./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec2_product24.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec2_product24.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 4ef00a1384831ff7ef4c918e957ad9d5bbb60c08f91b05efbf00076fbc049000 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:07:23,256 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:07:23,263 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:07:23,305 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:07:23,306 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:07:23,309 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:07:23,310 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:07:23,312 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:07:23,314 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:07:23,319 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:07:23,320 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:07:23,321 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:07:23,321 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:07:23,324 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:07:23,325 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:07:23,328 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:07:23,329 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:07:23,330 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:07:23,332 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:07:23,339 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:07:23,340 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:07:23,341 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:07:23,342 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:07:23,343 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:07:23,348 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:07:23,349 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:07:23,349 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:07:23,350 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:07:23,351 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:07:23,351 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:07:23,352 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:07:23,352 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:07:23,354 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:07:23,355 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:07:23,356 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:07:23,356 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:07:23,356 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:07:23,357 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:07:23,357 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:07:23,357 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:07:23,358 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:07:23,360 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:07:23,386 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:07:23,386 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:07:23,387 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:07:23,387 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:07:23,388 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:07:23,388 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:07:23,388 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:07:23,388 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:07:23,389 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:07:23,389 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:07:23,390 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:07:23,390 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:07:23,390 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:07:23,390 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:07:23,390 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:07:23,390 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:07:23,391 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:07:23,391 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:07:23,391 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:07:23,391 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:07:23,391 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:07:23,392 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:07:23,392 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:07:23,392 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:07:23,392 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:23,392 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:07:23,392 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:07:23,393 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:07:23,393 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:07:23,393 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:07:23,393 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:07:23,393 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:07:23,394 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:07:23,394 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 4ef00a1384831ff7ef4c918e957ad9d5bbb60c08f91b05efbf00076fbc049000 [2022-02-20 18:07:23,615 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:07:23,635 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:07:23,637 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:07:23,638 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:07:23,638 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:07:23,639 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec2_product24.cil.c [2022-02-20 18:07:23,696 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3ddfbbd70/7b726694b693412890b3fcc13b17dbc5/FLAG1c50790ef [2022-02-20 18:07:24,123 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:07:24,123 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product24.cil.c [2022-02-20 18:07:24,134 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3ddfbbd70/7b726694b693412890b3fcc13b17dbc5/FLAG1c50790ef [2022-02-20 18:07:24,490 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3ddfbbd70/7b726694b693412890b3fcc13b17dbc5 [2022-02-20 18:07:24,492 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:07:24,493 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:07:24,494 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:24,495 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:07:24,497 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:07:24,498 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:24,500 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@49c9d87c and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24, skipping insertion in model container [2022-02-20 18:07:24,500 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:24,506 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:07:24,542 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:07:24,805 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product24.cil.c[17451,17464] [2022-02-20 18:07:24,817 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:24,834 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:07:24,921 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product24.cil.c[17451,17464] [2022-02-20 18:07:24,926 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:24,943 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:07:24,943 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24 WrapperNode [2022-02-20 18:07:24,943 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:24,944 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:24,944 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:07:24,944 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:07:24,952 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:24,968 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:24,996 INFO L137 Inliner]: procedures = 56, calls = 157, calls flagged for inlining = 22, calls inlined = 19, statements flattened = 247 [2022-02-20 18:07:24,997 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:24,997 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:07:24,998 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:07:24,998 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:07:25,005 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,005 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,008 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,008 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,014 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,019 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,020 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,023 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:07:25,023 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:07:25,024 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:07:25,024 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:07:25,025 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (1/1) ... [2022-02-20 18:07:25,030 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:25,050 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:25,069 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:07:25,090 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:07:25,111 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:07:25,112 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:07:25,112 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:07:25,112 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:07:25,112 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:07:25,112 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:07:25,113 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:07:25,113 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:07:25,114 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:07:25,115 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:07:25,115 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:07:25,115 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:07:25,115 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:07:25,115 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:07:25,116 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:07:25,116 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:07:25,116 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:07:25,116 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:07:25,116 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:07:25,116 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:07:25,209 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:07:25,210 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:07:25,678 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:07:25,686 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:07:25,687 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:07:25,688 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:25 BoogieIcfgContainer [2022-02-20 18:07:25,689 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:07:25,690 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:07:25,690 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:07:25,694 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:07:25,694 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:07:24" (1/3) ... [2022-02-20 18:07:25,695 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6c4cc9be and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:25, skipping insertion in model container [2022-02-20 18:07:25,695 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:24" (2/3) ... [2022-02-20 18:07:25,695 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@6c4cc9be and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:25, skipping insertion in model container [2022-02-20 18:07:25,696 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:25" (3/3) ... [2022-02-20 18:07:25,699 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec2_product24.cil.c [2022-02-20 18:07:25,704 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:07:25,704 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:07:25,746 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:07:25,751 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:07:25,751 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:07:25,770 INFO L276 IsEmpty]: Start isEmpty. Operand has 94 states, 69 states have (on average 1.3768115942028984) internal successors, (95), 78 states have internal predecessors, (95), 15 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (15), 11 states have call predecessors, (15), 15 states have call successors, (15) [2022-02-20 18:07:25,780 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:07:25,780 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:25,781 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:25,782 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:25,786 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:25,786 INFO L85 PathProgramCache]: Analyzing trace with hash 1705763640, now seen corresponding path program 1 times [2022-02-20 18:07:25,794 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:25,794 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1946991940] [2022-02-20 18:07:25,795 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:25,796 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:25,920 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:25,991 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:07:25,998 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:26,010 INFO L290 TraceCheckUtils]: 0: Hoare triple {97#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {97#true} is VALID [2022-02-20 18:07:26,011 INFO L290 TraceCheckUtils]: 1: Hoare triple {97#true} assume true; {97#true} is VALID [2022-02-20 18:07:26,011 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {97#true} {98#false} #246#return; {98#false} is VALID [2022-02-20 18:07:26,014 INFO L290 TraceCheckUtils]: 0: Hoare triple {97#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {97#true} is VALID [2022-02-20 18:07:26,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {97#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {97#true} is VALID [2022-02-20 18:07:26,019 INFO L290 TraceCheckUtils]: 2: Hoare triple {97#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {97#true} is VALID [2022-02-20 18:07:26,019 INFO L290 TraceCheckUtils]: 3: Hoare triple {97#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {97#true} is VALID [2022-02-20 18:07:26,020 INFO L290 TraceCheckUtils]: 4: Hoare triple {97#true} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {97#true} is VALID [2022-02-20 18:07:26,020 INFO L290 TraceCheckUtils]: 5: Hoare triple {97#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {97#true} is VALID [2022-02-20 18:07:26,020 INFO L290 TraceCheckUtils]: 6: Hoare triple {97#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {97#true} is VALID [2022-02-20 18:07:26,021 INFO L290 TraceCheckUtils]: 7: Hoare triple {97#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {97#true} is VALID [2022-02-20 18:07:26,022 INFO L290 TraceCheckUtils]: 8: Hoare triple {97#true} assume false; {98#false} is VALID [2022-02-20 18:07:26,023 INFO L272 TraceCheckUtils]: 9: Hoare triple {98#false} call cleanup(); {98#false} is VALID [2022-02-20 18:07:26,023 INFO L290 TraceCheckUtils]: 10: Hoare triple {98#false} havoc ~i~0;havoc ~__cil_tmp2~0; {98#false} is VALID [2022-02-20 18:07:26,023 INFO L272 TraceCheckUtils]: 11: Hoare triple {98#false} call timeShift(); {98#false} is VALID [2022-02-20 18:07:26,023 INFO L290 TraceCheckUtils]: 12: Hoare triple {98#false} assume !(0 != ~pumpRunning~0); {98#false} is VALID [2022-02-20 18:07:26,024 INFO L290 TraceCheckUtils]: 13: Hoare triple {98#false} assume !(0 != ~systemActive~0); {98#false} is VALID [2022-02-20 18:07:26,024 INFO L290 TraceCheckUtils]: 14: Hoare triple {98#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret45#1, __utac_acc__Specification2_spec__2_#t~ret46#1, __utac_acc__Specification2_spec__2_~tmp~8#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~8#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {98#false} is VALID [2022-02-20 18:07:26,024 INFO L272 TraceCheckUtils]: 15: Hoare triple {98#false} call __utac_acc__Specification2_spec__2_#t~ret45#1 := isMethaneLevelCritical(); {97#true} is VALID [2022-02-20 18:07:26,025 INFO L290 TraceCheckUtils]: 16: Hoare triple {97#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {97#true} is VALID [2022-02-20 18:07:26,025 INFO L290 TraceCheckUtils]: 17: Hoare triple {97#true} assume true; {97#true} is VALID [2022-02-20 18:07:26,025 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {97#true} {98#false} #246#return; {98#false} is VALID [2022-02-20 18:07:26,025 INFO L290 TraceCheckUtils]: 19: Hoare triple {98#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret45#1 && __utac_acc__Specification2_spec__2_#t~ret45#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~8#1 := __utac_acc__Specification2_spec__2_#t~ret45#1;havoc __utac_acc__Specification2_spec__2_#t~ret45#1; {98#false} is VALID [2022-02-20 18:07:26,026 INFO L290 TraceCheckUtils]: 20: Hoare triple {98#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {98#false} is VALID [2022-02-20 18:07:26,026 INFO L290 TraceCheckUtils]: 21: Hoare triple {98#false} __utac_acc__Specification2_spec__2_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret46#1 && __utac_acc__Specification2_spec__2_#t~ret46#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret46#1;havoc __utac_acc__Specification2_spec__2_#t~ret46#1; {98#false} is VALID [2022-02-20 18:07:26,027 INFO L290 TraceCheckUtils]: 22: Hoare triple {98#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {98#false} is VALID [2022-02-20 18:07:26,027 INFO L290 TraceCheckUtils]: 23: Hoare triple {98#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {98#false} is VALID [2022-02-20 18:07:26,027 INFO L290 TraceCheckUtils]: 24: Hoare triple {98#false} assume !false; {98#false} is VALID [2022-02-20 18:07:26,028 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:26,028 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:26,028 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1946991940] [2022-02-20 18:07:26,029 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1946991940] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:26,029 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:26,030 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:07:26,031 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [635564672] [2022-02-20 18:07:26,032 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:26,036 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:26,038 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:26,041 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,090 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:26,091 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:07:26,091 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:26,118 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:07:26,118 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:26,122 INFO L87 Difference]: Start difference. First operand has 94 states, 69 states have (on average 1.3768115942028984) internal successors, (95), 78 states have internal predecessors, (95), 15 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (15), 11 states have call predecessors, (15), 15 states have call successors, (15) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,265 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,268 INFO L93 Difference]: Finished difference Result 179 states and 244 transitions. [2022-02-20 18:07:26,270 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:07:26,270 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:26,270 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:26,272 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,296 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 244 transitions. [2022-02-20 18:07:26,297 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,306 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 244 transitions. [2022-02-20 18:07:26,316 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 244 transitions. [2022-02-20 18:07:26,556 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 244 edges. 244 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:26,567 INFO L225 Difference]: With dead ends: 179 [2022-02-20 18:07:26,567 INFO L226 Difference]: Without dead ends: 85 [2022-02-20 18:07:26,570 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:26,573 INFO L933 BasicCegarLoop]: 119 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 119 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:26,574 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 119 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:26,589 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 85 states. [2022-02-20 18:07:26,604 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 85 to 85. [2022-02-20 18:07:26,604 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:26,606 INFO L82 GeneralOperation]: Start isEquivalent. First operand 85 states. Second operand has 85 states, 62 states have (on average 1.3064516129032258) internal successors, (81), 70 states have internal predecessors, (81), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:26,607 INFO L74 IsIncluded]: Start isIncluded. First operand 85 states. Second operand has 85 states, 62 states have (on average 1.3064516129032258) internal successors, (81), 70 states have internal predecessors, (81), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:26,608 INFO L87 Difference]: Start difference. First operand 85 states. Second operand has 85 states, 62 states have (on average 1.3064516129032258) internal successors, (81), 70 states have internal predecessors, (81), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:26,615 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,615 INFO L93 Difference]: Finished difference Result 85 states and 110 transitions. [2022-02-20 18:07:26,616 INFO L276 IsEmpty]: Start isEmpty. Operand 85 states and 110 transitions. [2022-02-20 18:07:26,617 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:26,617 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:26,618 INFO L74 IsIncluded]: Start isIncluded. First operand has 85 states, 62 states have (on average 1.3064516129032258) internal successors, (81), 70 states have internal predecessors, (81), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) Second operand 85 states. [2022-02-20 18:07:26,619 INFO L87 Difference]: Start difference. First operand has 85 states, 62 states have (on average 1.3064516129032258) internal successors, (81), 70 states have internal predecessors, (81), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) Second operand 85 states. [2022-02-20 18:07:26,625 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,625 INFO L93 Difference]: Finished difference Result 85 states and 110 transitions. [2022-02-20 18:07:26,625 INFO L276 IsEmpty]: Start isEmpty. Operand 85 states and 110 transitions. [2022-02-20 18:07:26,627 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:26,627 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:26,627 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:26,628 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:26,629 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 85 states, 62 states have (on average 1.3064516129032258) internal successors, (81), 70 states have internal predecessors, (81), 15 states have call successors, (15), 8 states have call predecessors, (15), 7 states have return successors, (14), 10 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:26,634 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 85 states to 85 states and 110 transitions. [2022-02-20 18:07:26,635 INFO L78 Accepts]: Start accepts. Automaton has 85 states and 110 transitions. Word has length 25 [2022-02-20 18:07:26,636 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:26,636 INFO L470 AbstractCegarLoop]: Abstraction has 85 states and 110 transitions. [2022-02-20 18:07:26,636 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,636 INFO L276 IsEmpty]: Start isEmpty. Operand 85 states and 110 transitions. [2022-02-20 18:07:26,643 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-02-20 18:07:26,643 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:26,644 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:26,644 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:07:26,644 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:26,645 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:26,648 INFO L85 PathProgramCache]: Analyzing trace with hash 153807758, now seen corresponding path program 1 times [2022-02-20 18:07:26,648 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:26,648 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [290310024] [2022-02-20 18:07:26,648 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:26,649 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:26,682 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:26,718 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 18:07:26,720 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:26,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {659#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {659#true} is VALID [2022-02-20 18:07:26,724 INFO L290 TraceCheckUtils]: 1: Hoare triple {659#true} assume true; {659#true} is VALID [2022-02-20 18:07:26,724 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {659#true} {660#false} #246#return; {660#false} is VALID [2022-02-20 18:07:26,724 INFO L290 TraceCheckUtils]: 0: Hoare triple {659#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {659#true} is VALID [2022-02-20 18:07:26,725 INFO L290 TraceCheckUtils]: 1: Hoare triple {659#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {659#true} is VALID [2022-02-20 18:07:26,725 INFO L290 TraceCheckUtils]: 2: Hoare triple {659#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {659#true} is VALID [2022-02-20 18:07:26,725 INFO L290 TraceCheckUtils]: 3: Hoare triple {659#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {659#true} is VALID [2022-02-20 18:07:26,725 INFO L290 TraceCheckUtils]: 4: Hoare triple {659#true} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {659#true} is VALID [2022-02-20 18:07:26,725 INFO L290 TraceCheckUtils]: 5: Hoare triple {659#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {659#true} is VALID [2022-02-20 18:07:26,726 INFO L290 TraceCheckUtils]: 6: Hoare triple {659#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {659#true} is VALID [2022-02-20 18:07:26,726 INFO L290 TraceCheckUtils]: 7: Hoare triple {659#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {661#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:26,727 INFO L290 TraceCheckUtils]: 8: Hoare triple {661#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {661#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:26,727 INFO L290 TraceCheckUtils]: 9: Hoare triple {661#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {660#false} is VALID [2022-02-20 18:07:26,727 INFO L272 TraceCheckUtils]: 10: Hoare triple {660#false} call cleanup(); {660#false} is VALID [2022-02-20 18:07:26,728 INFO L290 TraceCheckUtils]: 11: Hoare triple {660#false} havoc ~i~0;havoc ~__cil_tmp2~0; {660#false} is VALID [2022-02-20 18:07:26,728 INFO L272 TraceCheckUtils]: 12: Hoare triple {660#false} call timeShift(); {660#false} is VALID [2022-02-20 18:07:26,728 INFO L290 TraceCheckUtils]: 13: Hoare triple {660#false} assume !(0 != ~pumpRunning~0); {660#false} is VALID [2022-02-20 18:07:26,728 INFO L290 TraceCheckUtils]: 14: Hoare triple {660#false} assume !(0 != ~systemActive~0); {660#false} is VALID [2022-02-20 18:07:26,728 INFO L290 TraceCheckUtils]: 15: Hoare triple {660#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret45#1, __utac_acc__Specification2_spec__2_#t~ret46#1, __utac_acc__Specification2_spec__2_~tmp~8#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~8#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {660#false} is VALID [2022-02-20 18:07:26,728 INFO L272 TraceCheckUtils]: 16: Hoare triple {660#false} call __utac_acc__Specification2_spec__2_#t~ret45#1 := isMethaneLevelCritical(); {659#true} is VALID [2022-02-20 18:07:26,729 INFO L290 TraceCheckUtils]: 17: Hoare triple {659#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {659#true} is VALID [2022-02-20 18:07:26,729 INFO L290 TraceCheckUtils]: 18: Hoare triple {659#true} assume true; {659#true} is VALID [2022-02-20 18:07:26,729 INFO L284 TraceCheckUtils]: 19: Hoare quadruple {659#true} {660#false} #246#return; {660#false} is VALID [2022-02-20 18:07:26,729 INFO L290 TraceCheckUtils]: 20: Hoare triple {660#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret45#1 && __utac_acc__Specification2_spec__2_#t~ret45#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~8#1 := __utac_acc__Specification2_spec__2_#t~ret45#1;havoc __utac_acc__Specification2_spec__2_#t~ret45#1; {660#false} is VALID [2022-02-20 18:07:26,729 INFO L290 TraceCheckUtils]: 21: Hoare triple {660#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {660#false} is VALID [2022-02-20 18:07:26,730 INFO L290 TraceCheckUtils]: 22: Hoare triple {660#false} __utac_acc__Specification2_spec__2_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret46#1 && __utac_acc__Specification2_spec__2_#t~ret46#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret46#1;havoc __utac_acc__Specification2_spec__2_#t~ret46#1; {660#false} is VALID [2022-02-20 18:07:26,730 INFO L290 TraceCheckUtils]: 23: Hoare triple {660#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {660#false} is VALID [2022-02-20 18:07:26,730 INFO L290 TraceCheckUtils]: 24: Hoare triple {660#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {660#false} is VALID [2022-02-20 18:07:26,730 INFO L290 TraceCheckUtils]: 25: Hoare triple {660#false} assume !false; {660#false} is VALID [2022-02-20 18:07:26,730 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:26,739 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:26,739 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [290310024] [2022-02-20 18:07:26,740 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [290310024] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:26,740 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:26,740 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:26,742 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [377571662] [2022-02-20 18:07:26,742 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:26,743 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:26,744 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:26,744 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,766 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:26,766 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:26,767 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:26,767 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:26,768 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:26,768 INFO L87 Difference]: Start difference. First operand 85 states and 110 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,874 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:26,874 INFO L93 Difference]: Finished difference Result 130 states and 168 transitions. [2022-02-20 18:07:26,875 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:26,875 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:26,875 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:26,875 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,879 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 168 transitions. [2022-02-20 18:07:26,879 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:26,883 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 168 transitions. [2022-02-20 18:07:26,883 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 168 transitions. [2022-02-20 18:07:27,018 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 168 edges. 168 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:27,023 INFO L225 Difference]: With dead ends: 130 [2022-02-20 18:07:27,023 INFO L226 Difference]: Without dead ends: 76 [2022-02-20 18:07:27,029 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:27,030 INFO L933 BasicCegarLoop]: 97 mSDtfsCounter, 17 mSDsluCounter, 75 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 172 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:27,031 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 172 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:27,032 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 76 states. [2022-02-20 18:07:27,037 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 76 to 76. [2022-02-20 18:07:27,037 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:27,038 INFO L82 GeneralOperation]: Start isEquivalent. First operand 76 states. Second operand has 76 states, 56 states have (on average 1.3214285714285714) internal successors, (74), 64 states have internal predecessors, (74), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:07:27,038 INFO L74 IsIncluded]: Start isIncluded. First operand 76 states. Second operand has 76 states, 56 states have (on average 1.3214285714285714) internal successors, (74), 64 states have internal predecessors, (74), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:07:27,038 INFO L87 Difference]: Start difference. First operand 76 states. Second operand has 76 states, 56 states have (on average 1.3214285714285714) internal successors, (74), 64 states have internal predecessors, (74), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:07:27,042 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:27,042 INFO L93 Difference]: Finished difference Result 76 states and 98 transitions. [2022-02-20 18:07:27,042 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:07:27,043 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:27,043 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:27,043 INFO L74 IsIncluded]: Start isIncluded. First operand has 76 states, 56 states have (on average 1.3214285714285714) internal successors, (74), 64 states have internal predecessors, (74), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) Second operand 76 states. [2022-02-20 18:07:27,044 INFO L87 Difference]: Start difference. First operand has 76 states, 56 states have (on average 1.3214285714285714) internal successors, (74), 64 states have internal predecessors, (74), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) Second operand 76 states. [2022-02-20 18:07:27,047 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:27,047 INFO L93 Difference]: Finished difference Result 76 states and 98 transitions. [2022-02-20 18:07:27,047 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:07:27,048 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:27,048 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:27,048 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:27,048 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:27,049 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 76 states, 56 states have (on average 1.3214285714285714) internal successors, (74), 64 states have internal predecessors, (74), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:07:27,052 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 76 states to 76 states and 98 transitions. [2022-02-20 18:07:27,052 INFO L78 Accepts]: Start accepts. Automaton has 76 states and 98 transitions. Word has length 26 [2022-02-20 18:07:27,052 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:27,052 INFO L470 AbstractCegarLoop]: Abstraction has 76 states and 98 transitions. [2022-02-20 18:07:27,052 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:27,053 INFO L276 IsEmpty]: Start isEmpty. Operand 76 states and 98 transitions. [2022-02-20 18:07:27,053 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2022-02-20 18:07:27,053 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:27,054 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:27,054 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:07:27,054 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:27,054 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:27,055 INFO L85 PathProgramCache]: Analyzing trace with hash -1290936219, now seen corresponding path program 1 times [2022-02-20 18:07:27,055 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:27,055 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1458561451] [2022-02-20 18:07:27,055 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:27,055 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:27,102 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:27,186 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-02-20 18:07:27,188 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:27,191 INFO L290 TraceCheckUtils]: 0: Hoare triple {1118#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1118#true} is VALID [2022-02-20 18:07:27,191 INFO L290 TraceCheckUtils]: 1: Hoare triple {1118#true} assume true; {1118#true} is VALID [2022-02-20 18:07:27,191 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1118#true} {1119#false} #246#return; {1119#false} is VALID [2022-02-20 18:07:27,192 INFO L290 TraceCheckUtils]: 0: Hoare triple {1118#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {1118#true} is VALID [2022-02-20 18:07:27,192 INFO L290 TraceCheckUtils]: 1: Hoare triple {1118#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {1118#true} is VALID [2022-02-20 18:07:27,192 INFO L290 TraceCheckUtils]: 2: Hoare triple {1118#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1118#true} is VALID [2022-02-20 18:07:27,192 INFO L290 TraceCheckUtils]: 3: Hoare triple {1118#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1120#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:07:27,193 INFO L290 TraceCheckUtils]: 4: Hoare triple {1120#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {1121#(= |ULTIMATE.start_main_~tmp~7#1| 1)} is VALID [2022-02-20 18:07:27,193 INFO L290 TraceCheckUtils]: 5: Hoare triple {1121#(= |ULTIMATE.start_main_~tmp~7#1| 1)} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {1118#true} is VALID [2022-02-20 18:07:27,193 INFO L290 TraceCheckUtils]: 6: Hoare triple {1118#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {1118#true} is VALID [2022-02-20 18:07:27,193 INFO L290 TraceCheckUtils]: 7: Hoare triple {1118#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1118#true} is VALID [2022-02-20 18:07:27,194 INFO L290 TraceCheckUtils]: 8: Hoare triple {1118#true} assume !false; {1118#true} is VALID [2022-02-20 18:07:27,194 INFO L290 TraceCheckUtils]: 9: Hoare triple {1118#true} assume test_~splverifierCounter~0#1 < 4; {1118#true} is VALID [2022-02-20 18:07:27,194 INFO L290 TraceCheckUtils]: 10: Hoare triple {1118#true} assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {1118#true} is VALID [2022-02-20 18:07:27,194 INFO L290 TraceCheckUtils]: 11: Hoare triple {1118#true} assume !(0 != test_~tmp~3#1); {1118#true} is VALID [2022-02-20 18:07:27,194 INFO L290 TraceCheckUtils]: 12: Hoare triple {1118#true} assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {1118#true} is VALID [2022-02-20 18:07:27,195 INFO L290 TraceCheckUtils]: 13: Hoare triple {1118#true} assume !(0 != test_~tmp___0~1#1); {1118#true} is VALID [2022-02-20 18:07:27,195 INFO L290 TraceCheckUtils]: 14: Hoare triple {1118#true} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {1118#true} is VALID [2022-02-20 18:07:27,195 INFO L290 TraceCheckUtils]: 15: Hoare triple {1118#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {1122#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:27,196 INFO L290 TraceCheckUtils]: 16: Hoare triple {1122#(not (= 0 ~systemActive~0))} assume { :end_inline_startSystem } true; {1122#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:27,196 INFO L272 TraceCheckUtils]: 17: Hoare triple {1122#(not (= 0 ~systemActive~0))} call timeShift(); {1122#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:27,197 INFO L290 TraceCheckUtils]: 18: Hoare triple {1122#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {1122#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:27,197 INFO L290 TraceCheckUtils]: 19: Hoare triple {1122#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {1119#false} is VALID [2022-02-20 18:07:27,197 INFO L290 TraceCheckUtils]: 20: Hoare triple {1119#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret45#1, __utac_acc__Specification2_spec__2_#t~ret46#1, __utac_acc__Specification2_spec__2_~tmp~8#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~8#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1119#false} is VALID [2022-02-20 18:07:27,198 INFO L272 TraceCheckUtils]: 21: Hoare triple {1119#false} call __utac_acc__Specification2_spec__2_#t~ret45#1 := isMethaneLevelCritical(); {1118#true} is VALID [2022-02-20 18:07:27,198 INFO L290 TraceCheckUtils]: 22: Hoare triple {1118#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1118#true} is VALID [2022-02-20 18:07:27,198 INFO L290 TraceCheckUtils]: 23: Hoare triple {1118#true} assume true; {1118#true} is VALID [2022-02-20 18:07:27,198 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {1118#true} {1119#false} #246#return; {1119#false} is VALID [2022-02-20 18:07:27,198 INFO L290 TraceCheckUtils]: 25: Hoare triple {1119#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret45#1 && __utac_acc__Specification2_spec__2_#t~ret45#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~8#1 := __utac_acc__Specification2_spec__2_#t~ret45#1;havoc __utac_acc__Specification2_spec__2_#t~ret45#1; {1119#false} is VALID [2022-02-20 18:07:27,198 INFO L290 TraceCheckUtils]: 26: Hoare triple {1119#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1119#false} is VALID [2022-02-20 18:07:27,199 INFO L290 TraceCheckUtils]: 27: Hoare triple {1119#false} __utac_acc__Specification2_spec__2_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret46#1 && __utac_acc__Specification2_spec__2_#t~ret46#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret46#1;havoc __utac_acc__Specification2_spec__2_#t~ret46#1; {1119#false} is VALID [2022-02-20 18:07:27,199 INFO L290 TraceCheckUtils]: 28: Hoare triple {1119#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1119#false} is VALID [2022-02-20 18:07:27,199 INFO L290 TraceCheckUtils]: 29: Hoare triple {1119#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1119#false} is VALID [2022-02-20 18:07:27,199 INFO L290 TraceCheckUtils]: 30: Hoare triple {1119#false} assume !false; {1119#false} is VALID [2022-02-20 18:07:27,200 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:27,200 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:27,200 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1458561451] [2022-02-20 18:07:27,200 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1458561451] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:27,200 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:27,200 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:07:27,201 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [907899347] [2022-02-20 18:07:27,201 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:27,209 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:27,211 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:27,211 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:27,248 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:27,249 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:07:27,249 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:27,249 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:07:27,250 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:27,250 INFO L87 Difference]: Start difference. First operand 76 states and 98 transitions. Second operand has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:27,596 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:27,596 INFO L93 Difference]: Finished difference Result 187 states and 245 transitions. [2022-02-20 18:07:27,596 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:27,596 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:27,597 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:27,597 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:27,601 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 245 transitions. [2022-02-20 18:07:27,601 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:27,605 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 245 transitions. [2022-02-20 18:07:27,605 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 245 transitions. [2022-02-20 18:07:27,797 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 245 edges. 245 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:27,804 INFO L225 Difference]: With dead ends: 187 [2022-02-20 18:07:27,804 INFO L226 Difference]: Without dead ends: 119 [2022-02-20 18:07:27,806 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:07:27,814 INFO L933 BasicCegarLoop]: 110 mSDtfsCounter, 163 mSDsluCounter, 220 mSDsCounter, 0 mSdLazyCounter, 12 mSolverCounterSat, 21 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 163 SdHoareTripleChecker+Valid, 330 SdHoareTripleChecker+Invalid, 33 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 21 IncrementalHoareTripleChecker+Valid, 12 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:27,815 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [163 Valid, 330 Invalid, 33 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [21 Valid, 12 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:27,817 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 119 states. [2022-02-20 18:07:27,831 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 119 to 116. [2022-02-20 18:07:27,834 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:27,836 INFO L82 GeneralOperation]: Start isEquivalent. First operand 119 states. Second operand has 116 states, 86 states have (on average 1.3488372093023255) internal successors, (116), 97 states have internal predecessors, (116), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 12 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:07:27,837 INFO L74 IsIncluded]: Start isIncluded. First operand 119 states. Second operand has 116 states, 86 states have (on average 1.3488372093023255) internal successors, (116), 97 states have internal predecessors, (116), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 12 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:07:27,838 INFO L87 Difference]: Start difference. First operand 119 states. Second operand has 116 states, 86 states have (on average 1.3488372093023255) internal successors, (116), 97 states have internal predecessors, (116), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 12 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:07:27,844 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:27,844 INFO L93 Difference]: Finished difference Result 119 states and 153 transitions. [2022-02-20 18:07:27,844 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 153 transitions. [2022-02-20 18:07:27,845 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:27,845 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:27,847 INFO L74 IsIncluded]: Start isIncluded. First operand has 116 states, 86 states have (on average 1.3488372093023255) internal successors, (116), 97 states have internal predecessors, (116), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 12 states have call predecessors, (18), 17 states have call successors, (18) Second operand 119 states. [2022-02-20 18:07:27,848 INFO L87 Difference]: Start difference. First operand has 116 states, 86 states have (on average 1.3488372093023255) internal successors, (116), 97 states have internal predecessors, (116), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 12 states have call predecessors, (18), 17 states have call successors, (18) Second operand 119 states. [2022-02-20 18:07:27,852 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:27,853 INFO L93 Difference]: Finished difference Result 119 states and 153 transitions. [2022-02-20 18:07:27,853 INFO L276 IsEmpty]: Start isEmpty. Operand 119 states and 153 transitions. [2022-02-20 18:07:27,853 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:27,853 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:27,854 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:27,854 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:27,854 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 116 states, 86 states have (on average 1.3488372093023255) internal successors, (116), 97 states have internal predecessors, (116), 17 states have call successors, (17), 12 states have call predecessors, (17), 12 states have return successors, (18), 12 states have call predecessors, (18), 17 states have call successors, (18) [2022-02-20 18:07:27,859 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 116 states to 116 states and 151 transitions. [2022-02-20 18:07:27,859 INFO L78 Accepts]: Start accepts. Automaton has 116 states and 151 transitions. Word has length 31 [2022-02-20 18:07:27,860 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:27,860 INFO L470 AbstractCegarLoop]: Abstraction has 116 states and 151 transitions. [2022-02-20 18:07:27,860 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:27,860 INFO L276 IsEmpty]: Start isEmpty. Operand 116 states and 151 transitions. [2022-02-20 18:07:27,861 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-20 18:07:27,861 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:27,862 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:27,862 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:07:27,862 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:27,863 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:27,863 INFO L85 PathProgramCache]: Analyzing trace with hash -917206296, now seen corresponding path program 1 times [2022-02-20 18:07:27,863 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:27,864 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [759273998] [2022-02-20 18:07:27,864 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:27,864 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:27,917 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:28,001 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:07:28,004 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:28,019 INFO L290 TraceCheckUtils]: 0: Hoare triple {1802#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:28,019 INFO L290 TraceCheckUtils]: 1: Hoare triple {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:28,020 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1804#(= ~methaneLevelCritical~0 0)} #246#return; {1808#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret45#1| 0)} is VALID [2022-02-20 18:07:28,021 INFO L290 TraceCheckUtils]: 0: Hoare triple {1802#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,022 INFO L290 TraceCheckUtils]: 1: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,022 INFO L290 TraceCheckUtils]: 2: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,022 INFO L290 TraceCheckUtils]: 3: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,023 INFO L290 TraceCheckUtils]: 4: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,023 INFO L290 TraceCheckUtils]: 5: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,024 INFO L290 TraceCheckUtils]: 6: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,024 INFO L290 TraceCheckUtils]: 7: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,025 INFO L290 TraceCheckUtils]: 8: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume !false; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,025 INFO L290 TraceCheckUtils]: 9: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume test_~splverifierCounter~0#1 < 4; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,025 INFO L290 TraceCheckUtils]: 10: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,026 INFO L290 TraceCheckUtils]: 11: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp~3#1); {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,026 INFO L290 TraceCheckUtils]: 12: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,027 INFO L290 TraceCheckUtils]: 13: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___0~1#1); {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,027 INFO L290 TraceCheckUtils]: 14: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,031 INFO L290 TraceCheckUtils]: 15: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,032 INFO L290 TraceCheckUtils]: 16: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,032 INFO L290 TraceCheckUtils]: 17: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,033 INFO L290 TraceCheckUtils]: 18: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} ~systemActive~0 := 0; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,033 INFO L290 TraceCheckUtils]: 19: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume { :end_inline_stopSystem } true; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,033 INFO L272 TraceCheckUtils]: 20: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} call timeShift(); {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,034 INFO L290 TraceCheckUtils]: 21: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,034 INFO L290 TraceCheckUtils]: 22: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume !(0 != ~systemActive~0); {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,035 INFO L290 TraceCheckUtils]: 23: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret45#1, __utac_acc__Specification2_spec__2_#t~ret46#1, __utac_acc__Specification2_spec__2_~tmp~8#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~8#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1804#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:28,035 INFO L272 TraceCheckUtils]: 24: Hoare triple {1804#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification2_spec__2_#t~ret45#1 := isMethaneLevelCritical(); {1802#true} is VALID [2022-02-20 18:07:28,037 INFO L290 TraceCheckUtils]: 25: Hoare triple {1802#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:28,039 INFO L290 TraceCheckUtils]: 26: Hoare triple {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:28,040 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {1810#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1804#(= ~methaneLevelCritical~0 0)} #246#return; {1808#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret45#1| 0)} is VALID [2022-02-20 18:07:28,040 INFO L290 TraceCheckUtils]: 28: Hoare triple {1808#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret45#1| 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret45#1 && __utac_acc__Specification2_spec__2_#t~ret45#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~8#1 := __utac_acc__Specification2_spec__2_#t~ret45#1;havoc __utac_acc__Specification2_spec__2_#t~ret45#1; {1809#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~8#1| 0)} is VALID [2022-02-20 18:07:28,041 INFO L290 TraceCheckUtils]: 29: Hoare triple {1809#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~8#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1803#false} is VALID [2022-02-20 18:07:28,041 INFO L290 TraceCheckUtils]: 30: Hoare triple {1803#false} __utac_acc__Specification2_spec__2_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret46#1 && __utac_acc__Specification2_spec__2_#t~ret46#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret46#1;havoc __utac_acc__Specification2_spec__2_#t~ret46#1; {1803#false} is VALID [2022-02-20 18:07:28,041 INFO L290 TraceCheckUtils]: 31: Hoare triple {1803#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1803#false} is VALID [2022-02-20 18:07:28,041 INFO L290 TraceCheckUtils]: 32: Hoare triple {1803#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1803#false} is VALID [2022-02-20 18:07:28,041 INFO L290 TraceCheckUtils]: 33: Hoare triple {1803#false} assume !false; {1803#false} is VALID [2022-02-20 18:07:28,042 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:28,042 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:28,042 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [759273998] [2022-02-20 18:07:28,042 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [759273998] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:28,042 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:28,043 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:28,043 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [929366525] [2022-02-20 18:07:28,043 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:28,043 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:28,044 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:28,044 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:28,067 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:28,068 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:28,068 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:28,068 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:28,068 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:28,069 INFO L87 Difference]: Start difference. First operand 116 states and 151 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:28,412 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:28,412 INFO L93 Difference]: Finished difference Result 330 states and 440 transitions. [2022-02-20 18:07:28,412 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:07:28,412 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:28,413 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:28,413 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:28,417 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 278 transitions. [2022-02-20 18:07:28,417 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:28,421 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 278 transitions. [2022-02-20 18:07:28,422 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 278 transitions. [2022-02-20 18:07:28,628 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 278 edges. 278 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:28,637 INFO L225 Difference]: With dead ends: 330 [2022-02-20 18:07:28,637 INFO L226 Difference]: Without dead ends: 222 [2022-02-20 18:07:28,638 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:07:28,642 INFO L933 BasicCegarLoop]: 107 mSDtfsCounter, 66 mSDsluCounter, 373 mSDsCounter, 0 mSdLazyCounter, 50 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 69 SdHoareTripleChecker+Valid, 480 SdHoareTripleChecker+Invalid, 54 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 50 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:28,642 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [69 Valid, 480 Invalid, 54 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 50 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:07:28,643 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 222 states. [2022-02-20 18:07:28,659 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 222 to 216. [2022-02-20 18:07:28,659 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:28,660 INFO L82 GeneralOperation]: Start isEquivalent. First operand 222 states. Second operand has 216 states, 157 states have (on average 1.3312101910828025) internal successors, (209), 178 states have internal predecessors, (209), 34 states have call successors, (34), 24 states have call predecessors, (34), 24 states have return successors, (38), 24 states have call predecessors, (38), 34 states have call successors, (38) [2022-02-20 18:07:28,661 INFO L74 IsIncluded]: Start isIncluded. First operand 222 states. Second operand has 216 states, 157 states have (on average 1.3312101910828025) internal successors, (209), 178 states have internal predecessors, (209), 34 states have call successors, (34), 24 states have call predecessors, (34), 24 states have return successors, (38), 24 states have call predecessors, (38), 34 states have call successors, (38) [2022-02-20 18:07:28,661 INFO L87 Difference]: Start difference. First operand 222 states. Second operand has 216 states, 157 states have (on average 1.3312101910828025) internal successors, (209), 178 states have internal predecessors, (209), 34 states have call successors, (34), 24 states have call predecessors, (34), 24 states have return successors, (38), 24 states have call predecessors, (38), 34 states have call successors, (38) [2022-02-20 18:07:28,669 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:28,670 INFO L93 Difference]: Finished difference Result 222 states and 288 transitions. [2022-02-20 18:07:28,670 INFO L276 IsEmpty]: Start isEmpty. Operand 222 states and 288 transitions. [2022-02-20 18:07:28,671 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:28,671 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:28,672 INFO L74 IsIncluded]: Start isIncluded. First operand has 216 states, 157 states have (on average 1.3312101910828025) internal successors, (209), 178 states have internal predecessors, (209), 34 states have call successors, (34), 24 states have call predecessors, (34), 24 states have return successors, (38), 24 states have call predecessors, (38), 34 states have call successors, (38) Second operand 222 states. [2022-02-20 18:07:28,672 INFO L87 Difference]: Start difference. First operand has 216 states, 157 states have (on average 1.3312101910828025) internal successors, (209), 178 states have internal predecessors, (209), 34 states have call successors, (34), 24 states have call predecessors, (34), 24 states have return successors, (38), 24 states have call predecessors, (38), 34 states have call successors, (38) Second operand 222 states. [2022-02-20 18:07:28,680 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:28,680 INFO L93 Difference]: Finished difference Result 222 states and 288 transitions. [2022-02-20 18:07:28,680 INFO L276 IsEmpty]: Start isEmpty. Operand 222 states and 288 transitions. [2022-02-20 18:07:28,681 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:28,681 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:28,681 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:28,681 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:28,682 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 216 states, 157 states have (on average 1.3312101910828025) internal successors, (209), 178 states have internal predecessors, (209), 34 states have call successors, (34), 24 states have call predecessors, (34), 24 states have return successors, (38), 24 states have call predecessors, (38), 34 states have call successors, (38) [2022-02-20 18:07:28,690 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 216 states to 216 states and 281 transitions. [2022-02-20 18:07:28,690 INFO L78 Accepts]: Start accepts. Automaton has 216 states and 281 transitions. Word has length 34 [2022-02-20 18:07:28,690 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:28,691 INFO L470 AbstractCegarLoop]: Abstraction has 216 states and 281 transitions. [2022-02-20 18:07:28,691 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:28,691 INFO L276 IsEmpty]: Start isEmpty. Operand 216 states and 281 transitions. [2022-02-20 18:07:28,692 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:07:28,692 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:28,692 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:28,692 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:07:28,692 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:28,693 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:28,693 INFO L85 PathProgramCache]: Analyzing trace with hash 2070015524, now seen corresponding path program 1 times [2022-02-20 18:07:28,693 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:28,693 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1733716026] [2022-02-20 18:07:28,693 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:28,694 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:28,721 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:28,784 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:07:28,786 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:28,790 INFO L290 TraceCheckUtils]: 0: Hoare triple {3043#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3032#true} is VALID [2022-02-20 18:07:28,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {3032#true} assume true; {3032#true} is VALID [2022-02-20 18:07:28,791 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3032#true} {3034#(= ~pumpRunning~0 0)} #250#return; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,791 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:07:28,793 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:28,797 INFO L290 TraceCheckUtils]: 0: Hoare triple {3032#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {3032#true} is VALID [2022-02-20 18:07:28,798 INFO L290 TraceCheckUtils]: 1: Hoare triple {3032#true} assume true; {3032#true} is VALID [2022-02-20 18:07:28,798 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3032#true} {3034#(= ~pumpRunning~0 0)} #246#return; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,799 INFO L290 TraceCheckUtils]: 0: Hoare triple {3032#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,799 INFO L290 TraceCheckUtils]: 1: Hoare triple {3034#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,800 INFO L290 TraceCheckUtils]: 2: Hoare triple {3034#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,800 INFO L290 TraceCheckUtils]: 3: Hoare triple {3034#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,800 INFO L290 TraceCheckUtils]: 4: Hoare triple {3034#(= ~pumpRunning~0 0)} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,801 INFO L290 TraceCheckUtils]: 5: Hoare triple {3034#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,801 INFO L290 TraceCheckUtils]: 6: Hoare triple {3034#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,802 INFO L290 TraceCheckUtils]: 7: Hoare triple {3034#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,802 INFO L290 TraceCheckUtils]: 8: Hoare triple {3034#(= ~pumpRunning~0 0)} assume !false; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,803 INFO L290 TraceCheckUtils]: 9: Hoare triple {3034#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,803 INFO L290 TraceCheckUtils]: 10: Hoare triple {3034#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,806 INFO L290 TraceCheckUtils]: 11: Hoare triple {3034#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~3#1); {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,806 INFO L290 TraceCheckUtils]: 12: Hoare triple {3034#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,807 INFO L290 TraceCheckUtils]: 13: Hoare triple {3034#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___0~1#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,808 INFO L272 TraceCheckUtils]: 14: Hoare triple {3034#(= ~pumpRunning~0 0)} call changeMethaneLevel(); {3043#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:28,808 INFO L290 TraceCheckUtils]: 15: Hoare triple {3043#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3032#true} is VALID [2022-02-20 18:07:28,808 INFO L290 TraceCheckUtils]: 16: Hoare triple {3032#true} assume true; {3032#true} is VALID [2022-02-20 18:07:28,809 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {3032#true} {3034#(= ~pumpRunning~0 0)} #250#return; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,809 INFO L290 TraceCheckUtils]: 18: Hoare triple {3034#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,809 INFO L290 TraceCheckUtils]: 19: Hoare triple {3034#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet19#1 && test_#t~nondet19#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet19#1;havoc test_#t~nondet19#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,810 INFO L290 TraceCheckUtils]: 20: Hoare triple {3034#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,810 INFO L290 TraceCheckUtils]: 21: Hoare triple {3034#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,811 INFO L290 TraceCheckUtils]: 22: Hoare triple {3034#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,814 INFO L290 TraceCheckUtils]: 23: Hoare triple {3034#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,814 INFO L272 TraceCheckUtils]: 24: Hoare triple {3034#(= ~pumpRunning~0 0)} call timeShift(); {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,815 INFO L290 TraceCheckUtils]: 25: Hoare triple {3034#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,815 INFO L290 TraceCheckUtils]: 26: Hoare triple {3034#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,815 INFO L290 TraceCheckUtils]: 27: Hoare triple {3034#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret45#1, __utac_acc__Specification2_spec__2_#t~ret46#1, __utac_acc__Specification2_spec__2_~tmp~8#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~8#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,816 INFO L272 TraceCheckUtils]: 28: Hoare triple {3034#(= ~pumpRunning~0 0)} call __utac_acc__Specification2_spec__2_#t~ret45#1 := isMethaneLevelCritical(); {3032#true} is VALID [2022-02-20 18:07:28,816 INFO L290 TraceCheckUtils]: 29: Hoare triple {3032#true} havoc ~retValue_acc~9;~retValue_acc~9 := ~methaneLevelCritical~0;#res := ~retValue_acc~9; {3032#true} is VALID [2022-02-20 18:07:28,816 INFO L290 TraceCheckUtils]: 30: Hoare triple {3032#true} assume true; {3032#true} is VALID [2022-02-20 18:07:28,816 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {3032#true} {3034#(= ~pumpRunning~0 0)} #246#return; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,817 INFO L290 TraceCheckUtils]: 32: Hoare triple {3034#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret45#1 && __utac_acc__Specification2_spec__2_#t~ret45#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~8#1 := __utac_acc__Specification2_spec__2_#t~ret45#1;havoc __utac_acc__Specification2_spec__2_#t~ret45#1; {3034#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:28,817 INFO L290 TraceCheckUtils]: 33: Hoare triple {3034#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {3041#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:07:28,817 INFO L290 TraceCheckUtils]: 34: Hoare triple {3041#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification2_spec__2_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret46#1 && __utac_acc__Specification2_spec__2_#t~ret46#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret46#1;havoc __utac_acc__Specification2_spec__2_#t~ret46#1; {3042#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:07:28,818 INFO L290 TraceCheckUtils]: 35: Hoare triple {3042#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {3033#false} is VALID [2022-02-20 18:07:28,819 INFO L290 TraceCheckUtils]: 36: Hoare triple {3033#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {3033#false} is VALID [2022-02-20 18:07:28,819 INFO L290 TraceCheckUtils]: 37: Hoare triple {3033#false} assume !false; {3033#false} is VALID [2022-02-20 18:07:28,820 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:28,820 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:28,820 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1733716026] [2022-02-20 18:07:28,820 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1733716026] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:28,820 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:28,824 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:28,824 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [10424424] [2022-02-20 18:07:28,825 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:28,825 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 38 [2022-02-20 18:07:28,825 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:28,826 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:28,853 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 38 edges. 38 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:28,853 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:28,853 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:28,853 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:28,853 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:28,854 INFO L87 Difference]: Start difference. First operand 216 states and 281 transitions. Second operand has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:29,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:29,138 INFO L93 Difference]: Finished difference Result 376 states and 494 transitions. [2022-02-20 18:07:29,138 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:29,138 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 38 [2022-02-20 18:07:29,139 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:29,139 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:29,141 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 162 transitions. [2022-02-20 18:07:29,141 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:29,144 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 162 transitions. [2022-02-20 18:07:29,144 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 162 transitions. [2022-02-20 18:07:29,256 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 162 edges. 162 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:29,256 INFO L225 Difference]: With dead ends: 376 [2022-02-20 18:07:29,256 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:07:29,258 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:07:29,258 INFO L933 BasicCegarLoop]: 52 mSDtfsCounter, 55 mSDsluCounter, 83 mSDsCounter, 0 mSdLazyCounter, 83 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 56 SdHoareTripleChecker+Valid, 135 SdHoareTripleChecker+Invalid, 103 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 83 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:29,258 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [56 Valid, 135 Invalid, 103 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 83 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:07:29,259 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:07:29,259 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:07:29,259 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:29,259 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:29,259 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:29,260 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:29,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:29,260 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:07:29,260 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:29,260 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:29,260 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:29,260 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:07:29,260 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:07:29,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:29,260 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:07:29,261 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:29,261 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:29,261 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:29,261 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:29,261 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:29,261 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:29,261 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:07:29,261 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 38 [2022-02-20 18:07:29,261 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:29,262 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:07:29,262 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:29,262 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:29,262 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:29,264 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:07:29,264 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:07:29,266 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:07:29,854 INFO L861 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 156 163) the Hoare annotation is: true [2022-02-20 18:07:29,855 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 156 163) no Hoare annotation was computed. [2022-02-20 18:07:29,855 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 156 163) no Hoare annotation was computed. [2022-02-20 18:07:29,855 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 89 95) no Hoare annotation was computed. [2022-02-20 18:07:29,855 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 89 95) the Hoare annotation is: true [2022-02-20 18:07:29,855 INFO L854 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 913 924) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) [2022-02-20 18:07:29,855 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 913 924) no Hoare annotation was computed. [2022-02-20 18:07:29,855 INFO L858 garLoopResultBuilder]: For program point L917-1(lines 913 924) no Hoare annotation was computed. [2022-02-20 18:07:29,855 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 740 769) no Hoare annotation was computed. [2022-02-20 18:07:29,856 INFO L861 garLoopResultBuilder]: At program point L765(lines 740 769) the Hoare annotation is: true [2022-02-20 18:07:29,856 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 740 769) the Hoare annotation is: true [2022-02-20 18:07:29,856 INFO L858 garLoopResultBuilder]: For program point L761(line 761) no Hoare annotation was computed. [2022-02-20 18:07:29,856 INFO L858 garLoopResultBuilder]: For program point L754(lines 754 758) no Hoare annotation was computed. [2022-02-20 18:07:29,856 INFO L861 garLoopResultBuilder]: At program point L754-1(lines 754 758) the Hoare annotation is: true [2022-02-20 18:07:29,856 INFO L858 garLoopResultBuilder]: For program point L751(line 751) no Hoare annotation was computed. [2022-02-20 18:07:29,856 INFO L861 garLoopResultBuilder]: At program point L750-2(lines 750 764) the Hoare annotation is: true [2022-02-20 18:07:29,856 INFO L861 garLoopResultBuilder]: At program point L746(line 746) the Hoare annotation is: true [2022-02-20 18:07:29,856 INFO L858 garLoopResultBuilder]: For program point L746-1(line 746) no Hoare annotation was computed. [2022-02-20 18:07:29,856 INFO L861 garLoopResultBuilder]: At program point isMethaneLevelCriticalENTRY(lines 925 933) the Hoare annotation is: true [2022-02-20 18:07:29,856 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 925 933) no Hoare annotation was computed. [2022-02-20 18:07:29,857 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 925 933) no Hoare annotation was computed. [2022-02-20 18:07:29,857 INFO L854 garLoopResultBuilder]: At program point L853(line 853) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:07:29,857 INFO L858 garLoopResultBuilder]: For program point L853-1(line 853) no Hoare annotation was computed. [2022-02-20 18:07:29,857 INFO L854 garLoopResultBuilder]: At program point L180(lines 175 183) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (not (= ~methaneLevelCritical~0 0))) (or .cse0 (and (= ~pumpRunning~0 0) (= |timeShift_isPumpRunning_#res#1| 0))))) [2022-02-20 18:07:29,857 INFO L854 garLoopResultBuilder]: At program point L882(lines 877 884) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:29,857 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 65 88) no Hoare annotation was computed. [2022-02-20 18:07:29,857 INFO L858 garLoopResultBuilder]: For program point L69-1(lines 68 87) no Hoare annotation was computed. [2022-02-20 18:07:29,857 INFO L858 garLoopResultBuilder]: For program point L131(lines 131 139) no Hoare annotation was computed. [2022-02-20 18:07:29,860 INFO L858 garLoopResultBuilder]: For program point L127(lines 127 144) no Hoare annotation was computed. [2022-02-20 18:07:29,860 INFO L854 garLoopResultBuilder]: At program point L169(line 169) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:29,860 INFO L858 garLoopResultBuilder]: For program point L169-1(line 169) no Hoare annotation was computed. [2022-02-20 18:07:29,860 INFO L858 garLoopResultBuilder]: For program point L859(lines 859 869) no Hoare annotation was computed. [2022-02-20 18:07:29,861 INFO L858 garLoopResultBuilder]: For program point L855(lines 855 872) no Hoare annotation was computed. [2022-02-20 18:07:29,861 INFO L854 garLoopResultBuilder]: At program point L855-1(lines 847 875) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (= ~pumpRunning~0 0)) (or .cse0 (= |timeShift___utac_acc__Specification2_spec__2_~tmp~8#1| 0) (not (= ~methaneLevelCritical~0 0))))) [2022-02-20 18:07:29,861 INFO L854 garLoopResultBuilder]: At program point L137(line 137) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:29,861 INFO L854 garLoopResultBuilder]: At program point L133(line 133) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:29,861 INFO L858 garLoopResultBuilder]: For program point L893(lines 893 897) no Hoare annotation was computed. [2022-02-20 18:07:29,861 INFO L858 garLoopResultBuilder]: For program point L860(lines 860 866) no Hoare annotation was computed. [2022-02-20 18:07:29,862 INFO L854 garLoopResultBuilder]: At program point L893-2(lines 889 900) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:29,862 INFO L858 garLoopResultBuilder]: For program point L881(line 881) no Hoare annotation was computed. [2022-02-20 18:07:29,862 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 65 88) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0)) [2022-02-20 18:07:29,863 INFO L854 garLoopResultBuilder]: At program point L142(line 142) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:07:29,863 INFO L854 garLoopResultBuilder]: At program point L142-1(lines 123 147) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:07:29,863 INFO L854 garLoopResultBuilder]: At program point L171(lines 164 174) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:07:29,864 INFO L858 garLoopResultBuilder]: For program point L76-1(lines 76 82) no Hoare annotation was computed. [2022-02-20 18:07:29,864 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 65 88) no Hoare annotation was computed. [2022-02-20 18:07:29,865 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 881) no Hoare annotation was computed. [2022-02-20 18:07:29,865 INFO L861 garLoopResultBuilder]: At program point L832(lines 813 835) the Hoare annotation is: true [2022-02-20 18:07:29,865 INFO L861 garLoopResultBuilder]: At program point L329(lines 266 333) the Hoare annotation is: true [2022-02-20 18:07:29,865 INFO L858 garLoopResultBuilder]: For program point L296(lines 296 302) no Hoare annotation was computed. [2022-02-20 18:07:29,866 INFO L858 garLoopResultBuilder]: For program point L296-1(lines 296 302) no Hoare annotation was computed. [2022-02-20 18:07:29,866 INFO L854 garLoopResultBuilder]: At program point L259(lines 254 261) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (not (= 0 ~systemActive~0))) [2022-02-20 18:07:29,866 INFO L854 garLoopResultBuilder]: At program point L288(line 288) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:29,866 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:07:29,866 INFO L854 garLoopResultBuilder]: At program point L734(lines 729 737) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:07:29,866 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:07:29,867 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:07:29,867 INFO L854 garLoopResultBuilder]: At program point L251(lines 239 253) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:29,867 INFO L854 garLoopResultBuilder]: At program point L726(lines 722 728) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (not (= 0 ~systemActive~0))) [2022-02-20 18:07:29,867 INFO L858 garLoopResultBuilder]: For program point L243(lines 243 249) no Hoare annotation was computed. [2022-02-20 18:07:29,867 INFO L858 garLoopResultBuilder]: For program point L243-1(lines 243 249) no Hoare annotation was computed. [2022-02-20 18:07:29,867 INFO L854 garLoopResultBuilder]: At program point L326(lines 275 327) the Hoare annotation is: false [2022-02-20 18:07:29,868 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:07:29,868 INFO L858 garLoopResultBuilder]: For program point L314(lines 314 320) no Hoare annotation was computed. [2022-02-20 18:07:29,868 INFO L854 garLoopResultBuilder]: At program point L314-2(lines 306 321) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:29,868 INFO L858 garLoopResultBuilder]: For program point L277(lines 276 325) no Hoare annotation was computed. [2022-02-20 18:07:29,868 INFO L858 garLoopResultBuilder]: For program point L306(lines 306 321) no Hoare annotation was computed. [2022-02-20 18:07:29,869 INFO L854 garLoopResultBuilder]: At program point L719(lines 715 721) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (not (= 0 ~systemActive~0))) [2022-02-20 18:07:29,869 INFO L854 garLoopResultBuilder]: At program point L298(line 298) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:29,869 INFO L861 garLoopResultBuilder]: At program point L810(lines 802 812) the Hoare annotation is: true [2022-02-20 18:07:29,869 INFO L854 garLoopResultBuilder]: At program point L323(lines 276 325) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:07:29,869 INFO L854 garLoopResultBuilder]: At program point L798(lines 794 800) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:07:29,870 INFO L858 garLoopResultBuilder]: For program point L286(lines 286 292) no Hoare annotation was computed. [2022-02-20 18:07:29,870 INFO L858 garLoopResultBuilder]: For program point L286-1(lines 286 292) no Hoare annotation was computed. [2022-02-20 18:07:29,870 INFO L858 garLoopResultBuilder]: For program point L823(lines 823 830) no Hoare annotation was computed. [2022-02-20 18:07:29,870 INFO L858 garLoopResultBuilder]: For program point L278(lines 278 282) no Hoare annotation was computed. [2022-02-20 18:07:29,871 INFO L854 garLoopResultBuilder]: At program point L245(line 245) the Hoare annotation is: false [2022-02-20 18:07:29,871 INFO L858 garLoopResultBuilder]: For program point L823-2(lines 823 830) no Hoare annotation was computed. [2022-02-20 18:07:29,872 INFO L854 garLoopResultBuilder]: At program point L844(lines 839 846) the Hoare annotation is: (and (= |ULTIMATE.start_main_~tmp~7#1| 1) (= ~pumpRunning~0 0) (= ~methaneLevelCritical~0 0) (= |ULTIMATE.start_valid_product_#res#1| 1) (not (= 0 ~systemActive~0))) [2022-02-20 18:07:29,872 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 901 912) no Hoare annotation was computed. [2022-02-20 18:07:29,872 INFO L858 garLoopResultBuilder]: For program point L905-1(lines 901 912) no Hoare annotation was computed. [2022-02-20 18:07:29,872 INFO L861 garLoopResultBuilder]: At program point waterRiseENTRY(lines 901 912) the Hoare annotation is: true [2022-02-20 18:07:29,872 INFO L854 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 97 121) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (= 0 ~systemActive~0)) [2022-02-20 18:07:29,872 INFO L854 garLoopResultBuilder]: At program point L116(line 116) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (= 0 ~systemActive~0)) [2022-02-20 18:07:29,873 INFO L858 garLoopResultBuilder]: For program point L116-1(lines 97 121) no Hoare annotation was computed. [2022-02-20 18:07:29,873 INFO L854 garLoopResultBuilder]: At program point L971(lines 966 974) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:07:29,873 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 97 121) no Hoare annotation was computed. [2022-02-20 18:07:29,873 INFO L854 garLoopResultBuilder]: At program point L111(line 111) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:07:29,873 INFO L854 garLoopResultBuilder]: At program point L235(lines 220 238) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:07:29,874 INFO L854 garLoopResultBuilder]: At program point L107(line 107) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:07:29,874 INFO L858 garLoopResultBuilder]: For program point L105(lines 105 113) no Hoare annotation was computed. [2022-02-20 18:07:29,874 INFO L858 garLoopResultBuilder]: For program point L101(lines 101 118) no Hoare annotation was computed. [2022-02-20 18:07:29,874 INFO L858 garLoopResultBuilder]: For program point L229(lines 229 233) no Hoare annotation was computed. [2022-02-20 18:07:29,874 INFO L858 garLoopResultBuilder]: For program point L229-2(lines 229 233) no Hoare annotation was computed. [2022-02-20 18:07:29,878 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1] [2022-02-20 18:07:29,880 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:07:29,883 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:07:29,883 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:29,883 WARN L170 areAnnotationChecker]: L917-1 has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: L917-1 has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: L893 has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: L69-1 has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: L905-1 has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: L905-1 has no Hoare annotation [2022-02-20 18:07:29,884 WARN L170 areAnnotationChecker]: L101 has no Hoare annotation [2022-02-20 18:07:29,885 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:07:29,885 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:29,885 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:29,885 WARN L170 areAnnotationChecker]: L917-1 has no Hoare annotation [2022-02-20 18:07:29,885 WARN L170 areAnnotationChecker]: L746-1 has no Hoare annotation [2022-02-20 18:07:29,886 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:07:29,886 WARN L170 areAnnotationChecker]: L893 has no Hoare annotation [2022-02-20 18:07:29,886 WARN L170 areAnnotationChecker]: L893 has no Hoare annotation [2022-02-20 18:07:29,886 WARN L170 areAnnotationChecker]: L69-1 has no Hoare annotation [2022-02-20 18:07:29,886 WARN L170 areAnnotationChecker]: L69-1 has no Hoare annotation [2022-02-20 18:07:29,886 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:07:29,888 WARN L170 areAnnotationChecker]: L905-1 has no Hoare annotation [2022-02-20 18:07:29,888 WARN L170 areAnnotationChecker]: L101 has no Hoare annotation [2022-02-20 18:07:29,888 WARN L170 areAnnotationChecker]: L101 has no Hoare annotation [2022-02-20 18:07:29,888 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:07:29,888 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:07:29,889 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:07:29,889 WARN L170 areAnnotationChecker]: L116-1 has no Hoare annotation [2022-02-20 18:07:29,889 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:07:29,889 WARN L170 areAnnotationChecker]: L746-1 has no Hoare annotation [2022-02-20 18:07:29,889 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:07:29,889 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:07:29,889 WARN L170 areAnnotationChecker]: L69-1 has no Hoare annotation [2022-02-20 18:07:29,890 WARN L170 areAnnotationChecker]: L127 has no Hoare annotation [2022-02-20 18:07:29,890 WARN L170 areAnnotationChecker]: L127 has no Hoare annotation [2022-02-20 18:07:29,890 WARN L170 areAnnotationChecker]: L76-1 has no Hoare annotation [2022-02-20 18:07:29,890 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:07:29,890 WARN L170 areAnnotationChecker]: L229 has no Hoare annotation [2022-02-20 18:07:29,891 WARN L170 areAnnotationChecker]: L116-1 has no Hoare annotation [2022-02-20 18:07:29,891 WARN L170 areAnnotationChecker]: L76-1 has no Hoare annotation [2022-02-20 18:07:29,891 WARN L170 areAnnotationChecker]: L243-1 has no Hoare annotation [2022-02-20 18:07:29,891 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:07:29,891 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:07:29,891 WARN L170 areAnnotationChecker]: L296-1 has no Hoare annotation [2022-02-20 18:07:29,891 WARN L170 areAnnotationChecker]: L751 has no Hoare annotation [2022-02-20 18:07:29,892 WARN L170 areAnnotationChecker]: L169-1 has no Hoare annotation [2022-02-20 18:07:29,892 WARN L170 areAnnotationChecker]: L853-1 has no Hoare annotation [2022-02-20 18:07:29,892 WARN L170 areAnnotationChecker]: L169-1 has no Hoare annotation [2022-02-20 18:07:29,892 WARN L170 areAnnotationChecker]: L853-1 has no Hoare annotation [2022-02-20 18:07:29,893 WARN L170 areAnnotationChecker]: L286-1 has no Hoare annotation [2022-02-20 18:07:29,893 WARN L170 areAnnotationChecker]: L229 has no Hoare annotation [2022-02-20 18:07:29,893 WARN L170 areAnnotationChecker]: L229 has no Hoare annotation [2022-02-20 18:07:29,894 WARN L170 areAnnotationChecker]: L306 has no Hoare annotation [2022-02-20 18:07:29,894 WARN L170 areAnnotationChecker]: L306 has no Hoare annotation [2022-02-20 18:07:29,894 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:07:29,894 WARN L170 areAnnotationChecker]: L751 has no Hoare annotation [2022-02-20 18:07:29,894 WARN L170 areAnnotationChecker]: L131 has no Hoare annotation [2022-02-20 18:07:29,894 WARN L170 areAnnotationChecker]: L855 has no Hoare annotation [2022-02-20 18:07:29,894 WARN L170 areAnnotationChecker]: L855 has no Hoare annotation [2022-02-20 18:07:29,895 WARN L170 areAnnotationChecker]: L823 has no Hoare annotation [2022-02-20 18:07:29,895 WARN L170 areAnnotationChecker]: L296 has no Hoare annotation [2022-02-20 18:07:29,895 WARN L170 areAnnotationChecker]: L296 has no Hoare annotation [2022-02-20 18:07:29,895 WARN L170 areAnnotationChecker]: L229-2 has no Hoare annotation [2022-02-20 18:07:29,896 WARN L170 areAnnotationChecker]: L314 has no Hoare annotation [2022-02-20 18:07:29,896 WARN L170 areAnnotationChecker]: L314 has no Hoare annotation [2022-02-20 18:07:29,897 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:07:29,897 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:07:29,897 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:07:29,897 WARN L170 areAnnotationChecker]: L131 has no Hoare annotation [2022-02-20 18:07:29,897 WARN L170 areAnnotationChecker]: L131 has no Hoare annotation [2022-02-20 18:07:29,897 WARN L170 areAnnotationChecker]: L859 has no Hoare annotation [2022-02-20 18:07:29,898 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:07:29,898 WARN L170 areAnnotationChecker]: L823 has no Hoare annotation [2022-02-20 18:07:29,898 WARN L170 areAnnotationChecker]: L823 has no Hoare annotation [2022-02-20 18:07:29,898 WARN L170 areAnnotationChecker]: L296-1 has no Hoare annotation [2022-02-20 18:07:29,899 WARN L170 areAnnotationChecker]: L105 has no Hoare annotation [2022-02-20 18:07:29,899 WARN L170 areAnnotationChecker]: L277 has no Hoare annotation [2022-02-20 18:07:29,899 WARN L170 areAnnotationChecker]: L243 has no Hoare annotation [2022-02-20 18:07:29,900 WARN L170 areAnnotationChecker]: L243 has no Hoare annotation [2022-02-20 18:07:29,900 WARN L170 areAnnotationChecker]: L761 has no Hoare annotation [2022-02-20 18:07:29,900 WARN L170 areAnnotationChecker]: L859 has no Hoare annotation [2022-02-20 18:07:29,901 WARN L170 areAnnotationChecker]: L859 has no Hoare annotation [2022-02-20 18:07:29,901 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:07:29,901 WARN L170 areAnnotationChecker]: L823-2 has no Hoare annotation [2022-02-20 18:07:29,901 WARN L170 areAnnotationChecker]: L105 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L105 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L277 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L277 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L243-1 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L823-2 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L761 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L860 has no Hoare annotation [2022-02-20 18:07:29,902 WARN L170 areAnnotationChecker]: L860 has no Hoare annotation [2022-02-20 18:07:29,903 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:29,903 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:29,903 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:29,903 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:07:29,903 WARN L170 areAnnotationChecker]: L116-1 has no Hoare annotation [2022-02-20 18:07:29,904 WARN L170 areAnnotationChecker]: L116-1 has no Hoare annotation [2022-02-20 18:07:29,904 WARN L170 areAnnotationChecker]: L278 has no Hoare annotation [2022-02-20 18:07:29,904 WARN L170 areAnnotationChecker]: L881 has no Hoare annotation [2022-02-20 18:07:29,904 WARN L170 areAnnotationChecker]: L881 has no Hoare annotation [2022-02-20 18:07:29,904 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:07:29,904 WARN L170 areAnnotationChecker]: L286 has no Hoare annotation [2022-02-20 18:07:29,904 WARN L170 areAnnotationChecker]: L286 has no Hoare annotation [2022-02-20 18:07:29,905 WARN L170 areAnnotationChecker]: L286-1 has no Hoare annotation [2022-02-20 18:07:29,905 INFO L163 areAnnotationChecker]: CFG has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:07:29,921 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:07:29 BoogieIcfgContainer [2022-02-20 18:07:29,922 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:07:29,922 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:07:29,922 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:07:29,922 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:07:29,923 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:25" (3/4) ... [2022-02-20 18:07:29,925 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:07:29,929 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:07:29,929 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:07:29,929 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:07:29,929 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:07:29,930 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2022-02-20 18:07:29,930 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:07:29,930 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:07:29,930 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:07:29,936 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 50 nodes and edges [2022-02-20 18:07:29,936 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:07:29,937 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:07:29,937 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:07:29,937 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:07:29,938 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:07:29,938 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:07:29,957 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) [2022-02-20 18:07:29,957 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((tmp == 1 && pumpRunning == 0) && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) [2022-02-20 18:07:29,957 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((tmp == 1 && pumpRunning == 0) && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) [2022-02-20 18:07:29,957 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((tmp == 1 && pumpRunning == 0) && \result == 1) && splverifierCounter == 0 [2022-02-20 18:07:29,958 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:07:29,958 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) [2022-02-20 18:07:29,959 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((tmp == 1 && pumpRunning == 0) && \result == 1) && splverifierCounter == 0) && !(0 == systemActive) [2022-02-20 18:07:29,959 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || tmp == 0) || !(methaneLevelCritical == 0)) [2022-02-20 18:07:29,960 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:07:29,960 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((tmp == 1 && pumpRunning == 0) && \result == 1) && splverifierCounter == 0 [2022-02-20 18:07:29,960 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) [2022-02-20 18:07:29,960 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || 0 == systemActive [2022-02-20 18:07:29,960 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:07:29,961 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || 0 == systemActive [2022-02-20 18:07:29,981 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:07:29,981 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:07:29,982 INFO L158 Benchmark]: Toolchain (without parser) took 5489.17ms. Allocated memory was 102.8MB in the beginning and 157.3MB in the end (delta: 54.5MB). Free memory was 75.0MB in the beginning and 99.4MB in the end (delta: -24.4MB). Peak memory consumption was 28.6MB. Max. memory is 16.1GB. [2022-02-20 18:07:29,983 INFO L158 Benchmark]: CDTParser took 0.20ms. Allocated memory is still 79.7MB. Free memory is still 42.9MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:07:29,983 INFO L158 Benchmark]: CACSL2BoogieTranslator took 449.00ms. Allocated memory is still 102.8MB. Free memory was 74.7MB in the beginning and 68.1MB in the end (delta: 6.6MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:07:29,984 INFO L158 Benchmark]: Boogie Procedure Inliner took 52.89ms. Allocated memory is still 102.8MB. Free memory was 67.8MB in the beginning and 65.1MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:07:29,984 INFO L158 Benchmark]: Boogie Preprocessor took 25.26ms. Allocated memory is still 102.8MB. Free memory was 65.1MB in the beginning and 63.6MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:07:29,985 INFO L158 Benchmark]: RCFGBuilder took 665.56ms. Allocated memory is still 102.8MB. Free memory was 63.3MB in the beginning and 76.2MB in the end (delta: -12.9MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. [2022-02-20 18:07:29,985 INFO L158 Benchmark]: TraceAbstraction took 4231.33ms. Allocated memory was 102.8MB in the beginning and 157.3MB in the end (delta: 54.5MB). Free memory was 75.6MB in the beginning and 105.7MB in the end (delta: -30.1MB). Peak memory consumption was 67.2MB. Max. memory is 16.1GB. [2022-02-20 18:07:29,985 INFO L158 Benchmark]: Witness Printer took 59.24ms. Allocated memory is still 157.3MB. Free memory was 104.6MB in the beginning and 99.4MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:07:29,988 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.20ms. Allocated memory is still 79.7MB. Free memory is still 42.9MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 449.00ms. Allocated memory is still 102.8MB. Free memory was 74.7MB in the beginning and 68.1MB in the end (delta: 6.6MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 52.89ms. Allocated memory is still 102.8MB. Free memory was 67.8MB in the beginning and 65.1MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 25.26ms. Allocated memory is still 102.8MB. Free memory was 65.1MB in the beginning and 63.6MB in the end (delta: 1.5MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 665.56ms. Allocated memory is still 102.8MB. Free memory was 63.3MB in the beginning and 76.2MB in the end (delta: -12.9MB). Peak memory consumption was 21.0MB. Max. memory is 16.1GB. * TraceAbstraction took 4231.33ms. Allocated memory was 102.8MB in the beginning and 157.3MB in the end (delta: 54.5MB). Free memory was 75.6MB in the beginning and 105.7MB in the end (delta: -30.1MB). Peak memory consumption was 67.2MB. Max. memory is 16.1GB. * Witness Printer took 59.24ms. Allocated memory is still 157.3MB. Free memory was 104.6MB in the beginning and 99.4MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 881]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 94 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 4.1s, OverallIterations: 5, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.6s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 309 SdHoareTripleChecker+Valid, 0.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 301 mSDsluCounter, 1236 SdHoareTripleChecker+Invalid, 0.2s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 751 mSDsCounter, 45 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 146 IncrementalHoareTripleChecker+Invalid, 191 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 45 mSolverCounterUnsat, 485 mSDtfsCounter, 146 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 44 GetRequests, 23 SyntacticMatches, 0 SemanticMatches, 21 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=216occurred in iteration=4, InterpolantAutomatonStates: 25, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 5 MinimizatonAttempts, 9 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 44 LocationsWithAnnotation, 379 PreInvPairs, 429 NumberOfFragments, 337 HoareAnnotationTreeSize, 379 FomulaSimplifications, 36 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 44 FomulaSimplificationsInter, 1164 FormulaSimplificationTreeSizeReductionInter, 0.5s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.5s InterpolantComputationTime, 154 NumberOfCodeBlocks, 154 NumberOfCodeBlocksAsserted, 5 NumberOfCheckSat, 149 ConstructedInterpolants, 0 QuantifiedInterpolants, 285 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 5 InterpolantComputations, 5 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 266]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 254]: Loop Invariant Derived loop invariant: (((tmp == 1 && pumpRunning == 0) && \result == 1) && splverifierCounter == 0) && !(0 == systemActive) - InvariantResult [Line: 813]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 164]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 802]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 715]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && !(0 == systemActive) - InvariantResult [Line: 276]: Loop Invariant Derived loop invariant: ((tmp == 1 && pumpRunning == 0) && \result == 1) && splverifierCounter == 0 - InvariantResult [Line: 750]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 722]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && methaneLevelCritical == 0) && !(0 == systemActive) - InvariantResult [Line: 847]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || pumpRunning == 0) && ((!(\old(pumpRunning) == 0) || tmp == 0) || !(methaneLevelCritical == 0)) - InvariantResult [Line: 839]: Loop Invariant Derived loop invariant: (((tmp == 1 && pumpRunning == 0) && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) - InvariantResult [Line: 740]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 123]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || (pumpRunning == 0 && !(0 == systemActive)) - InvariantResult [Line: 877]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 175]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) && (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \result == 0)) - InvariantResult [Line: 889]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 966]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || 0 == systemActive - InvariantResult [Line: 794]: Loop Invariant Derived loop invariant: (((tmp == 1 && pumpRunning == 0) && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) - InvariantResult [Line: 275]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 220]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || 0 == systemActive - InvariantResult [Line: 729]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && methaneLevelCritical == 0) && \result == 1) && !(0 == systemActive) - InvariantResult [Line: 239]: Loop Invariant Derived loop invariant: ((tmp == 1 && pumpRunning == 0) && \result == 1) && splverifierCounter == 0 RESULT: Ultimate proved your program to be correct! [2022-02-20 18:07:30,037 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE