./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec2_product19.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec2_product19.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 589282c7075ad677d11d7e5d6747c3f882de49697a3649a6296f51163d1d51b5 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:07:21,787 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:07:21,789 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:07:21,811 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:07:21,811 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:07:21,812 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:07:21,813 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:07:21,814 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:07:21,815 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:07:21,815 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:07:21,816 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:07:21,817 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:07:21,817 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:07:21,818 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:07:21,818 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:07:21,819 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:07:21,820 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:07:21,820 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:07:21,822 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:07:21,823 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:07:21,824 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:07:21,825 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:07:21,825 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:07:21,826 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:07:21,828 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:07:21,839 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:07:21,839 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:07:21,840 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:07:21,841 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:07:21,842 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:07:21,843 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:07:21,843 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:07:21,845 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:07:21,845 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:07:21,846 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:07:21,847 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:07:21,847 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:07:21,847 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:07:21,847 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:07:21,849 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:07:21,849 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:07:21,850 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:07:21,878 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:07:21,881 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:07:21,882 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:07:21,882 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:07:21,882 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:07:21,883 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:07:21,883 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:07:21,883 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:07:21,883 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:07:21,884 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:07:21,884 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:07:21,885 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:07:21,885 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:07:21,885 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:07:21,885 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:07:21,885 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:07:21,885 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:07:21,886 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:07:21,886 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:07:21,886 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:07:21,886 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:07:21,886 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:07:21,886 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:07:21,887 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:07:21,887 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:21,887 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:07:21,887 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:07:21,887 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:07:21,887 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:07:21,888 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:07:21,888 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:07:21,888 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:07:21,888 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:07:21,888 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 589282c7075ad677d11d7e5d6747c3f882de49697a3649a6296f51163d1d51b5 [2022-02-20 18:07:22,079 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:07:22,100 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:07:22,103 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:07:22,104 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:07:22,105 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:07:22,106 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec2_product19.cil.c [2022-02-20 18:07:22,157 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d25113261/5819efec9a684486985ad62ac314a658/FLAGd7e52e0c3 [2022-02-20 18:07:22,541 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:07:22,541 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product19.cil.c [2022-02-20 18:07:22,548 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d25113261/5819efec9a684486985ad62ac314a658/FLAGd7e52e0c3 [2022-02-20 18:07:22,929 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/d25113261/5819efec9a684486985ad62ac314a658 [2022-02-20 18:07:22,930 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:07:22,931 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:07:22,932 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:22,932 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:07:22,934 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:07:22,935 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:22" (1/1) ... [2022-02-20 18:07:22,936 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@4e2aa2bd and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:22, skipping insertion in model container [2022-02-20 18:07:22,936 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:22" (1/1) ... [2022-02-20 18:07:22,941 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:07:22,968 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:07:23,085 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product19.cil.c[1605,1618] [2022-02-20 18:07:23,211 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:23,217 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:07:23,236 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product19.cil.c[1605,1618] [2022-02-20 18:07:23,301 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:23,314 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:07:23,314 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23 WrapperNode [2022-02-20 18:07:23,314 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:23,315 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:23,315 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:07:23,315 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:07:23,321 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,345 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,373 INFO L137 Inliner]: procedures = 54, calls = 152, calls flagged for inlining = 20, calls inlined = 17, statements flattened = 224 [2022-02-20 18:07:23,377 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:23,378 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:07:23,378 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:07:23,378 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:07:23,384 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,384 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,390 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,390 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,403 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,412 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,416 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,418 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:07:23,419 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:07:23,420 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:07:23,420 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:07:23,421 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (1/1) ... [2022-02-20 18:07:23,426 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:23,433 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:23,443 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:07:23,444 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:07:23,476 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:07:23,477 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:07:23,477 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:07:23,477 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:07:23,477 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:07:23,477 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:07:23,477 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:07:23,477 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:07:23,477 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:07:23,478 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:07:23,478 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:07:23,478 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:07:23,478 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:07:23,479 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:07:23,479 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:07:23,479 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:07:23,479 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:07:23,479 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:07:23,568 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:07:23,569 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:07:23,916 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:07:23,922 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:07:23,922 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:07:23,924 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:23 BoogieIcfgContainer [2022-02-20 18:07:23,924 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:07:23,925 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:07:23,925 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:07:23,927 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:07:23,927 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:07:22" (1/3) ... [2022-02-20 18:07:23,928 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@586e0bde and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:23, skipping insertion in model container [2022-02-20 18:07:23,928 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:23" (2/3) ... [2022-02-20 18:07:23,929 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@586e0bde and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:23, skipping insertion in model container [2022-02-20 18:07:23,929 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:23" (3/3) ... [2022-02-20 18:07:23,930 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec2_product19.cil.c [2022-02-20 18:07:23,934 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:07:23,934 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:07:23,964 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:07:23,971 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:07:23,972 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:07:23,994 INFO L276 IsEmpty]: Start isEmpty. Operand has 82 states, 62 states have (on average 1.3870967741935485) internal successors, (86), 69 states have internal predecessors, (86), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:07:23,998 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:07:23,998 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:23,999 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:23,999 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:24,002 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:24,003 INFO L85 PathProgramCache]: Analyzing trace with hash 116265818, now seen corresponding path program 1 times [2022-02-20 18:07:24,009 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:24,009 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [194184148] [2022-02-20 18:07:24,009 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:24,010 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:24,120 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:24,181 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:07:24,183 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:24,194 INFO L290 TraceCheckUtils]: 0: Hoare triple {85#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {85#true} is VALID [2022-02-20 18:07:24,196 INFO L290 TraceCheckUtils]: 1: Hoare triple {85#true} assume true; {85#true} is VALID [2022-02-20 18:07:24,196 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {85#true} {86#false} #217#return; {86#false} is VALID [2022-02-20 18:07:24,198 INFO L290 TraceCheckUtils]: 0: Hoare triple {85#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {85#true} is VALID [2022-02-20 18:07:24,199 INFO L290 TraceCheckUtils]: 1: Hoare triple {85#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret32#1, main_~retValue_acc~6#1, main_~tmp~3#1;havoc main_~retValue_acc~6#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {85#true} is VALID [2022-02-20 18:07:24,202 INFO L290 TraceCheckUtils]: 2: Hoare triple {85#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {85#true} is VALID [2022-02-20 18:07:24,202 INFO L290 TraceCheckUtils]: 3: Hoare triple {85#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {85#true} is VALID [2022-02-20 18:07:24,203 INFO L290 TraceCheckUtils]: 4: Hoare triple {85#true} main_#t~ret32#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret32#1 && main_#t~ret32#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret32#1;havoc main_#t~ret32#1; {85#true} is VALID [2022-02-20 18:07:24,203 INFO L290 TraceCheckUtils]: 5: Hoare triple {85#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {85#true} is VALID [2022-02-20 18:07:24,203 INFO L290 TraceCheckUtils]: 6: Hoare triple {85#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {85#true} is VALID [2022-02-20 18:07:24,203 INFO L290 TraceCheckUtils]: 7: Hoare triple {85#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {85#true} is VALID [2022-02-20 18:07:24,204 INFO L290 TraceCheckUtils]: 8: Hoare triple {85#true} assume false; {86#false} is VALID [2022-02-20 18:07:24,204 INFO L272 TraceCheckUtils]: 9: Hoare triple {86#false} call cleanup(); {86#false} is VALID [2022-02-20 18:07:24,205 INFO L290 TraceCheckUtils]: 10: Hoare triple {86#false} havoc ~i~0;havoc ~__cil_tmp2~0; {86#false} is VALID [2022-02-20 18:07:24,205 INFO L272 TraceCheckUtils]: 11: Hoare triple {86#false} call timeShift(); {86#false} is VALID [2022-02-20 18:07:24,205 INFO L290 TraceCheckUtils]: 12: Hoare triple {86#false} assume !(0 != ~pumpRunning~0); {86#false} is VALID [2022-02-20 18:07:24,205 INFO L290 TraceCheckUtils]: 13: Hoare triple {86#false} assume !(0 != ~systemActive~0); {86#false} is VALID [2022-02-20 18:07:24,205 INFO L290 TraceCheckUtils]: 14: Hoare triple {86#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret33#1, __utac_acc__Specification2_spec__2_#t~ret34#1, __utac_acc__Specification2_spec__2_~tmp~4#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~4#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {86#false} is VALID [2022-02-20 18:07:24,206 INFO L272 TraceCheckUtils]: 15: Hoare triple {86#false} call __utac_acc__Specification2_spec__2_#t~ret33#1 := isMethaneLevelCritical(); {85#true} is VALID [2022-02-20 18:07:24,206 INFO L290 TraceCheckUtils]: 16: Hoare triple {85#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {85#true} is VALID [2022-02-20 18:07:24,206 INFO L290 TraceCheckUtils]: 17: Hoare triple {85#true} assume true; {85#true} is VALID [2022-02-20 18:07:24,206 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {85#true} {86#false} #217#return; {86#false} is VALID [2022-02-20 18:07:24,206 INFO L290 TraceCheckUtils]: 19: Hoare triple {86#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret33#1 && __utac_acc__Specification2_spec__2_#t~ret33#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~4#1 := __utac_acc__Specification2_spec__2_#t~ret33#1;havoc __utac_acc__Specification2_spec__2_#t~ret33#1; {86#false} is VALID [2022-02-20 18:07:24,207 INFO L290 TraceCheckUtils]: 20: Hoare triple {86#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~8#1;havoc isPumpRunning_~retValue_acc~8#1;isPumpRunning_~retValue_acc~8#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~8#1; {86#false} is VALID [2022-02-20 18:07:24,207 INFO L290 TraceCheckUtils]: 21: Hoare triple {86#false} __utac_acc__Specification2_spec__2_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret34#1 && __utac_acc__Specification2_spec__2_#t~ret34#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret34#1;havoc __utac_acc__Specification2_spec__2_#t~ret34#1; {86#false} is VALID [2022-02-20 18:07:24,208 INFO L290 TraceCheckUtils]: 22: Hoare triple {86#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {86#false} is VALID [2022-02-20 18:07:24,209 INFO L290 TraceCheckUtils]: 23: Hoare triple {86#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {86#false} is VALID [2022-02-20 18:07:24,209 INFO L290 TraceCheckUtils]: 24: Hoare triple {86#false} assume !false; {86#false} is VALID [2022-02-20 18:07:24,209 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:24,210 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:24,210 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [194184148] [2022-02-20 18:07:24,211 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [194184148] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:24,211 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:24,211 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:07:24,213 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2020504749] [2022-02-20 18:07:24,214 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:24,218 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:24,219 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:24,221 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,246 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:24,246 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:07:24,247 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:24,263 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:07:24,264 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:24,267 INFO L87 Difference]: Start difference. First operand has 82 states, 62 states have (on average 1.3870967741935485) internal successors, (86), 69 states have internal predecessors, (86), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 9 states have call predecessors, (11), 11 states have call successors, (11) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,342 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:24,342 INFO L93 Difference]: Finished difference Result 155 states and 210 transitions. [2022-02-20 18:07:24,342 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:07:24,343 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:24,343 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:24,344 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,353 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 210 transitions. [2022-02-20 18:07:24,353 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,360 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 210 transitions. [2022-02-20 18:07:24,361 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 210 transitions. [2022-02-20 18:07:24,517 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 210 edges. 210 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:24,524 INFO L225 Difference]: With dead ends: 155 [2022-02-20 18:07:24,525 INFO L226 Difference]: Without dead ends: 73 [2022-02-20 18:07:24,527 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:24,530 INFO L933 BasicCegarLoop]: 102 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 102 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:24,530 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 102 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:24,541 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2022-02-20 18:07:24,552 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 73. [2022-02-20 18:07:24,552 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:24,553 INFO L82 GeneralOperation]: Start isEquivalent. First operand 73 states. Second operand has 73 states, 55 states have (on average 1.309090909090909) internal successors, (72), 61 states have internal predecessors, (72), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:07:24,554 INFO L74 IsIncluded]: Start isIncluded. First operand 73 states. Second operand has 73 states, 55 states have (on average 1.309090909090909) internal successors, (72), 61 states have internal predecessors, (72), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:07:24,554 INFO L87 Difference]: Start difference. First operand 73 states. Second operand has 73 states, 55 states have (on average 1.309090909090909) internal successors, (72), 61 states have internal predecessors, (72), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:07:24,559 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:24,560 INFO L93 Difference]: Finished difference Result 73 states and 93 transitions. [2022-02-20 18:07:24,560 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 93 transitions. [2022-02-20 18:07:24,561 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:24,561 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:24,561 INFO L74 IsIncluded]: Start isIncluded. First operand has 73 states, 55 states have (on average 1.309090909090909) internal successors, (72), 61 states have internal predecessors, (72), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 73 states. [2022-02-20 18:07:24,562 INFO L87 Difference]: Start difference. First operand has 73 states, 55 states have (on average 1.309090909090909) internal successors, (72), 61 states have internal predecessors, (72), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) Second operand 73 states. [2022-02-20 18:07:24,566 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:24,575 INFO L93 Difference]: Finished difference Result 73 states and 93 transitions. [2022-02-20 18:07:24,575 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 93 transitions. [2022-02-20 18:07:24,576 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:24,578 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:24,578 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:24,578 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:24,579 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 73 states, 55 states have (on average 1.309090909090909) internal successors, (72), 61 states have internal predecessors, (72), 11 states have call successors, (11), 7 states have call predecessors, (11), 6 states have return successors, (10), 8 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:07:24,582 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 73 states to 73 states and 93 transitions. [2022-02-20 18:07:24,586 INFO L78 Accepts]: Start accepts. Automaton has 73 states and 93 transitions. Word has length 25 [2022-02-20 18:07:24,587 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:24,587 INFO L470 AbstractCegarLoop]: Abstraction has 73 states and 93 transitions. [2022-02-20 18:07:24,587 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,588 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 93 transitions. [2022-02-20 18:07:24,589 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-02-20 18:07:24,595 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:24,595 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:24,595 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:07:24,595 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:24,597 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:24,597 INFO L85 PathProgramCache]: Analyzing trace with hash -1218551415, now seen corresponding path program 1 times [2022-02-20 18:07:24,597 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:24,597 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [156974587] [2022-02-20 18:07:24,597 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:24,598 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:24,650 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:24,697 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 18:07:24,701 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:24,708 INFO L290 TraceCheckUtils]: 0: Hoare triple {566#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {566#true} is VALID [2022-02-20 18:07:24,709 INFO L290 TraceCheckUtils]: 1: Hoare triple {566#true} assume true; {566#true} is VALID [2022-02-20 18:07:24,709 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {566#true} {567#false} #217#return; {567#false} is VALID [2022-02-20 18:07:24,709 INFO L290 TraceCheckUtils]: 0: Hoare triple {566#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {566#true} is VALID [2022-02-20 18:07:24,709 INFO L290 TraceCheckUtils]: 1: Hoare triple {566#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret32#1, main_~retValue_acc~6#1, main_~tmp~3#1;havoc main_~retValue_acc~6#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {566#true} is VALID [2022-02-20 18:07:24,709 INFO L290 TraceCheckUtils]: 2: Hoare triple {566#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {566#true} is VALID [2022-02-20 18:07:24,710 INFO L290 TraceCheckUtils]: 3: Hoare triple {566#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {566#true} is VALID [2022-02-20 18:07:24,710 INFO L290 TraceCheckUtils]: 4: Hoare triple {566#true} main_#t~ret32#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret32#1 && main_#t~ret32#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret32#1;havoc main_#t~ret32#1; {566#true} is VALID [2022-02-20 18:07:24,710 INFO L290 TraceCheckUtils]: 5: Hoare triple {566#true} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {566#true} is VALID [2022-02-20 18:07:24,710 INFO L290 TraceCheckUtils]: 6: Hoare triple {566#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {566#true} is VALID [2022-02-20 18:07:24,711 INFO L290 TraceCheckUtils]: 7: Hoare triple {566#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:24,711 INFO L290 TraceCheckUtils]: 8: Hoare triple {568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:24,711 INFO L290 TraceCheckUtils]: 9: Hoare triple {568#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {567#false} is VALID [2022-02-20 18:07:24,712 INFO L272 TraceCheckUtils]: 10: Hoare triple {567#false} call cleanup(); {567#false} is VALID [2022-02-20 18:07:24,712 INFO L290 TraceCheckUtils]: 11: Hoare triple {567#false} havoc ~i~0;havoc ~__cil_tmp2~0; {567#false} is VALID [2022-02-20 18:07:24,712 INFO L272 TraceCheckUtils]: 12: Hoare triple {567#false} call timeShift(); {567#false} is VALID [2022-02-20 18:07:24,713 INFO L290 TraceCheckUtils]: 13: Hoare triple {567#false} assume !(0 != ~pumpRunning~0); {567#false} is VALID [2022-02-20 18:07:24,713 INFO L290 TraceCheckUtils]: 14: Hoare triple {567#false} assume !(0 != ~systemActive~0); {567#false} is VALID [2022-02-20 18:07:24,713 INFO L290 TraceCheckUtils]: 15: Hoare triple {567#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret33#1, __utac_acc__Specification2_spec__2_#t~ret34#1, __utac_acc__Specification2_spec__2_~tmp~4#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~4#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {567#false} is VALID [2022-02-20 18:07:24,713 INFO L272 TraceCheckUtils]: 16: Hoare triple {567#false} call __utac_acc__Specification2_spec__2_#t~ret33#1 := isMethaneLevelCritical(); {566#true} is VALID [2022-02-20 18:07:24,713 INFO L290 TraceCheckUtils]: 17: Hoare triple {566#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {566#true} is VALID [2022-02-20 18:07:24,716 INFO L290 TraceCheckUtils]: 18: Hoare triple {566#true} assume true; {566#true} is VALID [2022-02-20 18:07:24,716 INFO L284 TraceCheckUtils]: 19: Hoare quadruple {566#true} {567#false} #217#return; {567#false} is VALID [2022-02-20 18:07:24,716 INFO L290 TraceCheckUtils]: 20: Hoare triple {567#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret33#1 && __utac_acc__Specification2_spec__2_#t~ret33#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~4#1 := __utac_acc__Specification2_spec__2_#t~ret33#1;havoc __utac_acc__Specification2_spec__2_#t~ret33#1; {567#false} is VALID [2022-02-20 18:07:24,716 INFO L290 TraceCheckUtils]: 21: Hoare triple {567#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~8#1;havoc isPumpRunning_~retValue_acc~8#1;isPumpRunning_~retValue_acc~8#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~8#1; {567#false} is VALID [2022-02-20 18:07:24,717 INFO L290 TraceCheckUtils]: 22: Hoare triple {567#false} __utac_acc__Specification2_spec__2_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret34#1 && __utac_acc__Specification2_spec__2_#t~ret34#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret34#1;havoc __utac_acc__Specification2_spec__2_#t~ret34#1; {567#false} is VALID [2022-02-20 18:07:24,717 INFO L290 TraceCheckUtils]: 23: Hoare triple {567#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {567#false} is VALID [2022-02-20 18:07:24,717 INFO L290 TraceCheckUtils]: 24: Hoare triple {567#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {567#false} is VALID [2022-02-20 18:07:24,718 INFO L290 TraceCheckUtils]: 25: Hoare triple {567#false} assume !false; {567#false} is VALID [2022-02-20 18:07:24,719 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:24,719 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:24,719 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [156974587] [2022-02-20 18:07:24,719 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [156974587] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:24,719 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:24,720 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:24,720 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [283297286] [2022-02-20 18:07:24,720 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:24,721 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:24,721 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:24,722 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,742 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:24,742 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:24,742 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:24,743 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:24,743 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:24,743 INFO L87 Difference]: Start difference. First operand 73 states and 93 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,835 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:24,836 INFO L93 Difference]: Finished difference Result 107 states and 135 transitions. [2022-02-20 18:07:24,836 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:24,836 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:24,836 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:24,836 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,840 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 135 transitions. [2022-02-20 18:07:24,840 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,842 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 135 transitions. [2022-02-20 18:07:24,842 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 135 transitions. [2022-02-20 18:07:24,939 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 135 edges. 135 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:24,941 INFO L225 Difference]: With dead ends: 107 [2022-02-20 18:07:24,941 INFO L226 Difference]: Without dead ends: 64 [2022-02-20 18:07:24,942 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:24,942 INFO L933 BasicCegarLoop]: 80 mSDtfsCounter, 16 mSDsluCounter, 59 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 139 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:24,943 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 139 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:24,943 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2022-02-20 18:07:24,947 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 64. [2022-02-20 18:07:24,947 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:24,947 INFO L82 GeneralOperation]: Start isEquivalent. First operand 64 states. Second operand has 64 states, 49 states have (on average 1.3265306122448979) internal successors, (65), 55 states have internal predecessors, (65), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:07:24,947 INFO L74 IsIncluded]: Start isIncluded. First operand 64 states. Second operand has 64 states, 49 states have (on average 1.3265306122448979) internal successors, (65), 55 states have internal predecessors, (65), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:07:24,948 INFO L87 Difference]: Start difference. First operand 64 states. Second operand has 64 states, 49 states have (on average 1.3265306122448979) internal successors, (65), 55 states have internal predecessors, (65), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:07:24,949 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:24,950 INFO L93 Difference]: Finished difference Result 64 states and 81 transitions. [2022-02-20 18:07:24,950 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 81 transitions. [2022-02-20 18:07:24,950 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:24,950 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:24,950 INFO L74 IsIncluded]: Start isIncluded. First operand has 64 states, 49 states have (on average 1.3265306122448979) internal successors, (65), 55 states have internal predecessors, (65), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) Second operand 64 states. [2022-02-20 18:07:24,951 INFO L87 Difference]: Start difference. First operand has 64 states, 49 states have (on average 1.3265306122448979) internal successors, (65), 55 states have internal predecessors, (65), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) Second operand 64 states. [2022-02-20 18:07:24,965 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:24,965 INFO L93 Difference]: Finished difference Result 64 states and 81 transitions. [2022-02-20 18:07:24,966 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 81 transitions. [2022-02-20 18:07:24,966 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:24,966 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:24,966 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:24,966 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:24,966 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 64 states, 49 states have (on average 1.3265306122448979) internal successors, (65), 55 states have internal predecessors, (65), 8 states have call successors, (8), 6 states have call predecessors, (8), 6 states have return successors, (8), 6 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:07:24,968 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 81 transitions. [2022-02-20 18:07:24,968 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 81 transitions. Word has length 26 [2022-02-20 18:07:24,968 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:24,969 INFO L470 AbstractCegarLoop]: Abstraction has 64 states and 81 transitions. [2022-02-20 18:07:24,969 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:24,969 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 81 transitions. [2022-02-20 18:07:24,969 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2022-02-20 18:07:24,969 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:24,969 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:24,969 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:07:24,970 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:24,970 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:24,970 INFO L85 PathProgramCache]: Analyzing trace with hash 603258873, now seen corresponding path program 1 times [2022-02-20 18:07:24,970 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:24,970 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1558922258] [2022-02-20 18:07:24,970 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:24,970 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:25,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:25,052 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:07:25,054 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:25,056 INFO L290 TraceCheckUtils]: 0: Hoare triple {946#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {946#true} is VALID [2022-02-20 18:07:25,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {946#true} assume true; {946#true} is VALID [2022-02-20 18:07:25,057 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {946#true} {947#false} #217#return; {947#false} is VALID [2022-02-20 18:07:25,058 INFO L290 TraceCheckUtils]: 0: Hoare triple {946#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {948#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:25,059 INFO L290 TraceCheckUtils]: 1: Hoare triple {948#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret32#1, main_~retValue_acc~6#1, main_~tmp~3#1;havoc main_~retValue_acc~6#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {948#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:25,059 INFO L290 TraceCheckUtils]: 2: Hoare triple {948#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {948#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:25,060 INFO L290 TraceCheckUtils]: 3: Hoare triple {948#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {949#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:07:25,060 INFO L290 TraceCheckUtils]: 4: Hoare triple {949#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret32#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret32#1 && main_#t~ret32#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret32#1;havoc main_#t~ret32#1; {950#(= |ULTIMATE.start_main_~tmp~3#1| ~systemActive~0)} is VALID [2022-02-20 18:07:25,060 INFO L290 TraceCheckUtils]: 5: Hoare triple {950#(= |ULTIMATE.start_main_~tmp~3#1| ~systemActive~0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,061 INFO L290 TraceCheckUtils]: 6: Hoare triple {951#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,061 INFO L290 TraceCheckUtils]: 7: Hoare triple {951#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,061 INFO L290 TraceCheckUtils]: 8: Hoare triple {951#(not (= 0 ~systemActive~0))} assume !false; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,062 INFO L290 TraceCheckUtils]: 9: Hoare triple {951#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,062 INFO L290 TraceCheckUtils]: 10: Hoare triple {951#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp~7#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,063 INFO L290 TraceCheckUtils]: 11: Hoare triple {951#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~7#1); {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,063 INFO L290 TraceCheckUtils]: 12: Hoare triple {951#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,063 INFO L290 TraceCheckUtils]: 13: Hoare triple {951#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~2#1); {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,064 INFO L290 TraceCheckUtils]: 14: Hoare triple {951#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,064 INFO L290 TraceCheckUtils]: 15: Hoare triple {951#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___2~0#1; {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,064 INFO L272 TraceCheckUtils]: 16: Hoare triple {951#(not (= 0 ~systemActive~0))} call timeShift(); {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,065 INFO L290 TraceCheckUtils]: 17: Hoare triple {951#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {951#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:25,065 INFO L290 TraceCheckUtils]: 18: Hoare triple {951#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {947#false} is VALID [2022-02-20 18:07:25,065 INFO L290 TraceCheckUtils]: 19: Hoare triple {947#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret33#1, __utac_acc__Specification2_spec__2_#t~ret34#1, __utac_acc__Specification2_spec__2_~tmp~4#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~4#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {947#false} is VALID [2022-02-20 18:07:25,065 INFO L272 TraceCheckUtils]: 20: Hoare triple {947#false} call __utac_acc__Specification2_spec__2_#t~ret33#1 := isMethaneLevelCritical(); {946#true} is VALID [2022-02-20 18:07:25,066 INFO L290 TraceCheckUtils]: 21: Hoare triple {946#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {946#true} is VALID [2022-02-20 18:07:25,066 INFO L290 TraceCheckUtils]: 22: Hoare triple {946#true} assume true; {946#true} is VALID [2022-02-20 18:07:25,066 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {946#true} {947#false} #217#return; {947#false} is VALID [2022-02-20 18:07:25,066 INFO L290 TraceCheckUtils]: 24: Hoare triple {947#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret33#1 && __utac_acc__Specification2_spec__2_#t~ret33#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~4#1 := __utac_acc__Specification2_spec__2_#t~ret33#1;havoc __utac_acc__Specification2_spec__2_#t~ret33#1; {947#false} is VALID [2022-02-20 18:07:25,066 INFO L290 TraceCheckUtils]: 25: Hoare triple {947#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~8#1;havoc isPumpRunning_~retValue_acc~8#1;isPumpRunning_~retValue_acc~8#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~8#1; {947#false} is VALID [2022-02-20 18:07:25,066 INFO L290 TraceCheckUtils]: 26: Hoare triple {947#false} __utac_acc__Specification2_spec__2_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret34#1 && __utac_acc__Specification2_spec__2_#t~ret34#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret34#1;havoc __utac_acc__Specification2_spec__2_#t~ret34#1; {947#false} is VALID [2022-02-20 18:07:25,066 INFO L290 TraceCheckUtils]: 27: Hoare triple {947#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {947#false} is VALID [2022-02-20 18:07:25,067 INFO L290 TraceCheckUtils]: 28: Hoare triple {947#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {947#false} is VALID [2022-02-20 18:07:25,067 INFO L290 TraceCheckUtils]: 29: Hoare triple {947#false} assume !false; {947#false} is VALID [2022-02-20 18:07:25,067 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:25,067 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:25,067 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1558922258] [2022-02-20 18:07:25,067 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1558922258] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:25,067 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:25,068 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:25,068 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [951620499] [2022-02-20 18:07:25,068 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:25,068 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2022-02-20 18:07:25,068 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:25,068 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:25,089 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:25,089 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:25,089 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:25,090 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:25,090 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:25,090 INFO L87 Difference]: Start difference. First operand 64 states and 81 transitions. Second operand has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:25,477 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:25,477 INFO L93 Difference]: Finished difference Result 218 states and 284 transitions. [2022-02-20 18:07:25,477 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:25,478 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 30 [2022-02-20 18:07:25,478 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:25,478 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:25,483 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 284 transitions. [2022-02-20 18:07:25,484 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:25,489 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 284 transitions. [2022-02-20 18:07:25,490 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 284 transitions. [2022-02-20 18:07:25,657 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 284 edges. 284 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:25,664 INFO L225 Difference]: With dead ends: 218 [2022-02-20 18:07:25,664 INFO L226 Difference]: Without dead ends: 162 [2022-02-20 18:07:25,667 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 3 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:07:25,673 INFO L933 BasicCegarLoop]: 103 mSDtfsCounter, 217 mSDsluCounter, 288 mSDsCounter, 0 mSdLazyCounter, 79 mSolverCounterSat, 29 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 217 SdHoareTripleChecker+Valid, 391 SdHoareTripleChecker+Invalid, 108 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 29 IncrementalHoareTripleChecker+Valid, 79 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:25,674 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [217 Valid, 391 Invalid, 108 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [29 Valid, 79 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:07:25,675 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 162 states. [2022-02-20 18:07:25,689 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 162 to 156. [2022-02-20 18:07:25,692 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:25,693 INFO L82 GeneralOperation]: Start isEquivalent. First operand 162 states. Second operand has 156 states, 117 states have (on average 1.3675213675213675) internal successors, (160), 131 states have internal predecessors, (160), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (22), 15 states have call predecessors, (22), 21 states have call successors, (22) [2022-02-20 18:07:25,693 INFO L74 IsIncluded]: Start isIncluded. First operand 162 states. Second operand has 156 states, 117 states have (on average 1.3675213675213675) internal successors, (160), 131 states have internal predecessors, (160), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (22), 15 states have call predecessors, (22), 21 states have call successors, (22) [2022-02-20 18:07:25,694 INFO L87 Difference]: Start difference. First operand 162 states. Second operand has 156 states, 117 states have (on average 1.3675213675213675) internal successors, (160), 131 states have internal predecessors, (160), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (22), 15 states have call predecessors, (22), 21 states have call successors, (22) [2022-02-20 18:07:25,699 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:25,699 INFO L93 Difference]: Finished difference Result 162 states and 207 transitions. [2022-02-20 18:07:25,700 INFO L276 IsEmpty]: Start isEmpty. Operand 162 states and 207 transitions. [2022-02-20 18:07:25,700 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:25,701 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:25,702 INFO L74 IsIncluded]: Start isIncluded. First operand has 156 states, 117 states have (on average 1.3675213675213675) internal successors, (160), 131 states have internal predecessors, (160), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (22), 15 states have call predecessors, (22), 21 states have call successors, (22) Second operand 162 states. [2022-02-20 18:07:25,703 INFO L87 Difference]: Start difference. First operand has 156 states, 117 states have (on average 1.3675213675213675) internal successors, (160), 131 states have internal predecessors, (160), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (22), 15 states have call predecessors, (22), 21 states have call successors, (22) Second operand 162 states. [2022-02-20 18:07:25,708 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:25,708 INFO L93 Difference]: Finished difference Result 162 states and 207 transitions. [2022-02-20 18:07:25,708 INFO L276 IsEmpty]: Start isEmpty. Operand 162 states and 207 transitions. [2022-02-20 18:07:25,708 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:25,708 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:25,709 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:25,709 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:25,710 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 156 states, 117 states have (on average 1.3675213675213675) internal successors, (160), 131 states have internal predecessors, (160), 21 states have call successors, (21), 17 states have call predecessors, (21), 17 states have return successors, (22), 15 states have call predecessors, (22), 21 states have call successors, (22) [2022-02-20 18:07:25,715 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 156 states to 156 states and 203 transitions. [2022-02-20 18:07:25,715 INFO L78 Accepts]: Start accepts. Automaton has 156 states and 203 transitions. Word has length 30 [2022-02-20 18:07:25,715 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:25,715 INFO L470 AbstractCegarLoop]: Abstraction has 156 states and 203 transitions. [2022-02-20 18:07:25,715 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.5) internal successors, (27), 6 states have internal predecessors, (27), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:25,716 INFO L276 IsEmpty]: Start isEmpty. Operand 156 states and 203 transitions. [2022-02-20 18:07:25,716 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 36 [2022-02-20 18:07:25,716 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:25,716 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:25,717 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:07:25,717 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:25,717 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:25,717 INFO L85 PathProgramCache]: Analyzing trace with hash -820315312, now seen corresponding path program 1 times [2022-02-20 18:07:25,718 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:25,718 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [251841645] [2022-02-20 18:07:25,718 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:25,718 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:25,758 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:25,789 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:07:25,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:25,792 INFO L290 TraceCheckUtils]: 0: Hoare triple {1805#true} assume true; {1805#true} is VALID [2022-02-20 18:07:25,793 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1805#true} {1807#(= ~methaneLevelCritical~0 0)} #215#return; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:07:25,794 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:25,800 INFO L290 TraceCheckUtils]: 0: Hoare triple {1805#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:25,801 INFO L290 TraceCheckUtils]: 1: Hoare triple {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:25,801 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1807#(= ~methaneLevelCritical~0 0)} #217#return; {1813#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret33#1| 0)} is VALID [2022-02-20 18:07:25,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {1805#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret32#1, main_~retValue_acc~6#1, main_~tmp~3#1;havoc main_~retValue_acc~6#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,802 INFO L290 TraceCheckUtils]: 2: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,803 INFO L290 TraceCheckUtils]: 3: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,803 INFO L290 TraceCheckUtils]: 4: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} main_#t~ret32#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret32#1 && main_#t~ret32#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret32#1;havoc main_#t~ret32#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,803 INFO L290 TraceCheckUtils]: 5: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,804 INFO L290 TraceCheckUtils]: 6: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,804 INFO L290 TraceCheckUtils]: 7: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,804 INFO L290 TraceCheckUtils]: 8: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume !false; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,805 INFO L290 TraceCheckUtils]: 9: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume test_~splverifierCounter~0#1 < 4; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,805 INFO L290 TraceCheckUtils]: 10: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp~7#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,805 INFO L290 TraceCheckUtils]: 11: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp~7#1); {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,806 INFO L290 TraceCheckUtils]: 12: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,806 INFO L290 TraceCheckUtils]: 13: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___0~2#1); {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,806 INFO L290 TraceCheckUtils]: 14: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,807 INFO L290 TraceCheckUtils]: 15: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume 0 != test_~tmp___2~0#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,807 INFO L272 TraceCheckUtils]: 16: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} call timeShift(); {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,807 INFO L290 TraceCheckUtils]: 17: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,808 INFO L290 TraceCheckUtils]: 18: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret35#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,808 INFO L290 TraceCheckUtils]: 19: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,808 INFO L272 TraceCheckUtils]: 20: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} call processEnvironment__wrappee__base(); {1805#true} is VALID [2022-02-20 18:07:25,808 INFO L290 TraceCheckUtils]: 21: Hoare triple {1805#true} assume true; {1805#true} is VALID [2022-02-20 18:07:25,808 INFO L284 TraceCheckUtils]: 22: Hoare quadruple {1805#true} {1807#(= ~methaneLevelCritical~0 0)} #215#return; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,809 INFO L290 TraceCheckUtils]: 23: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume { :end_inline_processEnvironment } true; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,809 INFO L290 TraceCheckUtils]: 24: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret33#1, __utac_acc__Specification2_spec__2_#t~ret34#1, __utac_acc__Specification2_spec__2_~tmp~4#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~4#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {1807#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:25,809 INFO L272 TraceCheckUtils]: 25: Hoare triple {1807#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification2_spec__2_#t~ret33#1 := isMethaneLevelCritical(); {1805#true} is VALID [2022-02-20 18:07:25,810 INFO L290 TraceCheckUtils]: 26: Hoare triple {1805#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:25,810 INFO L290 TraceCheckUtils]: 27: Hoare triple {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:25,810 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {1815#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1807#(= ~methaneLevelCritical~0 0)} #217#return; {1813#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret33#1| 0)} is VALID [2022-02-20 18:07:25,811 INFO L290 TraceCheckUtils]: 29: Hoare triple {1813#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret33#1| 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret33#1 && __utac_acc__Specification2_spec__2_#t~ret33#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~4#1 := __utac_acc__Specification2_spec__2_#t~ret33#1;havoc __utac_acc__Specification2_spec__2_#t~ret33#1; {1814#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~4#1| 0)} is VALID [2022-02-20 18:07:25,811 INFO L290 TraceCheckUtils]: 30: Hoare triple {1814#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~4#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~8#1;havoc isPumpRunning_~retValue_acc~8#1;isPumpRunning_~retValue_acc~8#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~8#1; {1806#false} is VALID [2022-02-20 18:07:25,811 INFO L290 TraceCheckUtils]: 31: Hoare triple {1806#false} __utac_acc__Specification2_spec__2_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret34#1 && __utac_acc__Specification2_spec__2_#t~ret34#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret34#1;havoc __utac_acc__Specification2_spec__2_#t~ret34#1; {1806#false} is VALID [2022-02-20 18:07:25,811 INFO L290 TraceCheckUtils]: 32: Hoare triple {1806#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {1806#false} is VALID [2022-02-20 18:07:25,812 INFO L290 TraceCheckUtils]: 33: Hoare triple {1806#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1806#false} is VALID [2022-02-20 18:07:25,812 INFO L290 TraceCheckUtils]: 34: Hoare triple {1806#false} assume !false; {1806#false} is VALID [2022-02-20 18:07:25,812 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:25,812 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:25,812 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [251841645] [2022-02-20 18:07:25,812 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [251841645] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:25,812 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:25,812 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:25,812 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1494211856] [2022-02-20 18:07:25,813 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:25,813 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 35 [2022-02-20 18:07:25,813 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:25,813 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:25,833 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 35 edges. 35 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:25,833 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:25,833 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:25,833 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:25,833 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:25,834 INFO L87 Difference]: Start difference. First operand 156 states and 203 transitions. Second operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:26,088 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,089 INFO L93 Difference]: Finished difference Result 450 states and 597 transitions. [2022-02-20 18:07:26,089 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:07:26,089 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) Word has length 35 [2022-02-20 18:07:26,089 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:26,089 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:26,092 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 227 transitions. [2022-02-20 18:07:26,092 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:26,094 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 227 transitions. [2022-02-20 18:07:26,094 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 227 transitions. [2022-02-20 18:07:26,225 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 227 edges. 227 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:26,232 INFO L225 Difference]: With dead ends: 450 [2022-02-20 18:07:26,232 INFO L226 Difference]: Without dead ends: 302 [2022-02-20 18:07:26,232 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:07:26,233 INFO L933 BasicCegarLoop]: 86 mSDtfsCounter, 51 mSDsluCounter, 303 mSDsCounter, 0 mSdLazyCounter, 40 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 53 SdHoareTripleChecker+Valid, 389 SdHoareTripleChecker+Invalid, 44 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 40 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:26,234 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [53 Valid, 389 Invalid, 44 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 40 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:26,234 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 302 states. [2022-02-20 18:07:26,255 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 302 to 293. [2022-02-20 18:07:26,258 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:26,259 INFO L82 GeneralOperation]: Start isEquivalent. First operand 302 states. Second operand has 293 states, 216 states have (on average 1.3425925925925926) internal successors, (290), 243 states have internal predecessors, (290), 42 states have call successors, (42), 34 states have call predecessors, (42), 34 states have return successors, (47), 30 states have call predecessors, (47), 42 states have call successors, (47) [2022-02-20 18:07:26,260 INFO L74 IsIncluded]: Start isIncluded. First operand 302 states. Second operand has 293 states, 216 states have (on average 1.3425925925925926) internal successors, (290), 243 states have internal predecessors, (290), 42 states have call successors, (42), 34 states have call predecessors, (42), 34 states have return successors, (47), 30 states have call predecessors, (47), 42 states have call successors, (47) [2022-02-20 18:07:26,261 INFO L87 Difference]: Start difference. First operand 302 states. Second operand has 293 states, 216 states have (on average 1.3425925925925926) internal successors, (290), 243 states have internal predecessors, (290), 42 states have call successors, (42), 34 states have call predecessors, (42), 34 states have return successors, (47), 30 states have call predecessors, (47), 42 states have call successors, (47) [2022-02-20 18:07:26,268 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,269 INFO L93 Difference]: Finished difference Result 302 states and 389 transitions. [2022-02-20 18:07:26,269 INFO L276 IsEmpty]: Start isEmpty. Operand 302 states and 389 transitions. [2022-02-20 18:07:26,270 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:26,270 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:26,270 INFO L74 IsIncluded]: Start isIncluded. First operand has 293 states, 216 states have (on average 1.3425925925925926) internal successors, (290), 243 states have internal predecessors, (290), 42 states have call successors, (42), 34 states have call predecessors, (42), 34 states have return successors, (47), 30 states have call predecessors, (47), 42 states have call successors, (47) Second operand 302 states. [2022-02-20 18:07:26,271 INFO L87 Difference]: Start difference. First operand has 293 states, 216 states have (on average 1.3425925925925926) internal successors, (290), 243 states have internal predecessors, (290), 42 states have call successors, (42), 34 states have call predecessors, (42), 34 states have return successors, (47), 30 states have call predecessors, (47), 42 states have call successors, (47) Second operand 302 states. [2022-02-20 18:07:26,279 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,279 INFO L93 Difference]: Finished difference Result 302 states and 389 transitions. [2022-02-20 18:07:26,279 INFO L276 IsEmpty]: Start isEmpty. Operand 302 states and 389 transitions. [2022-02-20 18:07:26,280 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:26,280 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:26,280 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:26,280 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:26,281 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 293 states, 216 states have (on average 1.3425925925925926) internal successors, (290), 243 states have internal predecessors, (290), 42 states have call successors, (42), 34 states have call predecessors, (42), 34 states have return successors, (47), 30 states have call predecessors, (47), 42 states have call successors, (47) [2022-02-20 18:07:26,289 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 293 states to 293 states and 379 transitions. [2022-02-20 18:07:26,289 INFO L78 Accepts]: Start accepts. Automaton has 293 states and 379 transitions. Word has length 35 [2022-02-20 18:07:26,289 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:26,290 INFO L470 AbstractCegarLoop]: Abstraction has 293 states and 379 transitions. [2022-02-20 18:07:26,290 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.0) internal successors, (30), 5 states have internal predecessors, (30), 1 states have call successors, (3), 2 states have call predecessors, (3), 2 states have return successors, (2), 2 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:26,290 INFO L276 IsEmpty]: Start isEmpty. Operand 293 states and 379 transitions. [2022-02-20 18:07:26,291 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 40 [2022-02-20 18:07:26,291 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:26,291 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:26,291 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:07:26,291 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:26,292 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:26,292 INFO L85 PathProgramCache]: Analyzing trace with hash -64139020, now seen corresponding path program 1 times [2022-02-20 18:07:26,292 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:26,292 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1804122472] [2022-02-20 18:07:26,292 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:26,292 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:26,310 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:26,347 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:07:26,349 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:26,353 INFO L290 TraceCheckUtils]: 0: Hoare triple {3476#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3463#true} is VALID [2022-02-20 18:07:26,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {3463#true} assume true; {3463#true} is VALID [2022-02-20 18:07:26,353 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3463#true} {3465#(= ~pumpRunning~0 0)} #225#return; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,354 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:07:26,355 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:26,360 INFO L290 TraceCheckUtils]: 0: Hoare triple {3463#true} assume true; {3463#true} is VALID [2022-02-20 18:07:26,361 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {3463#true} {3465#(= ~pumpRunning~0 0)} #215#return; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,361 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-02-20 18:07:26,370 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:26,374 INFO L290 TraceCheckUtils]: 0: Hoare triple {3463#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {3463#true} is VALID [2022-02-20 18:07:26,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {3463#true} assume true; {3463#true} is VALID [2022-02-20 18:07:26,375 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3463#true} {3465#(= ~pumpRunning~0 0)} #217#return; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {3463#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {3465#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret32#1, main_~retValue_acc~6#1, main_~tmp~3#1;havoc main_~retValue_acc~6#1;havoc main_~tmp~3#1;assume { :begin_inline_select_helpers } true; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,376 INFO L290 TraceCheckUtils]: 2: Hoare triple {3465#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,376 INFO L290 TraceCheckUtils]: 3: Hoare triple {3465#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,377 INFO L290 TraceCheckUtils]: 4: Hoare triple {3465#(= ~pumpRunning~0 0)} main_#t~ret32#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret32#1 && main_#t~ret32#1 <= 2147483647;main_~tmp~3#1 := main_#t~ret32#1;havoc main_#t~ret32#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,377 INFO L290 TraceCheckUtils]: 5: Hoare triple {3465#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~3#1;assume { :begin_inline_setup } true; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,377 INFO L290 TraceCheckUtils]: 6: Hoare triple {3465#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,379 INFO L290 TraceCheckUtils]: 7: Hoare triple {3465#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet46#1, test_#t~nondet47#1, test_#t~nondet48#1, test_#t~nondet49#1, test_~splverifierCounter~0#1, test_~tmp~7#1, test_~tmp___0~2#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~7#1;havoc test_~tmp___0~2#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,380 INFO L290 TraceCheckUtils]: 8: Hoare triple {3465#(= ~pumpRunning~0 0)} assume !false; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,380 INFO L290 TraceCheckUtils]: 9: Hoare triple {3465#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,380 INFO L290 TraceCheckUtils]: 10: Hoare triple {3465#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet46#1 && test_#t~nondet46#1 <= 2147483647;test_~tmp~7#1 := test_#t~nondet46#1;havoc test_#t~nondet46#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,381 INFO L290 TraceCheckUtils]: 11: Hoare triple {3465#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~7#1); {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,381 INFO L290 TraceCheckUtils]: 12: Hoare triple {3465#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet47#1 && test_#t~nondet47#1 <= 2147483647;test_~tmp___0~2#1 := test_#t~nondet47#1;havoc test_#t~nondet47#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,381 INFO L290 TraceCheckUtils]: 13: Hoare triple {3465#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___0~2#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,382 INFO L272 TraceCheckUtils]: 14: Hoare triple {3465#(= ~pumpRunning~0 0)} call changeMethaneLevel(); {3476#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:26,382 INFO L290 TraceCheckUtils]: 15: Hoare triple {3476#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3463#true} is VALID [2022-02-20 18:07:26,382 INFO L290 TraceCheckUtils]: 16: Hoare triple {3463#true} assume true; {3463#true} is VALID [2022-02-20 18:07:26,384 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {3463#true} {3465#(= ~pumpRunning~0 0)} #225#return; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,385 INFO L290 TraceCheckUtils]: 18: Hoare triple {3465#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet48#1 && test_#t~nondet48#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet48#1;havoc test_#t~nondet48#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,385 INFO L290 TraceCheckUtils]: 19: Hoare triple {3465#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,385 INFO L272 TraceCheckUtils]: 20: Hoare triple {3465#(= ~pumpRunning~0 0)} call timeShift(); {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,386 INFO L290 TraceCheckUtils]: 21: Hoare triple {3465#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,386 INFO L290 TraceCheckUtils]: 22: Hoare triple {3465#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret35#1, processEnvironment_~tmp~5#1;havoc processEnvironment_~tmp~5#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,386 INFO L290 TraceCheckUtils]: 23: Hoare triple {3465#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,386 INFO L272 TraceCheckUtils]: 24: Hoare triple {3465#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {3463#true} is VALID [2022-02-20 18:07:26,386 INFO L290 TraceCheckUtils]: 25: Hoare triple {3463#true} assume true; {3463#true} is VALID [2022-02-20 18:07:26,387 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {3463#true} {3465#(= ~pumpRunning~0 0)} #215#return; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,387 INFO L290 TraceCheckUtils]: 27: Hoare triple {3465#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,387 INFO L290 TraceCheckUtils]: 28: Hoare triple {3465#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret33#1, __utac_acc__Specification2_spec__2_#t~ret34#1, __utac_acc__Specification2_spec__2_~tmp~4#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~4#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,388 INFO L272 TraceCheckUtils]: 29: Hoare triple {3465#(= ~pumpRunning~0 0)} call __utac_acc__Specification2_spec__2_#t~ret33#1 := isMethaneLevelCritical(); {3463#true} is VALID [2022-02-20 18:07:26,388 INFO L290 TraceCheckUtils]: 30: Hoare triple {3463#true} havoc ~retValue_acc~3;~retValue_acc~3 := ~methaneLevelCritical~0;#res := ~retValue_acc~3; {3463#true} is VALID [2022-02-20 18:07:26,388 INFO L290 TraceCheckUtils]: 31: Hoare triple {3463#true} assume true; {3463#true} is VALID [2022-02-20 18:07:26,388 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {3463#true} {3465#(= ~pumpRunning~0 0)} #217#return; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,398 INFO L290 TraceCheckUtils]: 33: Hoare triple {3465#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret33#1 && __utac_acc__Specification2_spec__2_#t~ret33#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~4#1 := __utac_acc__Specification2_spec__2_#t~ret33#1;havoc __utac_acc__Specification2_spec__2_#t~ret33#1; {3465#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:26,399 INFO L290 TraceCheckUtils]: 34: Hoare triple {3465#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~8#1;havoc isPumpRunning_~retValue_acc~8#1;isPumpRunning_~retValue_acc~8#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~8#1; {3474#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:07:26,399 INFO L290 TraceCheckUtils]: 35: Hoare triple {3474#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification2_spec__2_#t~ret34#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret34#1 && __utac_acc__Specification2_spec__2_#t~ret34#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret34#1;havoc __utac_acc__Specification2_spec__2_#t~ret34#1; {3475#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:07:26,400 INFO L290 TraceCheckUtils]: 36: Hoare triple {3475#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~0#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {3464#false} is VALID [2022-02-20 18:07:26,400 INFO L290 TraceCheckUtils]: 37: Hoare triple {3464#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {3464#false} is VALID [2022-02-20 18:07:26,400 INFO L290 TraceCheckUtils]: 38: Hoare triple {3464#false} assume !false; {3464#false} is VALID [2022-02-20 18:07:26,400 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:26,400 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:26,400 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1804122472] [2022-02-20 18:07:26,401 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1804122472] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:26,401 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:26,401 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:26,401 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [894901487] [2022-02-20 18:07:26,401 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:26,401 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 5 states have internal predecessors, (32), 1 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 39 [2022-02-20 18:07:26,401 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:26,402 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 5 states have internal predecessors, (32), 1 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:07:26,427 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 39 edges. 39 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:26,427 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:26,427 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:26,427 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:26,428 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:26,428 INFO L87 Difference]: Start difference. First operand 293 states and 379 transitions. Second operand has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 5 states have internal predecessors, (32), 1 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:07:26,648 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,649 INFO L93 Difference]: Finished difference Result 518 states and 675 transitions. [2022-02-20 18:07:26,649 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:26,649 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 5 states have internal predecessors, (32), 1 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 39 [2022-02-20 18:07:26,650 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:26,650 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 5 states have internal predecessors, (32), 1 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:07:26,651 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 137 transitions. [2022-02-20 18:07:26,651 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 5 states have internal predecessors, (32), 1 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:07:26,653 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 137 transitions. [2022-02-20 18:07:26,653 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 137 transitions. [2022-02-20 18:07:26,724 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 137 edges. 137 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:26,725 INFO L225 Difference]: With dead ends: 518 [2022-02-20 18:07:26,725 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:07:26,726 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:07:26,727 INFO L933 BasicCegarLoop]: 48 mSDtfsCounter, 50 mSDsluCounter, 80 mSDsCounter, 0 mSdLazyCounter, 71 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 51 SdHoareTripleChecker+Valid, 128 SdHoareTripleChecker+Invalid, 85 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 71 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:26,727 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [51 Valid, 128 Invalid, 85 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 71 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:07:26,727 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:07:26,727 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:07:26,727 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:26,728 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:26,728 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:26,728 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:26,728 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,728 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:07:26,728 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:26,728 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:26,728 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:26,729 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:07:26,729 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:07:26,729 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,729 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:07:26,729 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:26,729 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:26,729 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:26,729 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:26,729 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:26,730 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:26,730 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:07:26,730 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 39 [2022-02-20 18:07:26,730 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:26,730 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:07:26,730 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.333333333333333) internal successors, (32), 5 states have internal predecessors, (32), 1 states have call successors, (4), 3 states have call predecessors, (4), 1 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:07:26,731 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:26,731 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:26,732 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:07:26,733 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:07:26,734 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:07:27,176 INFO L861 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 736 743) the Hoare annotation is: true [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 736 743) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 736 743) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 695 701) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 695 701) the Hoare annotation is: true [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point L462-1(lines 458 469) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L854 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 458 469) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 458 469) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L854 garLoopResultBuilder]: At program point L717(line 717) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:27,177 INFO L854 garLoopResultBuilder]: At program point L713(line 713) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point L647(lines 647 657) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 671 694) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L858 garLoopResultBuilder]: For program point L643(lines 643 660) no Hoare annotation was computed. [2022-02-20 18:07:27,177 INFO L854 garLoopResultBuilder]: At program point L643-1(lines 635 663) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (= |timeShift___utac_acc__Specification2_spec__2_~tmp~4#1| 0) (not (= ~methaneLevelCritical~0 0))) (or .cse0 (= ~pumpRunning~0 0)))) [2022-02-20 18:07:27,177 INFO L854 garLoopResultBuilder]: At program point L722(line 722) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:07:27,177 INFO L854 garLoopResultBuilder]: At program point L722-1(lines 703 727) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L809(lines 809 813) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L648(lines 648 654) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L809-2(lines 809 813) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L854 garLoopResultBuilder]: At program point L516(lines 511 519) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:27,178 INFO L854 garLoopResultBuilder]: At program point L760(lines 755 763) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0))) (or .cse0 (and (= ~pumpRunning~0 0) (= |timeShift_isPumpRunning_#res#1| 0))))) [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L438(lines 438 442) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L854 garLoopResultBuilder]: At program point L438-2(lines 434 445) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L682-1(lines 682 688) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L711(lines 711 719) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L707(lines 707 724) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L854 garLoopResultBuilder]: At program point L641(line 641) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point L641-1(line 641) no Hoare annotation was computed. [2022-02-20 18:07:27,178 INFO L854 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:27,178 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 671 694) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:07:27,178 INFO L854 garLoopResultBuilder]: At program point L815(lines 800 818) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:27,178 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 671 694) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point L675-1(lines 674 693) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point L544(line 544) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 523 552) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 523 552) the Hoare annotation is: true [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point L537(lines 537 541) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L861 garLoopResultBuilder]: At program point L537-1(lines 537 541) the Hoare annotation is: true [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point L534(line 534) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L861 garLoopResultBuilder]: At program point L533-2(lines 533 547) the Hoare annotation is: true [2022-02-20 18:07:27,179 INFO L861 garLoopResultBuilder]: At program point L529(line 529) the Hoare annotation is: true [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point L529-1(line 529) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L861 garLoopResultBuilder]: At program point L548(lines 523 552) the Hoare annotation is: true [2022-02-20 18:07:27,179 INFO L861 garLoopResultBuilder]: At program point isMethaneLevelCriticalENTRY(lines 470 478) the Hoare annotation is: true [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 470 478) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 470 478) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point L865(lines 865 871) no Hoare annotation was computed. [2022-02-20 18:07:27,179 INFO L858 garLoopResultBuilder]: For program point L865-1(lines 865 871) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L890(lines 845 892) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L857(line 857) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L932(lines 927 935) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L924(lines 920 926) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L825(line 825) the Hoare annotation is: false [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point L846(lines 845 892) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point L875(lines 875 888) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L582(lines 578 584) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_main_~tmp~3#1| ~systemActive~0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point L611(lines 611 618) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L867(line 867) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point L611-2(lines 611 618) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:07:27,180 INFO L861 garLoopResultBuilder]: At program point L896(lines 835 900) the Hoare annotation is: true [2022-02-20 18:07:27,180 INFO L854 garLoopResultBuilder]: At program point L632(lines 627 634) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_main_~tmp~3#1| ~systemActive~0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) [2022-02-20 18:07:27,180 INFO L858 garLoopResultBuilder]: For program point L855(lines 855 861) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L858 garLoopResultBuilder]: For program point L855-1(lines 855 861) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L854 garLoopResultBuilder]: At program point L917(lines 913 919) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0)) [2022-02-20 18:07:27,181 INFO L861 garLoopResultBuilder]: At program point L595(lines 587 597) the Hoare annotation is: true [2022-02-20 18:07:27,181 INFO L858 garLoopResultBuilder]: For program point L847(lines 847 851) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L861 garLoopResultBuilder]: At program point L620(lines 601 623) the Hoare annotation is: true [2022-02-20 18:07:27,181 INFO L854 garLoopResultBuilder]: At program point L831(lines 819 833) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:27,181 INFO L854 garLoopResultBuilder]: At program point L893(lines 844 894) the Hoare annotation is: false [2022-02-20 18:07:27,181 INFO L858 garLoopResultBuilder]: For program point L823(lines 823 829) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L858 garLoopResultBuilder]: For program point L823-1(lines 823 829) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L858 garLoopResultBuilder]: For program point L881(lines 881 887) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L854 garLoopResultBuilder]: At program point L881-2(lines 875 888) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:27,181 INFO L858 garLoopResultBuilder]: For program point L450-1(lines 446 457) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 446 457) no Hoare annotation was computed. [2022-02-20 18:07:27,181 INFO L861 garLoopResultBuilder]: At program point waterRiseENTRY(lines 446 457) the Hoare annotation is: true [2022-02-20 18:07:27,183 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1] [2022-02-20 18:07:27,184 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:07:27,186 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:07:27,186 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L675-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L675-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L675-1 has no Hoare annotation [2022-02-20 18:07:27,187 WARN L170 areAnnotationChecker]: L529-1 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L682-1 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L675-1 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L707 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L707 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L682-1 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: L529-1 has no Hoare annotation [2022-02-20 18:07:27,188 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L823-1 has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L865-1 has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L809 has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L534 has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L855-1 has no Hoare annotation [2022-02-20 18:07:27,189 WARN L170 areAnnotationChecker]: L875 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L875 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L809 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L809 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L534 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L643 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L643 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L611 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L865 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L865 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L881 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L881 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L809-2 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L537 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L537 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: L647 has no Hoare annotation [2022-02-20 18:07:27,190 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:07:27,191 WARN L170 areAnnotationChecker]: L611 has no Hoare annotation [2022-02-20 18:07:27,191 WARN L170 areAnnotationChecker]: L611 has no Hoare annotation [2022-02-20 18:07:27,191 WARN L170 areAnnotationChecker]: L865-1 has no Hoare annotation [2022-02-20 18:07:27,191 WARN L170 areAnnotationChecker]: L846 has no Hoare annotation [2022-02-20 18:07:27,191 WARN L170 areAnnotationChecker]: L823 has no Hoare annotation [2022-02-20 18:07:27,191 WARN L170 areAnnotationChecker]: L823 has no Hoare annotation [2022-02-20 18:07:27,191 WARN L170 areAnnotationChecker]: L711 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L544 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L647 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L647 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L611-2 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L846 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L846 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L823-1 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L711 has no Hoare annotation [2022-02-20 18:07:27,192 WARN L170 areAnnotationChecker]: L711 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L611-2 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L544 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L648 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L648 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L847 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:07:27,193 WARN L170 areAnnotationChecker]: L855 has no Hoare annotation [2022-02-20 18:07:27,194 WARN L170 areAnnotationChecker]: L855 has no Hoare annotation [2022-02-20 18:07:27,194 WARN L170 areAnnotationChecker]: L855-1 has no Hoare annotation [2022-02-20 18:07:27,194 INFO L163 areAnnotationChecker]: CFG has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:07:27,204 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:07:27 BoogieIcfgContainer [2022-02-20 18:07:27,204 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:07:27,205 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:07:27,205 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:07:27,205 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:07:27,205 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:23" (3/4) ... [2022-02-20 18:07:27,207 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:07:27,210 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:07:27,210 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:07:27,210 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:07:27,210 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:07:27,210 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:07:27,210 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2022-02-20 18:07:27,211 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:07:27,214 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 49 nodes and edges [2022-02-20 18:07:27,215 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:07:27,215 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:07:27,215 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:07:27,215 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:07:27,215 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:07:27,216 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:07:27,230 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive [2022-02-20 18:07:27,230 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && tmp == systemActive) && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive [2022-02-20 18:07:27,230 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && tmp == systemActive) && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive [2022-02-20 18:07:27,231 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:07:27,231 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) [2022-02-20 18:07:27,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || tmp == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || pumpRunning == 0) [2022-02-20 18:07:27,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) [2022-02-20 18:07:27,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:07:27,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:07:27,232 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:07:27,244 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:07:27,244 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:07:27,245 INFO L158 Benchmark]: Toolchain (without parser) took 4314.19ms. Allocated memory was 94.4MB in the beginning and 136.3MB in the end (delta: 41.9MB). Free memory was 62.2MB in the beginning and 69.1MB in the end (delta: -6.9MB). Peak memory consumption was 34.5MB. Max. memory is 16.1GB. [2022-02-20 18:07:27,245 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 94.4MB. Free memory is still 49.1MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:07:27,246 INFO L158 Benchmark]: CACSL2BoogieTranslator took 382.30ms. Allocated memory is still 94.4MB. Free memory was 62.0MB in the beginning and 59.5MB in the end (delta: 2.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:07:27,246 INFO L158 Benchmark]: Boogie Procedure Inliner took 62.13ms. Allocated memory is still 94.4MB. Free memory was 59.5MB in the beginning and 56.9MB in the end (delta: 2.6MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:07:27,246 INFO L158 Benchmark]: Boogie Preprocessor took 41.19ms. Allocated memory is still 94.4MB. Free memory was 56.9MB in the beginning and 55.3MB in the end (delta: 1.6MB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:07:27,246 INFO L158 Benchmark]: RCFGBuilder took 504.29ms. Allocated memory was 94.4MB in the beginning and 113.2MB in the end (delta: 18.9MB). Free memory was 55.3MB in the beginning and 81.8MB in the end (delta: -26.5MB). Peak memory consumption was 17.3MB. Max. memory is 16.1GB. [2022-02-20 18:07:27,246 INFO L158 Benchmark]: TraceAbstraction took 3279.38ms. Allocated memory was 113.2MB in the beginning and 136.3MB in the end (delta: 23.1MB). Free memory was 81.3MB in the beginning and 74.4MB in the end (delta: 6.9MB). Peak memory consumption was 53.5MB. Max. memory is 16.1GB. [2022-02-20 18:07:27,247 INFO L158 Benchmark]: Witness Printer took 39.90ms. Allocated memory is still 136.3MB. Free memory was 74.4MB in the beginning and 69.1MB in the end (delta: 5.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 18:07:27,248 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 94.4MB. Free memory is still 49.1MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 382.30ms. Allocated memory is still 94.4MB. Free memory was 62.0MB in the beginning and 59.5MB in the end (delta: 2.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 62.13ms. Allocated memory is still 94.4MB. Free memory was 59.5MB in the beginning and 56.9MB in the end (delta: 2.6MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 41.19ms. Allocated memory is still 94.4MB. Free memory was 56.9MB in the beginning and 55.3MB in the end (delta: 1.6MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 504.29ms. Allocated memory was 94.4MB in the beginning and 113.2MB in the end (delta: 18.9MB). Free memory was 55.3MB in the beginning and 81.8MB in the end (delta: -26.5MB). Peak memory consumption was 17.3MB. Max. memory is 16.1GB. * TraceAbstraction took 3279.38ms. Allocated memory was 113.2MB in the beginning and 136.3MB in the end (delta: 23.1MB). Free memory was 81.3MB in the beginning and 74.4MB in the end (delta: 6.9MB). Peak memory consumption was 53.5MB. Max. memory is 16.1GB. * Witness Printer took 39.90ms. Allocated memory is still 136.3MB. Free memory was 74.4MB in the beginning and 69.1MB in the end (delta: 5.2MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 82 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.2s, OverallIterations: 5, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 1.8s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.4s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 341 SdHoareTripleChecker+Valid, 0.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 334 mSDsluCounter, 1149 SdHoareTripleChecker+Invalid, 0.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 730 mSDsCounter, 47 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 191 IncrementalHoareTripleChecker+Invalid, 238 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 47 mSolverCounterUnsat, 419 mSDtfsCounter, 191 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 44 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=293occurred in iteration=4, InterpolantAutomatonStates: 25, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 5 MinimizatonAttempts, 15 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 37 LocationsWithAnnotation, 371 PreInvPairs, 437 NumberOfFragments, 231 HoareAnnotationTreeSize, 371 FomulaSimplifications, 52 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 37 FomulaSimplificationsInter, 1632 FormulaSimplificationTreeSizeReductionInter, 0.3s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.4s InterpolantComputationTime, 155 NumberOfCodeBlocks, 155 NumberOfCodeBlocksAsserted, 5 NumberOfCheckSat, 150 ConstructedInterpolants, 0 QuantifiedInterpolants, 315 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 5 InterpolantComputations, 5 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 845]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 920]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive - InvariantResult [Line: 755]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) - InvariantResult [Line: 434]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 601]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 819]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 533]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 511]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 835]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 913]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive - InvariantResult [Line: 627]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && tmp == systemActive) && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive - InvariantResult [Line: 703]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) - InvariantResult [Line: 578]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && tmp == systemActive) && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive - InvariantResult [Line: 844]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 523]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 635]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || tmp == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || pumpRunning == 0) - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 927]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && 1 == systemActive) && \result == systemActive - InvariantResult [Line: 800]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 587]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-02-20 18:07:27,282 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE