20 18:06:29,270 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 76. [2022-02-20 18:06:29,271 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:29,272 INFO L82 GeneralOperation]: Start isEquivalent. First operand 76 states. Second operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:29,275 INFO L74 IsIncluded]: Start isIncluded. First operand 76 states. Second operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:29,279 INFO L87 Difference]: Start difference. First operand 76 states. Second operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:29,285 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:29,286 INFO L93 Difference]: Finished difference Result 76 states and 98 transitions. [2022-02-20 18:06:29,286 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:06:29,287 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:29,287 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:29,288 INFO L74 IsIncluded]: Start isIncluded. First operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) Second operand 76 states. [2022-02-20 18:06:29,288 INFO L87 Difference]: Start difference. First operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) Second operand 76 states. [2022-02-20 18:06:29,293 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:29,293 INFO L93 Difference]: Finished difference Result 76 states and 98 transitions. [2022-02-20 18:06:29,293 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:06:29,294 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:29,294 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:29,294 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:29,294 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:29,295 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 76 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 64 states have internal predecessors, (75), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:06:29,298 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 76 states to 76 states and 98 transitions. [2022-02-20 18:06:29,299 INFO L78 Accepts]: Start accepts. Automaton has 76 states and 98 transitions. Word has length 23 [2022-02-20 18:06:29,300 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:29,300 INFO L470 AbstractCegarLoop]: Abstraction has 76 states and 98 transitions. [2022-02-20 18:06:29,300 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 9.5) internal successors, (19), 2 states have internal predecessors, (19), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,300 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:06:29,301 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:06:29,301 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:29,302 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:29,317 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:29,512 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:29,513 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:29,514 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:29,514 INFO L85 PathProgramCache]: Analyzing trace with hash -495697199, now seen corresponding path program 1 times [2022-02-20 18:06:29,515 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:29,515 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [196211118] [2022-02-20 18:06:29,515 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:29,515 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:29,515 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:29,517 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:29,521 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-02-20 18:06:29,614 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:29,616 INFO L263 TraceCheckSpWp]: Trace formula consists of 151 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:06:29,632 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:29,632 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:29,707 INFO L290 TraceCheckUtils]: 0: Hoare triple {655#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {655#true} is VALID [2022-02-20 18:06:29,707 INFO L290 TraceCheckUtils]: 1: Hoare triple {655#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {655#true} is VALID [2022-02-20 18:06:29,707 INFO L290 TraceCheckUtils]: 2: Hoare triple {655#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {655#true} is VALID [2022-02-20 18:06:29,707 INFO L290 TraceCheckUtils]: 3: Hoare triple {655#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {655#true} is VALID [2022-02-20 18:06:29,707 INFO L290 TraceCheckUtils]: 4: Hoare triple {655#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {655#true} is VALID [2022-02-20 18:06:29,707 INFO L290 TraceCheckUtils]: 5: Hoare triple {655#true} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {655#true} is VALID [2022-02-20 18:06:29,708 INFO L290 TraceCheckUtils]: 6: Hoare triple {655#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {678#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:06:29,708 INFO L290 TraceCheckUtils]: 7: Hoare triple {678#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !false; {678#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:06:29,709 INFO L290 TraceCheckUtils]: 8: Hoare triple {678#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !~bvslt32(test_~splverifierCounter~0#1, 4bv32); {656#false} is VALID [2022-02-20 18:06:29,709 INFO L272 TraceCheckUtils]: 9: Hoare triple {656#false} call cleanup(); {656#false} is VALID [2022-02-20 18:06:29,709 INFO L290 TraceCheckUtils]: 10: Hoare triple {656#false} havoc ~i~0;havoc ~__cil_tmp2~0; {656#false} is VALID [2022-02-20 18:06:29,709 INFO L272 TraceCheckUtils]: 11: Hoare triple {656#false} call timeShift(); {656#false} is VALID [2022-02-20 18:06:29,709 INFO L290 TraceCheckUtils]: 12: Hoare triple {656#false} assume !(0bv32 != ~pumpRunning~0); {656#false} is VALID [2022-02-20 18:06:29,709 INFO L290 TraceCheckUtils]: 13: Hoare triple {656#false} assume !(0bv32 != ~systemActive~0); {656#false} is VALID [2022-02-20 18:06:29,709 INFO L290 TraceCheckUtils]: 14: Hoare triple {656#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {656#false} is VALID [2022-02-20 18:06:29,709 INFO L272 TraceCheckUtils]: 15: Hoare triple {656#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {656#false} is VALID [2022-02-20 18:06:29,709 INFO L290 TraceCheckUtils]: 16: Hoare triple {656#false} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {656#false} is VALID [2022-02-20 18:06:29,709 INFO L290 TraceCheckUtils]: 17: Hoare triple {656#false} assume true; {656#false} is VALID [2022-02-20 18:06:29,710 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {656#false} {656#false} #225#return; {656#false} is VALID [2022-02-20 18:06:29,710 INFO L290 TraceCheckUtils]: 19: Hoare triple {656#false} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {656#false} is VALID [2022-02-20 18:06:29,710 INFO L290 TraceCheckUtils]: 20: Hoare triple {656#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {656#false} is VALID [2022-02-20 18:06:29,710 INFO L290 TraceCheckUtils]: 21: Hoare triple {656#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {656#false} is VALID [2022-02-20 18:06:29,710 INFO L290 TraceCheckUtils]: 22: Hoare triple {656#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {656#false} is VALID [2022-02-20 18:06:29,710 INFO L290 TraceCheckUtils]: 23: Hoare triple {656#false} assume !false; {656#false} is VALID [2022-02-20 18:06:29,710 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:29,710 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:29,710 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:29,711 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [196211118] [2022-02-20 18:06:29,711 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [196211118] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:29,711 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:29,711 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:06:29,711 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1573034916] [2022-02-20 18:06:29,711 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:29,712 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:29,713 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:29,713 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,732 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:29,732 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:29,733 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:29,733 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:29,733 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:29,733 INFO L87 Difference]: Start difference. First operand 76 states and 98 transitions. Second operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,837 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:29,837 INFO L93 Difference]: Finished difference Result 118 states and 152 transitions. [2022-02-20 18:06:29,837 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:29,837 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 24 [2022-02-20 18:06:29,837 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:29,837 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,840 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 152 transitions. [2022-02-20 18:06:29,840 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,842 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 152 transitions. [2022-02-20 18:06:29,842 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 152 transitions. [2022-02-20 18:06:29,964 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 152 edges. 152 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:29,966 INFO L225 Difference]: With dead ends: 118 [2022-02-20 18:06:29,966 INFO L226 Difference]: Without dead ends: 67 [2022-02-20 18:06:29,967 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 23 GetRequests, 22 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:29,968 INFO L933 BasicCegarLoop]: 85 mSDtfsCounter, 12 mSDsluCounter, 69 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 154 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:29,968 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 154 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:29,969 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2022-02-20 18:06:29,972 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2022-02-20 18:06:29,972 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:29,973 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:29,973 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:29,973 INFO L87 Difference]: Start difference. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:29,976 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:29,976 INFO L93 Difference]: Finished difference Result 67 states and 86 transitions. [2022-02-20 18:06:29,976 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 86 transitions. [2022-02-20 18:06:29,977 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:29,977 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:29,977 INFO L74 IsIncluded]: Start isIncluded. First operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:29,978 INFO L87 Difference]: Start difference. First operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:29,980 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:29,980 INFO L93 Difference]: Finished difference Result 67 states and 86 transitions. [2022-02-20 18:06:29,980 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 86 transitions. [2022-02-20 18:06:29,981 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:29,981 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:29,981 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:29,981 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:29,982 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 67 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 58 states have internal predecessors, (68), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:29,985 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 86 transitions. [2022-02-20 18:06:29,985 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 86 transitions. Word has length 24 [2022-02-20 18:06:29,985 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:29,985 INFO L470 AbstractCegarLoop]: Abstraction has 67 states and 86 transitions. [2022-02-20 18:06:29,985 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.666666666666667) internal successors, (20), 3 states have internal predecessors, (20), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:29,985 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 86 transitions. [2022-02-20 18:06:29,986 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-02-20 18:06:29,986 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:29,986 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:30,008 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:30,208 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:30,209 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:30,209 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:30,209 INFO L85 PathProgramCache]: Analyzing trace with hash 1824556621, now seen corresponding path program 1 times [2022-02-20 18:06:30,210 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:30,210 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [102359521] [2022-02-20 18:06:30,210 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:30,210 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:30,210 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:30,216 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:30,217 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-02-20 18:06:30,257 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:30,260 INFO L263 TraceCheckSpWp]: Trace formula consists of 151 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:06:30,272 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:30,273 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:30,371 INFO L290 TraceCheckUtils]: 0: Hoare triple {1130#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,371 INFO L290 TraceCheckUtils]: 1: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,371 INFO L290 TraceCheckUtils]: 2: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,372 INFO L290 TraceCheckUtils]: 3: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,372 INFO L290 TraceCheckUtils]: 4: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,372 INFO L290 TraceCheckUtils]: 5: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,373 INFO L290 TraceCheckUtils]: 6: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,373 INFO L290 TraceCheckUtils]: 7: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume !false; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,373 INFO L290 TraceCheckUtils]: 8: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,374 INFO L290 TraceCheckUtils]: 9: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,374 INFO L290 TraceCheckUtils]: 10: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~8#1); {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,374 INFO L290 TraceCheckUtils]: 11: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,375 INFO L290 TraceCheckUtils]: 12: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~2#1); {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,375 INFO L290 TraceCheckUtils]: 13: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,375 INFO L290 TraceCheckUtils]: 14: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,376 INFO L272 TraceCheckUtils]: 15: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} call timeShift(); {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,376 INFO L290 TraceCheckUtils]: 16: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {1135#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 17: Hoare triple {1135#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~systemActive~0); {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 18: Hoare triple {1131#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L272 TraceCheckUtils]: 19: Hoare triple {1131#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 20: Hoare triple {1131#false} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 21: Hoare triple {1131#false} assume true; {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1131#false} {1131#false} #225#return; {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 23: Hoare triple {1131#false} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 24: Hoare triple {1131#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 25: Hoare triple {1131#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {1131#false} is VALID [2022-02-20 18:06:30,377 INFO L290 TraceCheckUtils]: 26: Hoare triple {1131#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1131#false} is VALID [2022-02-20 18:06:30,378 INFO L290 TraceCheckUtils]: 27: Hoare triple {1131#false} assume !false; {1131#false} is VALID [2022-02-20 18:06:30,378 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:30,378 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:30,378 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:30,378 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [102359521] [2022-02-20 18:06:30,378 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [102359521] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:30,378 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:30,378 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:06:30,378 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1328860838] [2022-02-20 18:06:30,378 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:30,379 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 28 [2022-02-20 18:06:30,379 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:30,379 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:30,418 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:30,418 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:30,418 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:30,419 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:30,419 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:30,419 INFO L87 Difference]: Start difference. First operand 67 states and 86 transitions. Second operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:30,498 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:30,498 INFO L93 Difference]: Finished difference Result 127 states and 166 transitions. [2022-02-20 18:06:30,498 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:30,498 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 28 [2022-02-20 18:06:30,499 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:30,499 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:30,502 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2022-02-20 18:06:30,512 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:30,515 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 166 transitions. [2022-02-20 18:06:30,515 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 166 transitions. [2022-02-20 18:06:30,680 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 166 edges. 166 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:30,682 INFO L225 Difference]: With dead ends: 127 [2022-02-20 18:06:30,682 INFO L226 Difference]: Without dead ends: 67 [2022-02-20 18:06:30,683 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 27 GetRequests, 26 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:30,683 INFO L933 BasicCegarLoop]: 84 mSDtfsCounter, 68 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 68 SdHoareTripleChecker+Valid, 84 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:30,684 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [68 Valid, 84 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:30,684 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 67 states. [2022-02-20 18:06:30,704 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 67 to 67. [2022-02-20 18:06:30,704 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:30,704 INFO L82 GeneralOperation]: Start isEquivalent. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:30,705 INFO L74 IsIncluded]: Start isIncluded. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:30,705 INFO L87 Difference]: Start difference. First operand 67 states. Second operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:30,707 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:30,707 INFO L93 Difference]: Finished difference Result 67 states and 85 transitions. [2022-02-20 18:06:30,707 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2022-02-20 18:06:30,708 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:30,708 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:30,708 INFO L74 IsIncluded]: Start isIncluded. First operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:30,709 INFO L87 Difference]: Start difference. First operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) Second operand 67 states. [2022-02-20 18:06:30,711 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:30,711 INFO L93 Difference]: Finished difference Result 67 states and 85 transitions. [2022-02-20 18:06:30,711 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2022-02-20 18:06:30,711 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:30,711 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:30,711 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:30,711 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:30,712 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 67 states, 51 states have (on average 1.3137254901960784) internal successors, (67), 58 states have internal predecessors, (67), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 7 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:06:30,714 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 67 states to 67 states and 85 transitions. [2022-02-20 18:06:30,714 INFO L78 Accepts]: Start accepts. Automaton has 67 states and 85 transitions. Word has length 28 [2022-02-20 18:06:30,714 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:30,714 INFO L470 AbstractCegarLoop]: Abstraction has 67 states and 85 transitions. [2022-02-20 18:06:30,714 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.333333333333334) internal successors, (25), 2 states have internal predecessors, (25), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:06:30,714 INFO L276 IsEmpty]: Start isEmpty. Operand 67 states and 85 transitions. [2022-02-20 18:06:30,715 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:06:30,715 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:30,715 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:30,731 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:30,922 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:30,922 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:30,923 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:30,923 INFO L85 PathProgramCache]: Analyzing trace with hash -412666649, now seen corresponding path program 1 times [2022-02-20 18:06:30,924 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:30,924 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2080477349] [2022-02-20 18:06:30,924 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:30,924 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:30,924 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:30,925 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:30,927 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-02-20 18:06:30,969 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:30,971 INFO L263 TraceCheckSpWp]: Trace formula consists of 165 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:06:30,985 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:30,986 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:31,135 INFO L290 TraceCheckUtils]: 0: Hoare triple {1627#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,137 INFO L290 TraceCheckUtils]: 2: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,138 INFO L290 TraceCheckUtils]: 3: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,138 INFO L290 TraceCheckUtils]: 4: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,139 INFO L290 TraceCheckUtils]: 5: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,139 INFO L290 TraceCheckUtils]: 6: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,140 INFO L290 TraceCheckUtils]: 7: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume !false; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,140 INFO L290 TraceCheckUtils]: 8: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,140 INFO L290 TraceCheckUtils]: 9: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,141 INFO L290 TraceCheckUtils]: 10: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp~8#1); {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,142 INFO L290 TraceCheckUtils]: 11: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,143 INFO L290 TraceCheckUtils]: 12: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp___0~2#1); {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,144 INFO L290 TraceCheckUtils]: 13: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,144 INFO L290 TraceCheckUtils]: 14: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___2~0#1; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,144 INFO L272 TraceCheckUtils]: 15: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} call timeShift(); {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,145 INFO L290 TraceCheckUtils]: 16: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,145 INFO L290 TraceCheckUtils]: 17: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,145 INFO L290 TraceCheckUtils]: 18: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {1632#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,146 INFO L272 TraceCheckUtils]: 19: Hoare triple {1632#(= (_ bv0 32) ~pumpRunning~0)} call processEnvironment__wrappee__highWaterSensor(); {1690#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,146 INFO L290 TraceCheckUtils]: 20: Hoare triple {1690#(= |old(~pumpRunning~0)| ~pumpRunning~0)} havoc ~tmp~5#1; {1690#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:31,147 INFO L290 TraceCheckUtils]: 21: Hoare triple {1690#(= |old(~pumpRunning~0)| ~pumpRunning~0)} assume !(0bv32 == ~pumpRunning~0); {1697#(and (not (= (_ bv0 32) ~pumpRunning~0)) (= |old(~pumpRunning~0)| ~pumpRunning~0))} is VALID [2022-02-20 18:06:31,147 INFO L272 TraceCheckUtils]: 22: Hoare triple {1697#(and (not (= (_ bv0 32) ~pumpRunning~0)) (= |old(~pumpRunning~0)| ~pumpRunning~0))} call processEnvironment__wrappee__base(); {1701#(not (= (_ bv0 32) ~pumpRunning~0))} is VALID [2022-02-20 18:06:31,148 INFO L290 TraceCheckUtils]: 23: Hoare triple {1701#(not (= (_ bv0 32) ~pumpRunning~0))} assume true; {1701#(not (= (_ bv0 32) ~pumpRunning~0))} is VALID [2022-02-20 18:06:31,148 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {1701#(not (= (_ bv0 32) ~pumpRunning~0))} {1697#(and (not (= (_ bv0 32) ~pumpRunning~0)) (= |old(~pumpRunning~0)| ~pumpRunning~0))} #241#return; {1697#(and (not (= (_ bv0 32) ~pumpRunning~0)) (= |old(~pumpRunning~0)| ~pumpRunning~0))} is VALID [2022-02-20 18:06:31,148 INFO L290 TraceCheckUtils]: 25: Hoare triple {1697#(and (not (= (_ bv0 32) ~pumpRunning~0)) (= |old(~pumpRunning~0)| ~pumpRunning~0))} assume true; {1697#(and (not (= (_ bv0 32) ~pumpRunning~0)) (= |old(~pumpRunning~0)| ~pumpRunning~0))} is VALID [2022-02-20 18:06:31,149 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {1697#(and (not (= (_ bv0 32) ~pumpRunning~0)) (= |old(~pumpRunning~0)| ~pumpRunning~0))} {1632#(= (_ bv0 32) ~pumpRunning~0)} #223#return; {1628#false} is VALID [2022-02-20 18:06:31,149 INFO L290 TraceCheckUtils]: 27: Hoare triple {1628#false} assume { :end_inline_processEnvironment } true; {1628#false} is VALID [2022-02-20 18:06:31,149 INFO L290 TraceCheckUtils]: 28: Hoare triple {1628#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {1628#false} is VALID [2022-02-20 18:06:31,149 INFO L272 TraceCheckUtils]: 29: Hoare triple {1628#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {1628#false} is VALID [2022-02-20 18:06:31,149 INFO L290 TraceCheckUtils]: 30: Hoare triple {1628#false} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1628#false} is VALID [2022-02-20 18:06:31,149 INFO L290 TraceCheckUtils]: 31: Hoare triple {1628#false} assume true; {1628#false} is VALID [2022-02-20 18:06:31,150 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {1628#false} {1628#false} #225#return; {1628#false} is VALID [2022-02-20 18:06:31,150 INFO L290 TraceCheckUtils]: 33: Hoare triple {1628#false} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {1628#false} is VALID [2022-02-20 18:06:31,150 INFO L290 TraceCheckUtils]: 34: Hoare triple {1628#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {1628#false} is VALID [2022-02-20 18:06:31,150 INFO L290 TraceCheckUtils]: 35: Hoare triple {1628#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {1628#false} is VALID [2022-02-20 18:06:31,150 INFO L290 TraceCheckUtils]: 36: Hoare triple {1628#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {1628#false} is VALID [2022-02-20 18:06:31,150 INFO L290 TraceCheckUtils]: 37: Hoare triple {1628#false} assume !false; {1628#false} is VALID [2022-02-20 18:06:31,150 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:31,150 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:31,151 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:31,151 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2080477349] [2022-02-20 18:06:31,151 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2080477349] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:31,151 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:31,151 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:06:31,151 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1595176528] [2022-02-20 18:06:31,151 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:31,152 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 4 states have call predecessors, (4), 3 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 38 [2022-02-20 18:06:31,152 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:31,152 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 4 states have call predecessors, (4), 3 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:31,182 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 38 edges. 38 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:31,182 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:31,182 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:31,183 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:31,183 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=19, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:31,183 INFO L87 Difference]: Start difference. First operand 67 states and 85 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 4 states have call predecessors, (4), 3 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:31,689 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:31,689 INFO L93 Difference]: Finished difference Result 195 states and 247 transitions. [2022-02-20 18:06:31,689 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:31,689 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 4 states have call predecessors, (4), 3 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) Word has length 38 [2022-02-20 18:06:31,690 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:31,690 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 4 states have call predecessors, (4), 3 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:31,694 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 247 transitions. [2022-02-20 18:06:31,695 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 4 states have call predecessors, (4), 3 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:31,699 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 247 transitions. [2022-02-20 18:06:31,699 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 247 transitions. [2022-02-20 18:06:31,888 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 247 edges. 247 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:31,895 INFO L225 Difference]: With dead ends: 195 [2022-02-20 18:06:31,895 INFO L226 Difference]: Without dead ends: 135 [2022-02-20 18:06:31,900 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 38 GetRequests, 33 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=15, Invalid=27, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:06:31,904 INFO L933 BasicCegarLoop]: 123 mSDtfsCounter, 146 mSDsluCounter, 206 mSDsCounter, 0 mSdLazyCounter, 139 mSolverCounterSat, 35 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 154 SdHoareTripleChecker+Valid, 329 SdHoareTripleChecker+Invalid, 174 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 35 IncrementalHoareTripleChecker+Valid, 139 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:31,905 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [154 Valid, 329 Invalid, 174 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [35 Valid, 139 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:06:31,907 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 135 states. [2022-02-20 18:06:31,914 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 135 to 129. [2022-02-20 18:06:31,917 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:31,918 INFO L82 GeneralOperation]: Start isEquivalent. First operand 135 states. Second operand has 129 states, 98 states have (on average 1.2551020408163265) internal successors, (123), 105 states have internal predecessors, (123), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:31,919 INFO L74 IsIncluded]: Start isIncluded. First operand 135 states. Second operand has 129 states, 98 states have (on average 1.2551020408163265) internal successors, (123), 105 states have internal predecessors, (123), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:31,920 INFO L87 Difference]: Start difference. First operand 135 states. Second operand has 129 states, 98 states have (on average 1.2551020408163265) internal successors, (123), 105 states have internal predecessors, (123), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:31,923 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:31,924 INFO L93 Difference]: Finished difference Result 135 states and 159 transitions. [2022-02-20 18:06:31,924 INFO L276 IsEmpty]: Start isEmpty. Operand 135 states and 159 transitions. [2022-02-20 18:06:31,924 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:31,924 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:31,924 INFO L74 IsIncluded]: Start isIncluded. First operand has 129 states, 98 states have (on average 1.2551020408163265) internal successors, (123), 105 states have internal predecessors, (123), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) Second operand 135 states. [2022-02-20 18:06:31,926 INFO L87 Difference]: Start difference. First operand has 129 states, 98 states have (on average 1.2551020408163265) internal successors, (123), 105 states have internal predecessors, (123), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) Second operand 135 states. [2022-02-20 18:06:31,931 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:31,931 INFO L93 Difference]: Finished difference Result 135 states and 159 transitions. [2022-02-20 18:06:31,931 INFO L276 IsEmpty]: Start isEmpty. Operand 135 states and 159 transitions. [2022-02-20 18:06:31,931 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:31,931 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:31,931 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:31,931 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:31,932 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 129 states, 98 states have (on average 1.2551020408163265) internal successors, (123), 105 states have internal predecessors, (123), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:31,935 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 129 states to 129 states and 156 transitions. [2022-02-20 18:06:31,935 INFO L78 Accepts]: Start accepts. Automaton has 129 states and 156 transitions. Word has length 38 [2022-02-20 18:06:31,936 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:31,937 INFO L470 AbstractCegarLoop]: Abstraction has 129 states and 156 transitions. [2022-02-20 18:06:31,938 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 5 states have internal predecessors, (31), 3 states have call successors, (4), 4 states have call predecessors, (4), 3 states have return successors, (3), 2 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:06:31,938 INFO L276 IsEmpty]: Start isEmpty. Operand 129 states and 156 transitions. [2022-02-20 18:06:31,941 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:06:31,941 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:31,941 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:31,949 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:32,147 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:32,148 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:32,148 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:32,148 INFO L85 PathProgramCache]: Analyzing trace with hash 1939232781, now seen corresponding path program 1 times [2022-02-20 18:06:32,149 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:32,149 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2128728211] [2022-02-20 18:06:32,149 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:32,149 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:32,149 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:32,150 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:32,152 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-02-20 18:06:32,190 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:32,197 INFO L263 TraceCheckSpWp]: Trace formula consists of 172 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:06:32,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:32,206 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:32,288 INFO L290 TraceCheckUtils]: 0: Hoare triple {2469#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {2469#true} is VALID [2022-02-20 18:06:32,289 INFO L290 TraceCheckUtils]: 1: Hoare triple {2469#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {2469#true} is VALID [2022-02-20 18:06:32,289 INFO L290 TraceCheckUtils]: 2: Hoare triple {2469#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2469#true} is VALID [2022-02-20 18:06:32,289 INFO L290 TraceCheckUtils]: 3: Hoare triple {2469#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {2469#true} is VALID [2022-02-20 18:06:32,289 INFO L290 TraceCheckUtils]: 4: Hoare triple {2469#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {2469#true} is VALID [2022-02-20 18:06:32,289 INFO L290 TraceCheckUtils]: 5: Hoare triple {2469#true} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {2469#true} is VALID [2022-02-20 18:06:32,289 INFO L290 TraceCheckUtils]: 6: Hoare triple {2469#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {2469#true} is VALID [2022-02-20 18:06:32,289 INFO L290 TraceCheckUtils]: 7: Hoare triple {2469#true} assume !false; {2469#true} is VALID [2022-02-20 18:06:32,290 INFO L290 TraceCheckUtils]: 8: Hoare triple {2469#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {2469#true} is VALID [2022-02-20 18:06:32,290 INFO L290 TraceCheckUtils]: 9: Hoare triple {2469#true} test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {2469#true} is VALID [2022-02-20 18:06:32,290 INFO L290 TraceCheckUtils]: 10: Hoare triple {2469#true} assume !(0bv32 != test_~tmp~8#1); {2469#true} is VALID [2022-02-20 18:06:32,290 INFO L290 TraceCheckUtils]: 11: Hoare triple {2469#true} test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {2469#true} is VALID [2022-02-20 18:06:32,290 INFO L290 TraceCheckUtils]: 12: Hoare triple {2469#true} assume !(0bv32 != test_~tmp___0~2#1); {2469#true} is VALID [2022-02-20 18:06:32,290 INFO L290 TraceCheckUtils]: 13: Hoare triple {2469#true} test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {2469#true} is VALID [2022-02-20 18:06:32,290 INFO L290 TraceCheckUtils]: 14: Hoare triple {2469#true} assume 0bv32 != test_~tmp___2~0#1; {2469#true} is VALID [2022-02-20 18:06:32,291 INFO L272 TraceCheckUtils]: 15: Hoare triple {2469#true} call timeShift(); {2469#true} is VALID [2022-02-20 18:06:32,291 INFO L290 TraceCheckUtils]: 16: Hoare triple {2469#true} assume !(0bv32 != ~pumpRunning~0); {2469#true} is VALID [2022-02-20 18:06:32,291 INFO L290 TraceCheckUtils]: 17: Hoare triple {2469#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {2469#true} is VALID [2022-02-20 18:06:32,291 INFO L290 TraceCheckUtils]: 18: Hoare triple {2469#true} assume !(0bv32 != ~pumpRunning~0); {2469#true} is VALID [2022-02-20 18:06:32,291 INFO L272 TraceCheckUtils]: 19: Hoare triple {2469#true} call processEnvironment__wrappee__highWaterSensor(); {2469#true} is VALID [2022-02-20 18:06:32,291 INFO L290 TraceCheckUtils]: 20: Hoare triple {2469#true} havoc ~tmp~5#1; {2469#true} is VALID [2022-02-20 18:06:32,291 INFO L290 TraceCheckUtils]: 21: Hoare triple {2469#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {2469#true} is VALID [2022-02-20 18:06:32,297 INFO L290 TraceCheckUtils]: 22: Hoare triple {2469#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {2540#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:06:32,298 INFO L290 TraceCheckUtils]: 23: Hoare triple {2540#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| (_ bv1 32))} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {2544#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~7#1| (_ bv1 32))} is VALID [2022-02-20 18:06:32,298 INFO L290 TraceCheckUtils]: 24: Hoare triple {2544#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~7#1| (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1bv32; {2470#false} is VALID [2022-02-20 18:06:32,298 INFO L290 TraceCheckUtils]: 25: Hoare triple {2470#false} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {2470#false} is VALID [2022-02-20 18:06:32,298 INFO L290 TraceCheckUtils]: 26: Hoare triple {2470#false} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {2470#false} is VALID [2022-02-20 18:06:32,299 INFO L290 TraceCheckUtils]: 27: Hoare triple {2470#false} assume 0bv32 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {2470#false} is VALID [2022-02-20 18:06:32,299 INFO L290 TraceCheckUtils]: 28: Hoare triple {2470#false} assume { :end_inline_activatePump } true; {2470#false} is VALID [2022-02-20 18:06:32,299 INFO L290 TraceCheckUtils]: 29: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:06:32,299 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {2470#false} {2469#true} #223#return; {2470#false} is VALID [2022-02-20 18:06:32,299 INFO L290 TraceCheckUtils]: 31: Hoare triple {2470#false} assume { :end_inline_processEnvironment } true; {2470#false} is VALID [2022-02-20 18:06:32,299 INFO L290 TraceCheckUtils]: 32: Hoare triple {2470#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {2470#false} is VALID [2022-02-20 18:06:32,299 INFO L272 TraceCheckUtils]: 33: Hoare triple {2470#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L290 TraceCheckUtils]: 34: Hoare triple {2470#false} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L290 TraceCheckUtils]: 35: Hoare triple {2470#false} assume true; {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {2470#false} {2470#false} #225#return; {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L290 TraceCheckUtils]: 37: Hoare triple {2470#false} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L290 TraceCheckUtils]: 38: Hoare triple {2470#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L290 TraceCheckUtils]: 39: Hoare triple {2470#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L290 TraceCheckUtils]: 40: Hoare triple {2470#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {2470#false} is VALID [2022-02-20 18:06:32,300 INFO L290 TraceCheckUtils]: 41: Hoare triple {2470#false} assume !false; {2470#false} is VALID [2022-02-20 18:06:32,301 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:32,301 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:32,301 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:32,301 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2128728211] [2022-02-20 18:06:32,301 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2128728211] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:32,301 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:32,301 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:06:32,302 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2138344239] [2022-02-20 18:06:32,302 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:32,302 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:32,302 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:32,303 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 9.25) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:32,329 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:32,329 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:06:32,329 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:32,329 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:06:32,330 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:06:32,330 INFO L87 Difference]: Start difference. First operand 129 states and 156 transitions. Second operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:32,490 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:32,490 INFO L93 Difference]: Finished difference Result 262 states and 323 transitions. [2022-02-20 18:06:32,490 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:06:32,491 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:32,491 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:32,491 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:32,493 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 177 transitions. [2022-02-20 18:06:32,493 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 9.25) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:32,495 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 177 transitions. [2022-02-20 18:06:32,495 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 177 transitions. [2022-02-20 18:06:32,606 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 177 edges. 177 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:32,608 INFO L225 Difference]: With dead ends: 262 [2022-02-20 18:06:32,609 INFO L226 Difference]: Without dead ends: 140 [2022-02-20 18:06:32,609 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 42 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:06:32,610 INFO L933 BasicCegarLoop]: 84 mSDtfsCounter, 15 mSDsluCounter, 162 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 2 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 246 SdHoareTripleChecker+Invalid, 11 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 2 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:32,610 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 246 Invalid, 11 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [2 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:32,610 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 140 states. [2022-02-20 18:06:32,618 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 140 to 131. [2022-02-20 18:06:32,618 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:32,618 INFO L82 GeneralOperation]: Start isEquivalent. First operand 140 states. Second operand has 131 states, 100 states have (on average 1.25) internal successors, (125), 107 states have internal predecessors, (125), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:32,619 INFO L74 IsIncluded]: Start isIncluded. First operand 140 states. Second operand has 131 states, 100 states have (on average 1.25) internal successors, (125), 107 states have internal predecessors, (125), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:32,619 INFO L87 Difference]: Start difference. First operand 140 states. Second operand has 131 states, 100 states have (on average 1.25) internal successors, (125), 107 states have internal predecessors, (125), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:32,622 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:32,622 INFO L93 Difference]: Finished difference Result 140 states and 169 transitions. [2022-02-20 18:06:32,622 INFO L276 IsEmpty]: Start isEmpty. Operand 140 states and 169 transitions. [2022-02-20 18:06:32,622 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:32,622 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:32,623 INFO L74 IsIncluded]: Start isIncluded. First operand has 131 states, 100 states have (on average 1.25) internal successors, (125), 107 states have internal predecessors, (125), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) Second operand 140 states. [2022-02-20 18:06:32,623 INFO L87 Difference]: Start difference. First operand has 131 states, 100 states have (on average 1.25) internal successors, (125), 107 states have internal predecessors, (125), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) Second operand 140 states. [2022-02-20 18:06:32,626 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:32,626 INFO L93 Difference]: Finished difference Result 140 states and 169 transitions. [2022-02-20 18:06:32,626 INFO L276 IsEmpty]: Start isEmpty. Operand 140 states and 169 transitions. [2022-02-20 18:06:32,626 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:32,626 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:32,627 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:32,627 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:32,627 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 131 states, 100 states have (on average 1.25) internal successors, (125), 107 states have internal predecessors, (125), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:32,629 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 131 states to 131 states and 158 transitions. [2022-02-20 18:06:32,630 INFO L78 Accepts]: Start accepts. Automaton has 131 states and 158 transitions. Word has length 42 [2022-02-20 18:06:32,630 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:32,630 INFO L470 AbstractCegarLoop]: Abstraction has 131 states and 158 transitions. [2022-02-20 18:06:32,630 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 9.25) internal successors, (37), 4 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:32,630 INFO L276 IsEmpty]: Start isEmpty. Operand 131 states and 158 transitions. [2022-02-20 18:06:32,630 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:06:32,630 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:32,631 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:32,651 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:32,837 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:32,837 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:32,838 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:32,838 INFO L85 PathProgramCache]: Analyzing trace with hash -361589809, now seen corresponding path program 1 times [2022-02-20 18:06:32,838 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:32,838 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1138582088] [2022-02-20 18:06:32,838 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:32,838 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:32,838 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:32,839 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:32,841 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Waiting until timeout for monitored process [2022-02-20 18:06:32,879 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:32,881 INFO L263 TraceCheckSpWp]: Trace formula consists of 172 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 18:06:32,889 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:32,889 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:32,967 INFO L290 TraceCheckUtils]: 0: Hoare triple {3427#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {3427#true} is VALID [2022-02-20 18:06:32,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {3427#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {3427#true} is VALID [2022-02-20 18:06:32,967 INFO L290 TraceCheckUtils]: 2: Hoare triple {3427#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3427#true} is VALID [2022-02-20 18:06:32,967 INFO L290 TraceCheckUtils]: 3: Hoare triple {3427#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {3427#true} is VALID [2022-02-20 18:06:32,967 INFO L290 TraceCheckUtils]: 4: Hoare triple {3427#true} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {3427#true} is VALID [2022-02-20 18:06:32,967 INFO L290 TraceCheckUtils]: 5: Hoare triple {3427#true} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 6: Hoare triple {3427#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 7: Hoare triple {3427#true} assume !false; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 8: Hoare triple {3427#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 9: Hoare triple {3427#true} test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 10: Hoare triple {3427#true} assume !(0bv32 != test_~tmp~8#1); {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 11: Hoare triple {3427#true} test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 12: Hoare triple {3427#true} assume !(0bv32 != test_~tmp___0~2#1); {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 13: Hoare triple {3427#true} test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 14: Hoare triple {3427#true} assume 0bv32 != test_~tmp___2~0#1; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L272 TraceCheckUtils]: 15: Hoare triple {3427#true} call timeShift(); {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 16: Hoare triple {3427#true} assume !(0bv32 != ~pumpRunning~0); {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 17: Hoare triple {3427#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L290 TraceCheckUtils]: 18: Hoare triple {3427#true} assume !(0bv32 != ~pumpRunning~0); {3427#true} is VALID [2022-02-20 18:06:32,968 INFO L272 TraceCheckUtils]: 19: Hoare triple {3427#true} call processEnvironment__wrappee__highWaterSensor(); {3427#true} is VALID [2022-02-20 18:06:32,969 INFO L290 TraceCheckUtils]: 20: Hoare triple {3427#true} havoc ~tmp~5#1; {3427#true} is VALID [2022-02-20 18:06:32,969 INFO L290 TraceCheckUtils]: 21: Hoare triple {3427#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {3427#true} is VALID [2022-02-20 18:06:32,969 INFO L290 TraceCheckUtils]: 22: Hoare triple {3427#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {3427#true} is VALID [2022-02-20 18:06:32,969 INFO L290 TraceCheckUtils]: 23: Hoare triple {3427#true} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {3427#true} is VALID [2022-02-20 18:06:32,969 INFO L290 TraceCheckUtils]: 24: Hoare triple {3427#true} assume 0bv32 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0bv32; {3504#(= (_ bv0 32) |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1|)} is VALID [2022-02-20 18:06:32,970 INFO L290 TraceCheckUtils]: 25: Hoare triple {3504#(= (_ bv0 32) |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~1#1|)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {3508#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:06:32,970 INFO L290 TraceCheckUtils]: 26: Hoare triple {3508#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| (_ bv0 32))} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {3512#(= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| (_ bv0 32))} is VALID [2022-02-20 18:06:32,970 INFO L290 TraceCheckUtils]: 27: Hoare triple {3512#(= |processEnvironment__wrappee__highWaterSensor_~tmp~5#1| (_ bv0 32))} assume 0bv32 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 28: Hoare triple {3428#false} assume { :end_inline_activatePump } true; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 29: Hoare triple {3428#false} assume true; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {3428#false} {3427#true} #223#return; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 31: Hoare triple {3428#false} assume { :end_inline_processEnvironment } true; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 32: Hoare triple {3428#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L272 TraceCheckUtils]: 33: Hoare triple {3428#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 34: Hoare triple {3428#false} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 35: Hoare triple {3428#false} assume true; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {3428#false} {3428#false} #225#return; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 37: Hoare triple {3428#false} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 38: Hoare triple {3428#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {3428#false} is VALID [2022-02-20 18:06:32,971 INFO L290 TraceCheckUtils]: 39: Hoare triple {3428#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {3428#false} is VALID [2022-02-20 18:06:32,972 INFO L290 TraceCheckUtils]: 40: Hoare triple {3428#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {3428#false} is VALID [2022-02-20 18:06:32,972 INFO L290 TraceCheckUtils]: 41: Hoare triple {3428#false} assume !false; {3428#false} is VALID [2022-02-20 18:06:32,972 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:32,972 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:32,972 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:32,972 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1138582088] [2022-02-20 18:06:32,972 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1138582088] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:32,972 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:32,972 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:06:32,972 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1189497394] [2022-02-20 18:06:32,974 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:32,974 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:32,974 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:32,974 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,001 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:33,001 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:06:33,001 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:33,001 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:06:33,001 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:06:33,002 INFO L87 Difference]: Start difference. First operand 131 states and 158 transitions. Second operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,191 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:33,192 INFO L93 Difference]: Finished difference Result 261 states and 319 transitions. [2022-02-20 18:06:33,192 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:06:33,192 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:33,192 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:33,192 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,194 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 175 transitions. [2022-02-20 18:06:33,194 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,196 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 175 transitions. [2022-02-20 18:06:33,196 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 175 transitions. [2022-02-20 18:06:33,310 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 175 edges. 175 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:33,312 INFO L225 Difference]: With dead ends: 261 [2022-02-20 18:06:33,312 INFO L226 Difference]: Without dead ends: 137 [2022-02-20 18:06:33,312 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 43 GetRequests, 38 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:06:33,313 INFO L933 BasicCegarLoop]: 85 mSDtfsCounter, 10 mSDsluCounter, 247 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 11 SdHoareTripleChecker+Valid, 332 SdHoareTripleChecker+Invalid, 17 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:33,313 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [11 Valid, 332 Invalid, 17 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:33,313 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 137 states. [2022-02-20 18:06:33,319 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 137 to 134. [2022-02-20 18:06:33,319 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:33,320 INFO L82 GeneralOperation]: Start isEquivalent. First operand 137 states. Second operand has 134 states, 103 states have (on average 1.2427184466019416) internal successors, (128), 110 states have internal predecessors, (128), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:33,320 INFO L74 IsIncluded]: Start isIncluded. First operand 137 states. Second operand has 134 states, 103 states have (on average 1.2427184466019416) internal successors, (128), 110 states have internal predecessors, (128), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:33,320 INFO L87 Difference]: Start difference. First operand 137 states. Second operand has 134 states, 103 states have (on average 1.2427184466019416) internal successors, (128), 110 states have internal predecessors, (128), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:33,331 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:33,331 INFO L93 Difference]: Finished difference Result 137 states and 165 transitions. [2022-02-20 18:06:33,331 INFO L276 IsEmpty]: Start isEmpty. Operand 137 states and 165 transitions. [2022-02-20 18:06:33,332 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:33,332 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:33,332 INFO L74 IsIncluded]: Start isIncluded. First operand has 134 states, 103 states have (on average 1.2427184466019416) internal successors, (128), 110 states have internal predecessors, (128), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) Second operand 137 states. [2022-02-20 18:06:33,333 INFO L87 Difference]: Start difference. First operand has 134 states, 103 states have (on average 1.2427184466019416) internal successors, (128), 110 states have internal predecessors, (128), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) Second operand 137 states. [2022-02-20 18:06:33,335 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:33,336 INFO L93 Difference]: Finished difference Result 137 states and 165 transitions. [2022-02-20 18:06:33,336 INFO L276 IsEmpty]: Start isEmpty. Operand 137 states and 165 transitions. [2022-02-20 18:06:33,336 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:33,337 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:33,337 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:33,337 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:33,337 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 134 states, 103 states have (on average 1.2427184466019416) internal successors, (128), 110 states have internal predecessors, (128), 15 states have call successors, (15), 12 states have call predecessors, (15), 15 states have return successors, (18), 16 states have call predecessors, (18), 15 states have call successors, (18) [2022-02-20 18:06:33,339 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 134 states to 134 states and 161 transitions. [2022-02-20 18:06:33,340 INFO L78 Accepts]: Start accepts. Automaton has 134 states and 161 transitions. Word has length 42 [2022-02-20 18:06:33,340 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:33,340 INFO L470 AbstractCegarLoop]: Abstraction has 134 states and 161 transitions. [2022-02-20 18:06:33,340 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 7.4) internal successors, (37), 5 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,340 INFO L276 IsEmpty]: Start isEmpty. Operand 134 states and 161 transitions. [2022-02-20 18:06:33,340 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 43 [2022-02-20 18:06:33,340 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:33,341 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:33,348 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:33,548 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:33,548 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:33,548 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:33,548 INFO L85 PathProgramCache]: Analyzing trace with hash 1121584331, now seen corresponding path program 1 times [2022-02-20 18:06:33,549 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:33,549 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [455087679] [2022-02-20 18:06:33,549 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:33,549 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:33,549 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:33,550 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:33,551 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-02-20 18:06:33,591 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:33,593 INFO L263 TraceCheckSpWp]: Trace formula consists of 172 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:06:33,601 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:33,602 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:33,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {4385#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,710 INFO L290 TraceCheckUtils]: 1: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,710 INFO L290 TraceCheckUtils]: 2: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,710 INFO L290 TraceCheckUtils]: 3: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,711 INFO L290 TraceCheckUtils]: 4: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,711 INFO L290 TraceCheckUtils]: 5: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,714 INFO L290 TraceCheckUtils]: 6: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,715 INFO L290 TraceCheckUtils]: 7: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume !false; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,715 INFO L290 TraceCheckUtils]: 8: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,715 INFO L290 TraceCheckUtils]: 9: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,716 INFO L290 TraceCheckUtils]: 10: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~8#1); {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,716 INFO L290 TraceCheckUtils]: 11: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,716 INFO L290 TraceCheckUtils]: 12: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp___0~2#1); {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,716 INFO L290 TraceCheckUtils]: 13: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,717 INFO L290 TraceCheckUtils]: 14: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,717 INFO L272 TraceCheckUtils]: 15: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} call timeShift(); {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,717 INFO L290 TraceCheckUtils]: 16: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,718 INFO L290 TraceCheckUtils]: 17: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,718 INFO L290 TraceCheckUtils]: 18: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,718 INFO L272 TraceCheckUtils]: 19: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} call processEnvironment__wrappee__highWaterSensor(); {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,719 INFO L290 TraceCheckUtils]: 20: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} havoc ~tmp~5#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,719 INFO L290 TraceCheckUtils]: 21: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {4390#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:06:33,719 INFO L290 TraceCheckUtils]: 22: Hoare triple {4390#(= ~waterLevel~0 (_ bv1 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {4386#false} is VALID [2022-02-20 18:06:33,719 INFO L290 TraceCheckUtils]: 23: Hoare triple {4386#false} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {4386#false} is VALID [2022-02-20 18:06:33,719 INFO L290 TraceCheckUtils]: 24: Hoare triple {4386#false} assume !(0bv32 != isHighWaterLevel_~tmp~7#1);isHighWaterLevel_~tmp___0~1#1 := 1bv32; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 25: Hoare triple {4386#false} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 26: Hoare triple {4386#false} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 27: Hoare triple {4386#false} assume 0bv32 != ~tmp~5#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1bv32; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 28: Hoare triple {4386#false} assume { :end_inline_activatePump } true; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 29: Hoare triple {4386#false} assume true; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {4386#false} {4390#(= ~waterLevel~0 (_ bv1 32))} #223#return; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 31: Hoare triple {4386#false} assume { :end_inline_processEnvironment } true; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 32: Hoare triple {4386#false} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L272 TraceCheckUtils]: 33: Hoare triple {4386#false} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 34: Hoare triple {4386#false} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 35: Hoare triple {4386#false} assume true; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4386#false} {4386#false} #225#return; {4386#false} is VALID [2022-02-20 18:06:33,720 INFO L290 TraceCheckUtils]: 37: Hoare triple {4386#false} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {4386#false} is VALID [2022-02-20 18:06:33,721 INFO L290 TraceCheckUtils]: 38: Hoare triple {4386#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {4386#false} is VALID [2022-02-20 18:06:33,721 INFO L290 TraceCheckUtils]: 39: Hoare triple {4386#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {4386#false} is VALID [2022-02-20 18:06:33,721 INFO L290 TraceCheckUtils]: 40: Hoare triple {4386#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {4386#false} is VALID [2022-02-20 18:06:33,721 INFO L290 TraceCheckUtils]: 41: Hoare triple {4386#false} assume !false; {4386#false} is VALID [2022-02-20 18:06:33,721 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:33,721 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:33,721 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:33,721 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [455087679] [2022-02-20 18:06:33,721 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [455087679] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:33,721 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:33,721 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:06:33,721 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [606996723] [2022-02-20 18:06:33,721 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:33,722 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 2 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:33,722 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:33,722 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 2 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,749 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 42 edges. 42 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:33,749 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:06:33,749 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:33,749 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:06:33,749 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:33,750 INFO L87 Difference]: Start difference. First operand 134 states and 161 transitions. Second operand has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 2 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,868 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:33,869 INFO L93 Difference]: Finished difference Result 309 states and 377 transitions. [2022-02-20 18:06:33,869 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:06:33,869 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 2 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) Word has length 42 [2022-02-20 18:06:33,869 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:33,869 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 2 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 223 transitions. [2022-02-20 18:06:33,871 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 2 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:33,873 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 223 transitions. [2022-02-20 18:06:33,873 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 223 transitions. [2022-02-20 18:06:34,021 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 223 edges. 223 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:34,024 INFO L225 Difference]: With dead ends: 309 [2022-02-20 18:06:34,024 INFO L226 Difference]: Without dead ends: 182 [2022-02-20 18:06:34,024 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 41 GetRequests, 40 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:06:34,025 INFO L933 BasicCegarLoop]: 89 mSDtfsCounter, 38 mSDsluCounter, 73 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 38 SdHoareTripleChecker+Valid, 162 SdHoareTripleChecker+Invalid, 9 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:34,025 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [38 Valid, 162 Invalid, 9 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:34,025 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 182 states. [2022-02-20 18:06:34,032 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 182 to 180. [2022-02-20 18:06:34,032 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:34,033 INFO L82 GeneralOperation]: Start isEquivalent. First operand 182 states. Second operand has 180 states, 138 states have (on average 1.2318840579710144) internal successors, (170), 146 states have internal predecessors, (170), 21 states have call successors, (21), 18 states have call predecessors, (21), 20 states have return successors, (24), 21 states have call predecessors, (24), 21 states have call successors, (24) [2022-02-20 18:06:34,033 INFO L74 IsIncluded]: Start isIncluded. First operand 182 states. Second operand has 180 states, 138 states have (on average 1.2318840579710144) internal successors, (170), 146 states have internal predecessors, (170), 21 states have call successors, (21), 18 states have call predecessors, (21), 20 states have return successors, (24), 21 states have call predecessors, (24), 21 states have call successors, (24) [2022-02-20 18:06:34,033 INFO L87 Difference]: Start difference. First operand 182 states. Second operand has 180 states, 138 states have (on average 1.2318840579710144) internal successors, (170), 146 states have internal predecessors, (170), 21 states have call successors, (21), 18 states have call predecessors, (21), 20 states have return successors, (24), 21 states have call predecessors, (24), 21 states have call successors, (24) [2022-02-20 18:06:34,037 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:34,037 INFO L93 Difference]: Finished difference Result 182 states and 216 transitions. [2022-02-20 18:06:34,037 INFO L276 IsEmpty]: Start isEmpty. Operand 182 states and 216 transitions. [2022-02-20 18:06:34,037 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:34,037 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:34,038 INFO L74 IsIncluded]: Start isIncluded. First operand has 180 states, 138 states have (on average 1.2318840579710144) internal successors, (170), 146 states have internal predecessors, (170), 21 states have call successors, (21), 18 states have call predecessors, (21), 20 states have return successors, (24), 21 states have call predecessors, (24), 21 states have call successors, (24) Second operand 182 states. [2022-02-20 18:06:34,038 INFO L87 Difference]: Start difference. First operand has 180 states, 138 states have (on average 1.2318840579710144) internal successors, (170), 146 states have internal predecessors, (170), 21 states have call successors, (21), 18 states have call predecessors, (21), 20 states have return successors, (24), 21 states have call predecessors, (24), 21 states have call successors, (24) Second operand 182 states. [2022-02-20 18:06:34,042 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:34,042 INFO L93 Difference]: Finished difference Result 182 states and 216 transitions. [2022-02-20 18:06:34,042 INFO L276 IsEmpty]: Start isEmpty. Operand 182 states and 216 transitions. [2022-02-20 18:06:34,042 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:34,042 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:34,042 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:34,042 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:34,043 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 180 states, 138 states have (on average 1.2318840579710144) internal successors, (170), 146 states have internal predecessors, (170), 21 states have call successors, (21), 18 states have call predecessors, (21), 20 states have return successors, (24), 21 states have call predecessors, (24), 21 states have call successors, (24) [2022-02-20 18:06:34,046 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 180 states to 180 states and 215 transitions. [2022-02-20 18:06:34,046 INFO L78 Accepts]: Start accepts. Automaton has 180 states and 215 transitions. Word has length 42 [2022-02-20 18:06:34,046 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:34,046 INFO L470 AbstractCegarLoop]: Abstraction has 180 states and 215 transitions. [2022-02-20 18:06:34,047 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 12.333333333333334) internal successors, (37), 2 states have internal predecessors, (37), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:06:34,047 INFO L276 IsEmpty]: Start isEmpty. Operand 180 states and 215 transitions. [2022-02-20 18:06:34,049 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 45 [2022-02-20 18:06:34,049 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:34,049 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:34,058 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:34,256 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:34,256 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:34,256 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:34,256 INFO L85 PathProgramCache]: Analyzing trace with hash 1480072959, now seen corresponding path program 1 times [2022-02-20 18:06:34,257 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:34,257 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [541864289] [2022-02-20 18:06:34,257 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:34,257 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:34,257 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:34,258 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:34,260 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-02-20 18:06:34,300 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:34,312 INFO L263 TraceCheckSpWp]: Trace formula consists of 175 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:06:34,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:34,330 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:34,513 INFO L290 TraceCheckUtils]: 0: Hoare triple {5557#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,513 INFO L290 TraceCheckUtils]: 1: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,514 INFO L290 TraceCheckUtils]: 2: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,514 INFO L290 TraceCheckUtils]: 3: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,519 INFO L290 TraceCheckUtils]: 4: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,519 INFO L290 TraceCheckUtils]: 5: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,520 INFO L290 TraceCheckUtils]: 6: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,520 INFO L290 TraceCheckUtils]: 7: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !false; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,520 INFO L290 TraceCheckUtils]: 8: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,521 INFO L290 TraceCheckUtils]: 9: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,521 INFO L290 TraceCheckUtils]: 10: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp~8#1); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,521 INFO L290 TraceCheckUtils]: 11: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,521 INFO L290 TraceCheckUtils]: 12: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp___0~2#1); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,522 INFO L290 TraceCheckUtils]: 13: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,522 INFO L290 TraceCheckUtils]: 14: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != test_~tmp___2~0#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,523 INFO L272 TraceCheckUtils]: 15: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} call timeShift(); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,523 INFO L290 TraceCheckUtils]: 16: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~pumpRunning~0); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,523 INFO L290 TraceCheckUtils]: 17: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,523 INFO L290 TraceCheckUtils]: 18: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~pumpRunning~0); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,524 INFO L272 TraceCheckUtils]: 19: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} call processEnvironment__wrappee__highWaterSensor(); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,524 INFO L290 TraceCheckUtils]: 20: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} havoc ~tmp~5#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,524 INFO L290 TraceCheckUtils]: 21: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,525 INFO L290 TraceCheckUtils]: 22: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,525 INFO L290 TraceCheckUtils]: 23: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,525 INFO L290 TraceCheckUtils]: 24: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0bv32; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,526 INFO L290 TraceCheckUtils]: 25: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,526 INFO L290 TraceCheckUtils]: 26: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,526 INFO L290 TraceCheckUtils]: 27: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~tmp~5#1); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,527 INFO L272 TraceCheckUtils]: 28: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} call processEnvironment__wrappee__base(); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,527 INFO L290 TraceCheckUtils]: 29: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume true; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,528 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} #239#return; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,528 INFO L290 TraceCheckUtils]: 31: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume true; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,528 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} #223#return; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,529 INFO L290 TraceCheckUtils]: 33: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_processEnvironment } true; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,529 INFO L290 TraceCheckUtils]: 34: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,529 INFO L272 TraceCheckUtils]: 35: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:06:34,530 INFO L290 TraceCheckUtils]: 36: Hoare triple {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {5671#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} is VALID [2022-02-20 18:06:34,530 INFO L290 TraceCheckUtils]: 37: Hoare triple {5671#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} assume true; {5671#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} is VALID [2022-02-20 18:06:34,531 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {5671#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} {5562#(= ~methaneLevelCritical~0 (_ bv0 32))} #225#return; {5678#(= (_ bv0 32) |timeShift___utac_acc__Specification1_spec__1_#t~ret28#1|)} is VALID [2022-02-20 18:06:34,531 INFO L290 TraceCheckUtils]: 39: Hoare triple {5678#(= (_ bv0 32) |timeShift___utac_acc__Specification1_spec__1_#t~ret28#1|)} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {5682#(= (_ bv0 32) |timeShift___utac_acc__Specification1_spec__1_~tmp~4#1|)} is VALID [2022-02-20 18:06:34,532 INFO L290 TraceCheckUtils]: 40: Hoare triple {5682#(= (_ bv0 32) |timeShift___utac_acc__Specification1_spec__1_~tmp~4#1|)} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {5558#false} is VALID [2022-02-20 18:06:34,532 INFO L290 TraceCheckUtils]: 41: Hoare triple {5558#false} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {5558#false} is VALID [2022-02-20 18:06:34,533 INFO L290 TraceCheckUtils]: 42: Hoare triple {5558#false} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {5558#false} is VALID [2022-02-20 18:06:34,533 INFO L290 TraceCheckUtils]: 43: Hoare triple {5558#false} assume !false; {5558#false} is VALID [2022-02-20 18:06:34,533 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:34,533 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:34,533 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:34,533 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [541864289] [2022-02-20 18:06:34,533 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [541864289] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:34,534 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:34,534 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:06:34,534 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1498414901] [2022-02-20 18:06:34,534 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:34,534 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 4 states have internal predecessors, (37), 1 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 44 [2022-02-20 18:06:34,535 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:34,535 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 4 states have internal predecessors, (37), 1 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:06:34,568 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 44 edges. 44 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:34,568 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:34,568 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:34,568 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:34,569 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:34,569 INFO L87 Difference]: Start difference. First operand 180 states and 215 transitions. Second operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 4 states have internal predecessors, (37), 1 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:06:34,871 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:34,880 INFO L93 Difference]: Finished difference Result 529 states and 641 transitions. [2022-02-20 18:06:34,880 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:06:34,881 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 4 states have internal predecessors, (37), 1 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) Word has length 44 [2022-02-20 18:06:34,881 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:34,881 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 4 states have internal predecessors, (37), 1 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:06:34,884 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 243 transitions. [2022-02-20 18:06:34,885 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 4 states have internal predecessors, (37), 1 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:06:34,903 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 243 transitions. [2022-02-20 18:06:34,903 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 243 transitions. [2022-02-20 18:06:35,102 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 243 edges. 243 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:35,111 INFO L225 Difference]: With dead ends: 529 [2022-02-20 18:06:35,111 INFO L226 Difference]: Without dead ends: 356 [2022-02-20 18:06:35,112 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 45 GetRequests, 39 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=18, Invalid=38, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:06:35,113 INFO L933 BasicCegarLoop]: 91 mSDtfsCounter, 43 mSDsluCounter, 309 mSDsCounter, 0 mSdLazyCounter, 38 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 46 SdHoareTripleChecker+Valid, 400 SdHoareTripleChecker+Invalid, 42 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 38 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:35,113 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [46 Valid, 400 Invalid, 42 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 38 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:06:35,114 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 356 states. [2022-02-20 18:06:35,128 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 356 to 341. [2022-02-20 18:06:35,129 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:35,133 INFO L82 GeneralOperation]: Start isEquivalent. First operand 356 states. Second operand has 341 states, 258 states have (on average 1.197674418604651) internal successors, (309), 273 states have internal predecessors, (309), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:35,135 INFO L74 IsIncluded]: Start isIncluded. First operand 356 states. Second operand has 341 states, 258 states have (on average 1.197674418604651) internal successors, (309), 273 states have internal predecessors, (309), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:35,136 INFO L87 Difference]: Start difference. First operand 356 states. Second operand has 341 states, 258 states have (on average 1.197674418604651) internal successors, (309), 273 states have internal predecessors, (309), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:35,144 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:35,144 INFO L93 Difference]: Finished difference Result 356 states and 417 transitions. [2022-02-20 18:06:35,144 INFO L276 IsEmpty]: Start isEmpty. Operand 356 states and 417 transitions. [2022-02-20 18:06:35,145 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:35,145 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:35,147 INFO L74 IsIncluded]: Start isIncluded. First operand has 341 states, 258 states have (on average 1.197674418604651) internal successors, (309), 273 states have internal predecessors, (309), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) Second operand 356 states. [2022-02-20 18:06:35,148 INFO L87 Difference]: Start difference. First operand has 341 states, 258 states have (on average 1.197674418604651) internal successors, (309), 273 states have internal predecessors, (309), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) Second operand 356 states. [2022-02-20 18:06:35,155 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:35,155 INFO L93 Difference]: Finished difference Result 356 states and 417 transitions. [2022-02-20 18:06:35,155 INFO L276 IsEmpty]: Start isEmpty. Operand 356 states and 417 transitions. [2022-02-20 18:06:35,155 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:35,156 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:35,156 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:35,156 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:35,156 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 341 states, 258 states have (on average 1.197674418604651) internal successors, (309), 273 states have internal predecessors, (309), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:35,163 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 341 states to 341 states and 402 transitions. [2022-02-20 18:06:35,163 INFO L78 Accepts]: Start accepts. Automaton has 341 states and 402 transitions. Word has length 44 [2022-02-20 18:06:35,164 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:35,164 INFO L470 AbstractCegarLoop]: Abstraction has 341 states and 402 transitions. [2022-02-20 18:06:35,164 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.166666666666667) internal successors, (37), 4 states have internal predecessors, (37), 1 states have call successors, (4), 1 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:06:35,164 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 402 transitions. [2022-02-20 18:06:35,164 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-02-20 18:06:35,164 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:35,164 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:35,181 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:35,371 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:35,372 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:35,372 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:35,372 INFO L85 PathProgramCache]: Analyzing trace with hash 934540643, now seen corresponding path program 1 times [2022-02-20 18:06:35,372 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:35,372 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1322441404] [2022-02-20 18:06:35,373 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:35,373 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:35,373 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:35,374 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:35,376 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-02-20 18:06:35,414 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:35,416 INFO L263 TraceCheckSpWp]: Trace formula consists of 182 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 18:06:35,425 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:06:35,427 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:06:35,578 INFO L290 TraceCheckUtils]: 0: Hoare triple {7618#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(30bv32, 4bv32);call #Ultimate.allocInit(9bv32, 5bv32);call #Ultimate.allocInit(21bv32, 6bv32);call #Ultimate.allocInit(30bv32, 7bv32);call #Ultimate.allocInit(9bv32, 8bv32);call #Ultimate.allocInit(21bv32, 9bv32);call #Ultimate.allocInit(30bv32, 10bv32);call #Ultimate.allocInit(9bv32, 11bv32);call #Ultimate.allocInit(25bv32, 12bv32);call #Ultimate.allocInit(30bv32, 13bv32);call #Ultimate.allocInit(9bv32, 14bv32);call #Ultimate.allocInit(25bv32, 15bv32);call #Ultimate.allocInit(13bv32, 16bv32);call #Ultimate.allocInit(3bv32, 17bv32);call write~init~intINTTYPE1(79bv8, 17bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 17bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 17bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 18bv32);call write~init~intINTTYPE1(79bv8, 18bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 18bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 18bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 19bv32);call write~init~intINTTYPE1(44bv8, 19bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 19bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 19bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 19bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 19bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 19bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 19bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 20bv32);call write~init~intINTTYPE1(79bv8, 20bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 20bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 20bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 21bv32);call write~init~intINTTYPE1(79bv8, 21bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 21bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 21bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 22bv32);call write~init~intINTTYPE1(41bv8, 22bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 22bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 22bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 23bv32);call write~init~intINTTYPE1(10bv8, 23bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 23bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 24bv32);call #Ultimate.allocInit(7bv32, 25bv32);call write~init~intINTTYPE1(44bv8, 25bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 25bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 25bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 25bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 25bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 25bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 25bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 26bv32);call write~init~intINTTYPE1(67bv8, 26bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 26bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 26bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 26bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 26bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 27bv32);call write~init~intINTTYPE1(79bv8, 27bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 27bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 27bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 28bv32);call write~init~intINTTYPE1(41bv8, 28bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 28bv32, 1bv32, 1bv32);~head~0.base, ~head~0.offset := 0bv32, 0bv32;~cleanupTimeShifts~0 := 4bv32;~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,579 INFO L290 TraceCheckUtils]: 1: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret27#1, main_~retValue_acc~3#1, main_~tmp~3#1;havoc main_~retValue_acc~3#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,579 INFO L290 TraceCheckUtils]: 2: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,579 INFO L290 TraceCheckUtils]: 3: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~5#1;havoc valid_product_~retValue_acc~5#1;valid_product_~retValue_acc~5#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~5#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,579 INFO L290 TraceCheckUtils]: 4: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} main_#t~ret27#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~3#1 := main_#t~ret27#1;havoc main_#t~ret27#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,580 INFO L290 TraceCheckUtils]: 5: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != main_~tmp~3#1;assume { :begin_inline_setup } true; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,580 INFO L290 TraceCheckUtils]: 6: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet43#1, test_#t~nondet44#1, test_#t~nondet45#1, test_#t~nondet46#1, test_~splverifierCounter~0#1, test_~tmp~8#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~8#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,580 INFO L290 TraceCheckUtils]: 7: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume !false; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,581 INFO L290 TraceCheckUtils]: 8: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,581 INFO L290 TraceCheckUtils]: 9: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp~8#1 := test_#t~nondet43#1;havoc test_#t~nondet43#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,581 INFO L290 TraceCheckUtils]: 10: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp~8#1); {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,582 INFO L290 TraceCheckUtils]: 11: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___0~2#1 := test_#t~nondet44#1;havoc test_#t~nondet44#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,582 INFO L290 TraceCheckUtils]: 12: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___0~2#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,582 INFO L272 TraceCheckUtils]: 13: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} call changeMethaneLevel(); {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,583 INFO L290 TraceCheckUtils]: 14: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,583 INFO L290 TraceCheckUtils]: 15: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume true; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,584 INFO L284 TraceCheckUtils]: 16: Hoare quadruple {7623#(= (_ bv0 32) ~pumpRunning~0)} {7623#(= (_ bv0 32) ~pumpRunning~0)} #233#return; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,584 INFO L290 TraceCheckUtils]: 17: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___2~0#1 := test_#t~nondet45#1;havoc test_#t~nondet45#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,584 INFO L290 TraceCheckUtils]: 18: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___2~0#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,585 INFO L272 TraceCheckUtils]: 19: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} call timeShift(); {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,585 INFO L290 TraceCheckUtils]: 20: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,585 INFO L290 TraceCheckUtils]: 21: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret32#1, processEnvironment_~tmp~6#1;havoc processEnvironment_~tmp~6#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,586 INFO L290 TraceCheckUtils]: 22: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,586 INFO L272 TraceCheckUtils]: 23: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} call processEnvironment__wrappee__highWaterSensor(); {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,587 INFO L290 TraceCheckUtils]: 24: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} havoc ~tmp~5#1; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,587 INFO L290 TraceCheckUtils]: 25: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret42#1, isHighWaterLevel_~retValue_acc~8#1, isHighWaterLevel_~tmp~7#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~8#1;havoc isHighWaterLevel_~tmp~7#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~11#1;havoc isHighWaterSensorDry_~retValue_acc~11#1; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,588 INFO L290 TraceCheckUtils]: 26: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~11#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~11#1; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,588 INFO L290 TraceCheckUtils]: 27: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} isHighWaterLevel_#t~ret42#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~7#1 := isHighWaterLevel_#t~ret42#1;havoc isHighWaterLevel_#t~ret42#1; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,588 INFO L290 TraceCheckUtils]: 28: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} assume 0bv32 != isHighWaterLevel_~tmp~7#1;isHighWaterLevel_~tmp___0~1#1 := 0bv32; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,589 INFO L290 TraceCheckUtils]: 29: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} isHighWaterLevel_~retValue_acc~8#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~8#1; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,589 INFO L290 TraceCheckUtils]: 30: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} #t~ret31#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;~tmp~5#1 := #t~ret31#1;havoc #t~ret31#1; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,589 INFO L290 TraceCheckUtils]: 31: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} assume !(0bv32 != ~tmp~5#1); {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,589 INFO L272 TraceCheckUtils]: 32: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} call processEnvironment__wrappee__base(); {7618#true} is VALID [2022-02-20 18:06:35,589 INFO L290 TraceCheckUtils]: 33: Hoare triple {7618#true} assume true; {7618#true} is VALID [2022-02-20 18:06:35,590 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {7618#true} {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} #239#return; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,590 INFO L290 TraceCheckUtils]: 35: Hoare triple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} assume true; {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,591 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {7693#(= |old(~pumpRunning~0)| ~pumpRunning~0)} {7623#(= (_ bv0 32) ~pumpRunning~0)} #223#return; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,591 INFO L290 TraceCheckUtils]: 37: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,591 INFO L290 TraceCheckUtils]: 38: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification1_spec__1 } true;havoc __utac_acc__Specification1_spec__1_#t~ret28#1, __utac_acc__Specification1_spec__1_#t~ret29#1, __utac_acc__Specification1_spec__1_~tmp~4#1, __utac_acc__Specification1_spec__1_~tmp___0~0#1;havoc __utac_acc__Specification1_spec__1_~tmp~4#1;havoc __utac_acc__Specification1_spec__1_~tmp___0~0#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,592 INFO L272 TraceCheckUtils]: 39: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} call __utac_acc__Specification1_spec__1_#t~ret28#1 := isMethaneLevelCritical(); {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,592 INFO L290 TraceCheckUtils]: 40: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,592 INFO L290 TraceCheckUtils]: 41: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume true; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,593 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {7623#(= (_ bv0 32) ~pumpRunning~0)} {7623#(= (_ bv0 32) ~pumpRunning~0)} #225#return; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,593 INFO L290 TraceCheckUtils]: 43: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} __utac_acc__Specification1_spec__1_~tmp~4#1 := __utac_acc__Specification1_spec__1_#t~ret28#1;havoc __utac_acc__Specification1_spec__1_#t~ret28#1; {7623#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:06:35,593 INFO L290 TraceCheckUtils]: 44: Hoare triple {7623#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~7#1;havoc isPumpRunning_~retValue_acc~7#1;isPumpRunning_~retValue_acc~7#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~7#1; {7757#(= |timeShift_isPumpRunning_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:06:35,594 INFO L290 TraceCheckUtils]: 45: Hoare triple {7757#(= |timeShift_isPumpRunning_#res#1| (_ bv0 32))} __utac_acc__Specification1_spec__1_#t~ret29#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification1_spec__1_~tmp___0~0#1 := __utac_acc__Specification1_spec__1_#t~ret29#1;havoc __utac_acc__Specification1_spec__1_#t~ret29#1; {7761#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~0#1| (_ bv0 32))} is VALID [2022-02-20 18:06:35,594 INFO L290 TraceCheckUtils]: 46: Hoare triple {7761#(= |timeShift___utac_acc__Specification1_spec__1_~tmp___0~0#1| (_ bv0 32))} assume 0bv32 != __utac_acc__Specification1_spec__1_~tmp___0~0#1;assume { :begin_inline___automaton_fail } true; {7619#false} is VALID [2022-02-20 18:06:35,594 INFO L290 TraceCheckUtils]: 47: Hoare triple {7619#false} assume !false; {7619#false} is VALID [2022-02-20 18:06:35,594 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:06:35,594 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:06:35,594 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:06:35,595 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1322441404] [2022-02-20 18:06:35,595 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1322441404] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:06:35,595 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:06:35,595 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:06:35,595 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [784686858] [2022-02-20 18:06:35,595 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:06:35,596 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 48 [2022-02-20 18:06:35,596 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:06:35,596 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 6.5) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:06:35,638 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 48 edges. 48 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:35,638 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:06:35,638 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:06:35,638 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:06:35,639 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:06:35,639 INFO L87 Difference]: Start difference. First operand 341 states and 402 transitions. Second operand has 6 states, 6 states have (on average 6.5) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:06:36,136 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:36,136 INFO L93 Difference]: Finished difference Result 360 states and 419 transitions. [2022-02-20 18:06:36,136 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:06:36,137 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) Word has length 48 [2022-02-20 18:06:36,137 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:06:36,137 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.5) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:06:36,139 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 170 transitions. [2022-02-20 18:06:36,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 6.5) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:06:36,140 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 170 transitions. [2022-02-20 18:06:36,140 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 170 transitions. [2022-02-20 18:06:36,285 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 170 edges. 170 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:06:36,292 INFO L225 Difference]: With dead ends: 360 [2022-02-20 18:06:36,292 INFO L226 Difference]: Without dead ends: 358 [2022-02-20 18:06:36,293 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 54 GetRequests, 44 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 12 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=45, Invalid=87, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:06:36,294 INFO L933 BasicCegarLoop]: 79 mSDtfsCounter, 101 mSDsluCounter, 228 mSDsCounter, 0 mSdLazyCounter, 141 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 105 SdHoareTripleChecker+Valid, 307 SdHoareTripleChecker+Invalid, 162 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 141 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:06:36,294 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [105 Valid, 307 Invalid, 162 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 141 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:06:36,295 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 358 states. [2022-02-20 18:06:36,305 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 358 to 341. [2022-02-20 18:06:36,306 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:06:36,306 INFO L82 GeneralOperation]: Start isEquivalent. First operand 358 states. Second operand has 341 states, 258 states have (on average 1.186046511627907) internal successors, (306), 273 states have internal predecessors, (306), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:36,307 INFO L74 IsIncluded]: Start isIncluded. First operand 358 states. Second operand has 341 states, 258 states have (on average 1.186046511627907) internal successors, (306), 273 states have internal predecessors, (306), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:36,307 INFO L87 Difference]: Start difference. First operand 358 states. Second operand has 341 states, 258 states have (on average 1.186046511627907) internal successors, (306), 273 states have internal predecessors, (306), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:36,313 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:36,313 INFO L93 Difference]: Finished difference Result 358 states and 415 transitions. [2022-02-20 18:06:36,314 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 415 transitions. [2022-02-20 18:06:36,315 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:36,316 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:36,316 INFO L74 IsIncluded]: Start isIncluded. First operand has 341 states, 258 states have (on average 1.186046511627907) internal successors, (306), 273 states have internal predecessors, (306), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) Second operand 358 states. [2022-02-20 18:06:36,317 INFO L87 Difference]: Start difference. First operand has 341 states, 258 states have (on average 1.186046511627907) internal successors, (306), 273 states have internal predecessors, (306), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) Second operand 358 states. [2022-02-20 18:06:36,323 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:06:36,323 INFO L93 Difference]: Finished difference Result 358 states and 415 transitions. [2022-02-20 18:06:36,323 INFO L276 IsEmpty]: Start isEmpty. Operand 358 states and 415 transitions. [2022-02-20 18:06:36,324 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:06:36,324 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:06:36,324 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:06:36,324 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:06:36,325 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 341 states, 258 states have (on average 1.186046511627907) internal successors, (306), 273 states have internal predecessors, (306), 42 states have call successors, (42), 36 states have call predecessors, (42), 40 states have return successors, (51), 42 states have call predecessors, (51), 42 states have call successors, (51) [2022-02-20 18:06:36,331 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 341 states to 341 states and 399 transitions. [2022-02-20 18:06:36,332 INFO L78 Accepts]: Start accepts. Automaton has 341 states and 399 transitions. Word has length 48 [2022-02-20 18:06:36,332 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:06:36,332 INFO L470 AbstractCegarLoop]: Abstraction has 341 states and 399 transitions. [2022-02-20 18:06:36,332 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 6.5) internal successors, (39), 6 states have internal predecessors, (39), 2 states have call successors, (5), 3 states have call predecessors, (5), 3 states have return successors, (4), 2 states have call predecessors, (4), 2 states have call successors, (4) [2022-02-20 18:06:36,332 INFO L276 IsEmpty]: Start isEmpty. Operand 341 states and 399 transitions. [2022-02-20 18:06:36,333 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 51 [2022-02-20 18:06:36,333 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:06:36,333 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:36,354 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:36,539 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:36,540 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:06:36,540 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:06:36,540 INFO L85 PathProgramCache]: Analyzing trace with hash -129816747, now seen corresponding path program 1 times [2022-02-20 18:06:36,540 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:06:36,540 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1514243226] [2022-02-20 18:06:36,541 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:06:36,541 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:06:36,541 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:06:36,542 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:06:36,543 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Waiting until timeout for monitored process [2022-02-20 18:06:36,582 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:06:36,582 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:06:36,604 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:06:36,634 INFO L138 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-02-20 18:06:36,635 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:06:36,635 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:06:36,664 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Forceful destruction successful, exit code 0 [2022-02-20 18:06:36,843 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:06:36,846 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:06:36,847 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:06:36,867 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:06:36,868 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:06:36,869 INFO L158 Benchmark]: Toolchain (without parser) took 9401.65ms. Allocated memory was 65.0MB in the beginning and 184.5MB in the end (delta: 119.5MB). Free memory was 45.0MB in the beginning and 104.7MB in the end (delta: -59.7MB). Peak memory consumption was 60.3MB. Max. memory is 16.1GB. [2022-02-20 18:06:36,870 INFO L158 Benchmark]: CDTParser took 0.16ms. Allocated memory is still 65.0MB. Free memory was 47.5MB in the beginning and 47.4MB in the end (delta: 48.7kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:06:36,870 INFO L158 Benchmark]: CACSL2BoogieTranslator took 560.92ms. Allocated memory was 65.0MB in the beginning and 92.3MB in the end (delta: 27.3MB). Free memory was 44.9MB in the beginning and 73.7MB in the end (delta: -28.8MB). Peak memory consumption was 17.4MB. Max. memory is 16.1GB. [2022-02-20 18:06:36,870 INFO L158 Benchmark]: Boogie Procedure Inliner took 66.20ms. Allocated memory is still 92.3MB. Free memory was 73.7MB in the beginning and 71.1MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:36,870 INFO L158 Benchmark]: Boogie Preprocessor took 41.40ms. Allocated memory is still 92.3MB. Free memory was 71.1MB in the beginning and 69.1MB in the end (delta: 2.0MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:06:36,870 INFO L158 Benchmark]: RCFGBuilder took 419.64ms. Allocated memory is still 92.3MB. Free memory was 69.1MB in the beginning and 51.8MB in the end (delta: 17.3MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:06:36,871 INFO L158 Benchmark]: TraceAbstraction took 8309.16ms. Allocated memory was 92.3MB in the beginning and 184.5MB in the end (delta: 92.3MB). Free memory was 51.5MB in the beginning and 104.7MB in the end (delta: -53.3MB). Peak memory consumption was 38.7MB. Max. memory is 16.1GB. [2022-02-20 18:06:36,872 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.16ms. Allocated memory is still 65.0MB. Free memory was 47.5MB in the beginning and 47.4MB in the end (delta: 48.7kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 560.92ms. Allocated memory was 65.0MB in the beginning and 92.3MB in the end (delta: 27.3MB). Free memory was 44.9MB in the beginning and 73.7MB in the end (delta: -28.8MB). Peak memory consumption was 17.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 66.20ms. Allocated memory is still 92.3MB. Free memory was 73.7MB in the beginning and 71.1MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 41.40ms. Allocated memory is still 92.3MB. Free memory was 71.1MB in the beginning and 69.1MB in the end (delta: 2.0MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 419.64ms. Allocated memory is still 92.3MB. Free memory was 69.1MB in the beginning and 51.8MB in the end (delta: 17.3MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 8309.16ms. Allocated memory was 92.3MB in the beginning and 184.5MB in the end (delta: 92.3MB). Free memory was 51.5MB in the beginning and 104.7MB in the end (delta: -53.3MB). Peak memory consumption was 38.7MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:06:36,912 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: ERROR: ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator