./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec2_product40.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec2_product40.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 1b223e2286b1d2d2d4710f5bd529ee4610cfb9619424734c12c9aa00d3c99444 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:07:32,911 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:07:32,913 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:07:32,945 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:07:32,946 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:07:32,949 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:07:32,950 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:07:32,955 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:07:32,957 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:07:32,961 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:07:32,961 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:07:32,963 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:07:32,963 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:07:32,965 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:07:32,966 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:07:32,969 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:07:32,970 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:07:32,971 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:07:32,973 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:07:32,977 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:07:32,979 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:07:32,980 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:07:32,981 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:07:32,982 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:07:32,991 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:07:32,992 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:07:32,992 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:07:32,994 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:07:32,994 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:07:32,994 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:07:32,995 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:07:32,995 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:07:32,996 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:07:32,996 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:07:32,997 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:07:32,998 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:07:32,998 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:07:32,998 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:07:32,999 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:07:32,999 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:07:33,001 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:07:33,002 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:07:33,032 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:07:33,032 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:07:33,033 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:07:33,033 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:07:33,034 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:07:33,034 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:07:33,035 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:07:33,035 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:07:33,035 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:07:33,035 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:07:33,036 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:07:33,036 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:07:33,036 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:07:33,036 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:07:33,037 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:07:33,037 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:07:33,037 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:07:33,037 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:07:33,037 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:07:33,037 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:07:33,038 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:07:33,038 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:07:33,038 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:07:33,038 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:07:33,038 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:33,039 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:07:33,039 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:07:33,039 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:07:33,039 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:07:33,039 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:07:33,039 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:07:33,040 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:07:33,040 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:07:33,040 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 1b223e2286b1d2d2d4710f5bd529ee4610cfb9619424734c12c9aa00d3c99444 [2022-02-20 18:07:33,278 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:07:33,310 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:07:33,313 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:07:33,313 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:07:33,314 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:07:33,315 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec2_product40.cil.c [2022-02-20 18:07:33,383 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/fce0e0b8e/9aeeef943654408d89531442c2e6e6cc/FLAGa873696cd [2022-02-20 18:07:33,841 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:07:33,845 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product40.cil.c [2022-02-20 18:07:33,857 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/fce0e0b8e/9aeeef943654408d89531442c2e6e6cc/FLAGa873696cd [2022-02-20 18:07:33,873 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/fce0e0b8e/9aeeef943654408d89531442c2e6e6cc [2022-02-20 18:07:33,875 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:07:33,877 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:07:33,878 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:33,878 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:07:33,881 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:07:33,882 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:33" (1/1) ... [2022-02-20 18:07:33,883 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@508acc57 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:33, skipping insertion in model container [2022-02-20 18:07:33,883 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:33" (1/1) ... [2022-02-20 18:07:33,890 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:07:33,938 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:07:34,169 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product40.cil.c[17002,17015] [2022-02-20 18:07:34,179 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:34,187 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:07:34,243 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product40.cil.c[17002,17015] [2022-02-20 18:07:34,248 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:34,269 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:07:34,270 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34 WrapperNode [2022-02-20 18:07:34,270 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:34,271 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:34,271 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:07:34,271 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:07:34,278 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,302 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,351 INFO L137 Inliner]: procedures = 56, calls = 157, calls flagged for inlining = 23, calls inlined = 20, statements flattened = 253 [2022-02-20 18:07:34,351 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:34,352 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:07:34,352 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:07:34,353 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:07:34,360 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,360 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,363 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,363 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,369 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,373 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,374 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,376 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:07:34,377 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:07:34,377 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:07:34,377 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:07:34,384 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (1/1) ... [2022-02-20 18:07:34,390 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:34,401 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:34,411 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:07:34,412 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:07:34,452 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:07:34,452 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:07:34,452 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:07:34,453 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:07:34,453 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:07:34,453 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:07:34,453 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:07:34,453 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:07:34,453 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:07:34,454 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:07:34,455 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:07:34,455 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:07:34,455 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:07:34,455 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:07:34,455 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:07:34,455 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:07:34,456 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:07:34,456 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:07:34,456 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:07:34,456 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:07:34,552 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:07:34,569 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:07:34,952 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:07:34,962 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:07:34,963 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:07:34,965 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:34 BoogieIcfgContainer [2022-02-20 18:07:34,965 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:07:34,967 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:07:34,967 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:07:34,970 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:07:34,970 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:07:33" (1/3) ... [2022-02-20 18:07:34,971 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@19ceebb4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:34, skipping insertion in model container [2022-02-20 18:07:34,971 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:34" (2/3) ... [2022-02-20 18:07:34,971 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@19ceebb4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:34, skipping insertion in model container [2022-02-20 18:07:34,972 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:34" (3/3) ... [2022-02-20 18:07:34,973 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec2_product40.cil.c [2022-02-20 18:07:34,977 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:07:34,978 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:07:35,030 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:07:35,036 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:07:35,037 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:07:35,060 INFO L276 IsEmpty]: Start isEmpty. Operand has 95 states, 71 states have (on average 1.380281690140845) internal successors, (98), 80 states have internal predecessors, (98), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:35,068 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:07:35,069 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:35,069 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:35,070 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:35,074 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:35,075 INFO L85 PathProgramCache]: Analyzing trace with hash -1035852950, now seen corresponding path program 1 times [2022-02-20 18:07:35,084 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:35,084 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [657826327] [2022-02-20 18:07:35,085 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:35,086 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:35,238 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:35,330 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:07:35,335 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:35,352 INFO L290 TraceCheckUtils]: 0: Hoare triple {98#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {98#true} is VALID [2022-02-20 18:07:35,353 INFO L290 TraceCheckUtils]: 1: Hoare triple {98#true} assume true; {98#true} is VALID [2022-02-20 18:07:35,353 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {98#true} {99#false} #252#return; {99#false} is VALID [2022-02-20 18:07:35,360 INFO L290 TraceCheckUtils]: 0: Hoare triple {98#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {98#true} is VALID [2022-02-20 18:07:35,360 INFO L290 TraceCheckUtils]: 1: Hoare triple {98#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {98#true} is VALID [2022-02-20 18:07:35,360 INFO L290 TraceCheckUtils]: 2: Hoare triple {98#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {98#true} is VALID [2022-02-20 18:07:35,361 INFO L290 TraceCheckUtils]: 3: Hoare triple {98#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {98#true} is VALID [2022-02-20 18:07:35,362 INFO L290 TraceCheckUtils]: 4: Hoare triple {98#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {98#true} is VALID [2022-02-20 18:07:35,362 INFO L290 TraceCheckUtils]: 5: Hoare triple {98#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {98#true} is VALID [2022-02-20 18:07:35,362 INFO L290 TraceCheckUtils]: 6: Hoare triple {98#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {98#true} is VALID [2022-02-20 18:07:35,363 INFO L290 TraceCheckUtils]: 7: Hoare triple {98#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {98#true} is VALID [2022-02-20 18:07:35,364 INFO L290 TraceCheckUtils]: 8: Hoare triple {98#true} assume false; {99#false} is VALID [2022-02-20 18:07:35,364 INFO L272 TraceCheckUtils]: 9: Hoare triple {99#false} call cleanup(); {99#false} is VALID [2022-02-20 18:07:35,364 INFO L290 TraceCheckUtils]: 10: Hoare triple {99#false} havoc ~i~0;havoc ~__cil_tmp2~0; {99#false} is VALID [2022-02-20 18:07:35,364 INFO L272 TraceCheckUtils]: 11: Hoare triple {99#false} call timeShift(); {99#false} is VALID [2022-02-20 18:07:35,365 INFO L290 TraceCheckUtils]: 12: Hoare triple {99#false} assume !(0 != ~pumpRunning~0); {99#false} is VALID [2022-02-20 18:07:35,365 INFO L290 TraceCheckUtils]: 13: Hoare triple {99#false} assume !(0 != ~systemActive~0); {99#false} is VALID [2022-02-20 18:07:35,365 INFO L290 TraceCheckUtils]: 14: Hoare triple {99#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {99#false} is VALID [2022-02-20 18:07:35,365 INFO L272 TraceCheckUtils]: 15: Hoare triple {99#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {98#true} is VALID [2022-02-20 18:07:35,366 INFO L290 TraceCheckUtils]: 16: Hoare triple {98#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {98#true} is VALID [2022-02-20 18:07:35,366 INFO L290 TraceCheckUtils]: 17: Hoare triple {98#true} assume true; {98#true} is VALID [2022-02-20 18:07:35,366 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {98#true} {99#false} #252#return; {99#false} is VALID [2022-02-20 18:07:35,367 INFO L290 TraceCheckUtils]: 19: Hoare triple {99#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {99#false} is VALID [2022-02-20 18:07:35,367 INFO L290 TraceCheckUtils]: 20: Hoare triple {99#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {99#false} is VALID [2022-02-20 18:07:35,368 INFO L290 TraceCheckUtils]: 21: Hoare triple {99#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {99#false} is VALID [2022-02-20 18:07:35,369 INFO L290 TraceCheckUtils]: 22: Hoare triple {99#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {99#false} is VALID [2022-02-20 18:07:35,369 INFO L290 TraceCheckUtils]: 23: Hoare triple {99#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {99#false} is VALID [2022-02-20 18:07:35,370 INFO L290 TraceCheckUtils]: 24: Hoare triple {99#false} assume !false; {99#false} is VALID [2022-02-20 18:07:35,370 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:35,371 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:35,371 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [657826327] [2022-02-20 18:07:35,372 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [657826327] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:35,372 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:35,372 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:07:35,374 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1756370508] [2022-02-20 18:07:35,375 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:35,380 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:35,382 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:35,385 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:35,425 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:35,425 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:07:35,426 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:35,451 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:07:35,452 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:35,457 INFO L87 Difference]: Start difference. First operand has 95 states, 71 states have (on average 1.380281690140845) internal successors, (98), 80 states have internal predecessors, (98), 14 states have call successors, (14), 8 states have call predecessors, (14), 8 states have return successors, (14), 11 states have call predecessors, (14), 14 states have call successors, (14) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:35,604 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:35,604 INFO L93 Difference]: Finished difference Result 181 states and 246 transitions. [2022-02-20 18:07:35,605 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:07:35,605 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:35,606 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:35,607 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:35,620 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 246 transitions. [2022-02-20 18:07:35,620 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:35,626 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 246 transitions. [2022-02-20 18:07:35,626 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 246 transitions. [2022-02-20 18:07:35,854 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 246 edges. 246 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:35,868 INFO L225 Difference]: With dead ends: 181 [2022-02-20 18:07:35,868 INFO L226 Difference]: Without dead ends: 86 [2022-02-20 18:07:35,872 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:35,875 INFO L933 BasicCegarLoop]: 120 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 120 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:35,876 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 120 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:35,891 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 86 states. [2022-02-20 18:07:35,916 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 86 to 86. [2022-02-20 18:07:35,917 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:35,920 INFO L82 GeneralOperation]: Start isEquivalent. First operand 86 states. Second operand has 86 states, 64 states have (on average 1.3125) internal successors, (84), 72 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:07:35,924 INFO L74 IsIncluded]: Start isIncluded. First operand 86 states. Second operand has 86 states, 64 states have (on average 1.3125) internal successors, (84), 72 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:07:35,925 INFO L87 Difference]: Start difference. First operand 86 states. Second operand has 86 states, 64 states have (on average 1.3125) internal successors, (84), 72 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:07:35,931 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:35,932 INFO L93 Difference]: Finished difference Result 86 states and 111 transitions. [2022-02-20 18:07:35,932 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 111 transitions. [2022-02-20 18:07:35,933 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:35,933 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:35,934 INFO L74 IsIncluded]: Start isIncluded. First operand has 86 states, 64 states have (on average 1.3125) internal successors, (84), 72 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) Second operand 86 states. [2022-02-20 18:07:35,935 INFO L87 Difference]: Start difference. First operand has 86 states, 64 states have (on average 1.3125) internal successors, (84), 72 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) Second operand 86 states. [2022-02-20 18:07:35,940 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:35,940 INFO L93 Difference]: Finished difference Result 86 states and 111 transitions. [2022-02-20 18:07:35,940 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 111 transitions. [2022-02-20 18:07:35,942 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:35,942 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:35,942 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:35,942 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:35,943 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 86 states, 64 states have (on average 1.3125) internal successors, (84), 72 states have internal predecessors, (84), 14 states have call successors, (14), 8 states have call predecessors, (14), 7 states have return successors, (13), 10 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:07:35,954 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 86 states to 86 states and 111 transitions. [2022-02-20 18:07:35,957 INFO L78 Accepts]: Start accepts. Automaton has 86 states and 111 transitions. Word has length 25 [2022-02-20 18:07:35,957 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:35,957 INFO L470 AbstractCegarLoop]: Abstraction has 86 states and 111 transitions. [2022-02-20 18:07:35,958 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:35,958 INFO L276 IsEmpty]: Start isEmpty. Operand 86 states and 111 transitions. [2022-02-20 18:07:35,963 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-02-20 18:07:35,964 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:35,965 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:35,965 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:07:35,965 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:35,966 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:35,968 INFO L85 PathProgramCache]: Analyzing trace with hash 1707158464, now seen corresponding path program 1 times [2022-02-20 18:07:35,968 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:35,968 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1063755013] [2022-02-20 18:07:35,969 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:35,969 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:35,994 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:36,025 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 18:07:36,027 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:36,040 INFO L290 TraceCheckUtils]: 0: Hoare triple {665#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {665#true} is VALID [2022-02-20 18:07:36,041 INFO L290 TraceCheckUtils]: 1: Hoare triple {665#true} assume true; {665#true} is VALID [2022-02-20 18:07:36,041 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {665#true} {666#false} #252#return; {666#false} is VALID [2022-02-20 18:07:36,041 INFO L290 TraceCheckUtils]: 0: Hoare triple {665#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {665#true} is VALID [2022-02-20 18:07:36,042 INFO L290 TraceCheckUtils]: 1: Hoare triple {665#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {665#true} is VALID [2022-02-20 18:07:36,042 INFO L290 TraceCheckUtils]: 2: Hoare triple {665#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {665#true} is VALID [2022-02-20 18:07:36,042 INFO L290 TraceCheckUtils]: 3: Hoare triple {665#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {665#true} is VALID [2022-02-20 18:07:36,042 INFO L290 TraceCheckUtils]: 4: Hoare triple {665#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {665#true} is VALID [2022-02-20 18:07:36,043 INFO L290 TraceCheckUtils]: 5: Hoare triple {665#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {665#true} is VALID [2022-02-20 18:07:36,043 INFO L290 TraceCheckUtils]: 6: Hoare triple {665#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {665#true} is VALID [2022-02-20 18:07:36,043 INFO L290 TraceCheckUtils]: 7: Hoare triple {665#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {667#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:36,044 INFO L290 TraceCheckUtils]: 8: Hoare triple {667#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {667#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:36,044 INFO L290 TraceCheckUtils]: 9: Hoare triple {667#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {666#false} is VALID [2022-02-20 18:07:36,045 INFO L272 TraceCheckUtils]: 10: Hoare triple {666#false} call cleanup(); {666#false} is VALID [2022-02-20 18:07:36,045 INFO L290 TraceCheckUtils]: 11: Hoare triple {666#false} havoc ~i~0;havoc ~__cil_tmp2~0; {666#false} is VALID [2022-02-20 18:07:36,045 INFO L272 TraceCheckUtils]: 12: Hoare triple {666#false} call timeShift(); {666#false} is VALID [2022-02-20 18:07:36,045 INFO L290 TraceCheckUtils]: 13: Hoare triple {666#false} assume !(0 != ~pumpRunning~0); {666#false} is VALID [2022-02-20 18:07:36,046 INFO L290 TraceCheckUtils]: 14: Hoare triple {666#false} assume !(0 != ~systemActive~0); {666#false} is VALID [2022-02-20 18:07:36,046 INFO L290 TraceCheckUtils]: 15: Hoare triple {666#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {666#false} is VALID [2022-02-20 18:07:36,046 INFO L272 TraceCheckUtils]: 16: Hoare triple {666#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {665#true} is VALID [2022-02-20 18:07:36,046 INFO L290 TraceCheckUtils]: 17: Hoare triple {665#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {665#true} is VALID [2022-02-20 18:07:36,047 INFO L290 TraceCheckUtils]: 18: Hoare triple {665#true} assume true; {665#true} is VALID [2022-02-20 18:07:36,047 INFO L284 TraceCheckUtils]: 19: Hoare quadruple {665#true} {666#false} #252#return; {666#false} is VALID [2022-02-20 18:07:36,047 INFO L290 TraceCheckUtils]: 20: Hoare triple {666#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {666#false} is VALID [2022-02-20 18:07:36,047 INFO L290 TraceCheckUtils]: 21: Hoare triple {666#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {666#false} is VALID [2022-02-20 18:07:36,048 INFO L290 TraceCheckUtils]: 22: Hoare triple {666#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {666#false} is VALID [2022-02-20 18:07:36,048 INFO L290 TraceCheckUtils]: 23: Hoare triple {666#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {666#false} is VALID [2022-02-20 18:07:36,048 INFO L290 TraceCheckUtils]: 24: Hoare triple {666#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {666#false} is VALID [2022-02-20 18:07:36,048 INFO L290 TraceCheckUtils]: 25: Hoare triple {666#false} assume !false; {666#false} is VALID [2022-02-20 18:07:36,049 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:36,049 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:36,049 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1063755013] [2022-02-20 18:07:36,049 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1063755013] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:36,050 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:36,050 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:36,050 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1939825615] [2022-02-20 18:07:36,050 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:36,051 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:36,052 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:36,052 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,073 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:36,074 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:36,074 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:36,075 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:36,075 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:36,075 INFO L87 Difference]: Start difference. First operand 86 states and 111 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,169 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:36,169 INFO L93 Difference]: Finished difference Result 132 states and 170 transitions. [2022-02-20 18:07:36,169 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:36,170 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:36,170 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:36,170 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,173 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 170 transitions. [2022-02-20 18:07:36,174 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,177 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 170 transitions. [2022-02-20 18:07:36,177 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 170 transitions. [2022-02-20 18:07:36,312 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 170 edges. 170 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:36,316 INFO L225 Difference]: With dead ends: 132 [2022-02-20 18:07:36,316 INFO L226 Difference]: Without dead ends: 77 [2022-02-20 18:07:36,318 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:36,320 INFO L933 BasicCegarLoop]: 98 mSDtfsCounter, 17 mSDsluCounter, 76 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 174 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:36,320 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 174 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:36,321 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2022-02-20 18:07:36,327 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 77. [2022-02-20 18:07:36,327 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:36,328 INFO L82 GeneralOperation]: Start isEquivalent. First operand 77 states. Second operand has 77 states, 58 states have (on average 1.3275862068965518) internal successors, (77), 66 states have internal predecessors, (77), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:07:36,329 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand has 77 states, 58 states have (on average 1.3275862068965518) internal successors, (77), 66 states have internal predecessors, (77), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:07:36,329 INFO L87 Difference]: Start difference. First operand 77 states. Second operand has 77 states, 58 states have (on average 1.3275862068965518) internal successors, (77), 66 states have internal predecessors, (77), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:07:36,333 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:36,334 INFO L93 Difference]: Finished difference Result 77 states and 99 transitions. [2022-02-20 18:07:36,334 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:36,338 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:36,338 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:36,339 INFO L74 IsIncluded]: Start isIncluded. First operand has 77 states, 58 states have (on average 1.3275862068965518) internal successors, (77), 66 states have internal predecessors, (77), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) Second operand 77 states. [2022-02-20 18:07:36,339 INFO L87 Difference]: Start difference. First operand has 77 states, 58 states have (on average 1.3275862068965518) internal successors, (77), 66 states have internal predecessors, (77), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) Second operand 77 states. [2022-02-20 18:07:36,345 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:36,345 INFO L93 Difference]: Finished difference Result 77 states and 99 transitions. [2022-02-20 18:07:36,345 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:36,345 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:36,346 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:36,346 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:36,346 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:36,347 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 77 states, 58 states have (on average 1.3275862068965518) internal successors, (77), 66 states have internal predecessors, (77), 11 states have call successors, (11), 7 states have call predecessors, (11), 7 states have return successors, (11), 8 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:07:36,350 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 99 transitions. [2022-02-20 18:07:36,350 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 99 transitions. Word has length 26 [2022-02-20 18:07:36,350 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:36,350 INFO L470 AbstractCegarLoop]: Abstraction has 77 states and 99 transitions. [2022-02-20 18:07:36,351 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,351 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:36,351 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2022-02-20 18:07:36,352 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:36,352 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:36,352 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:07:36,352 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:36,353 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:36,353 INFO L85 PathProgramCache]: Analyzing trace with hash -969347747, now seen corresponding path program 1 times [2022-02-20 18:07:36,353 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:36,353 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1968890911] [2022-02-20 18:07:36,353 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:36,354 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:36,381 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:36,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-02-20 18:07:36,410 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:36,413 INFO L290 TraceCheckUtils]: 0: Hoare triple {1129#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {1129#true} is VALID [2022-02-20 18:07:36,413 INFO L290 TraceCheckUtils]: 1: Hoare triple {1129#true} assume true; {1129#true} is VALID [2022-02-20 18:07:36,414 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1129#true} {1130#false} #252#return; {1130#false} is VALID [2022-02-20 18:07:36,414 INFO L290 TraceCheckUtils]: 0: Hoare triple {1129#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {1129#true} is VALID [2022-02-20 18:07:36,414 INFO L290 TraceCheckUtils]: 1: Hoare triple {1129#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1129#true} is VALID [2022-02-20 18:07:36,414 INFO L290 TraceCheckUtils]: 2: Hoare triple {1129#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1129#true} is VALID [2022-02-20 18:07:36,415 INFO L290 TraceCheckUtils]: 3: Hoare triple {1129#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {1129#true} is VALID [2022-02-20 18:07:36,415 INFO L290 TraceCheckUtils]: 4: Hoare triple {1129#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {1129#true} is VALID [2022-02-20 18:07:36,415 INFO L290 TraceCheckUtils]: 5: Hoare triple {1129#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1129#true} is VALID [2022-02-20 18:07:36,415 INFO L290 TraceCheckUtils]: 6: Hoare triple {1129#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {1129#true} is VALID [2022-02-20 18:07:36,415 INFO L290 TraceCheckUtils]: 7: Hoare triple {1129#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1129#true} is VALID [2022-02-20 18:07:36,416 INFO L290 TraceCheckUtils]: 8: Hoare triple {1129#true} assume !false; {1129#true} is VALID [2022-02-20 18:07:36,416 INFO L290 TraceCheckUtils]: 9: Hoare triple {1129#true} assume test_~splverifierCounter~0#1 < 4; {1129#true} is VALID [2022-02-20 18:07:36,416 INFO L290 TraceCheckUtils]: 10: Hoare triple {1129#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {1129#true} is VALID [2022-02-20 18:07:36,416 INFO L290 TraceCheckUtils]: 11: Hoare triple {1129#true} assume !(0 != test_~tmp~1#1); {1129#true} is VALID [2022-02-20 18:07:36,416 INFO L290 TraceCheckUtils]: 12: Hoare triple {1129#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {1129#true} is VALID [2022-02-20 18:07:36,417 INFO L290 TraceCheckUtils]: 13: Hoare triple {1129#true} assume !(0 != test_~tmp___0~1#1); {1129#true} is VALID [2022-02-20 18:07:36,417 INFO L290 TraceCheckUtils]: 14: Hoare triple {1129#true} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {1129#true} is VALID [2022-02-20 18:07:36,418 INFO L290 TraceCheckUtils]: 15: Hoare triple {1129#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {1131#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:36,418 INFO L290 TraceCheckUtils]: 16: Hoare triple {1131#(= 1 ~systemActive~0)} assume { :end_inline_startSystem } true; {1131#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:36,419 INFO L272 TraceCheckUtils]: 17: Hoare triple {1131#(= 1 ~systemActive~0)} call timeShift(); {1131#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:36,419 INFO L290 TraceCheckUtils]: 18: Hoare triple {1131#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {1131#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:36,420 INFO L290 TraceCheckUtils]: 19: Hoare triple {1131#(= 1 ~systemActive~0)} assume !(0 != ~systemActive~0); {1130#false} is VALID [2022-02-20 18:07:36,420 INFO L290 TraceCheckUtils]: 20: Hoare triple {1130#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {1130#false} is VALID [2022-02-20 18:07:36,420 INFO L272 TraceCheckUtils]: 21: Hoare triple {1130#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {1129#true} is VALID [2022-02-20 18:07:36,420 INFO L290 TraceCheckUtils]: 22: Hoare triple {1129#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {1129#true} is VALID [2022-02-20 18:07:36,420 INFO L290 TraceCheckUtils]: 23: Hoare triple {1129#true} assume true; {1129#true} is VALID [2022-02-20 18:07:36,421 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {1129#true} {1130#false} #252#return; {1130#false} is VALID [2022-02-20 18:07:36,421 INFO L290 TraceCheckUtils]: 25: Hoare triple {1130#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {1130#false} is VALID [2022-02-20 18:07:36,421 INFO L290 TraceCheckUtils]: 26: Hoare triple {1130#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {1130#false} is VALID [2022-02-20 18:07:36,421 INFO L290 TraceCheckUtils]: 27: Hoare triple {1130#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {1130#false} is VALID [2022-02-20 18:07:36,421 INFO L290 TraceCheckUtils]: 28: Hoare triple {1130#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {1130#false} is VALID [2022-02-20 18:07:36,422 INFO L290 TraceCheckUtils]: 29: Hoare triple {1130#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1130#false} is VALID [2022-02-20 18:07:36,422 INFO L290 TraceCheckUtils]: 30: Hoare triple {1130#false} assume !false; {1130#false} is VALID [2022-02-20 18:07:36,422 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:36,422 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:36,423 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1968890911] [2022-02-20 18:07:36,423 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1968890911] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:36,423 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:36,423 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:36,423 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [181274761] [2022-02-20 18:07:36,424 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:36,424 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:36,424 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:36,425 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,456 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:36,457 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:36,457 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:36,457 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:36,458 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:36,458 INFO L87 Difference]: Start difference. First operand 77 states and 99 transitions. Second operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,644 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:36,645 INFO L93 Difference]: Finished difference Result 213 states and 280 transitions. [2022-02-20 18:07:36,645 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:36,645 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:36,646 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:36,646 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,650 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 280 transitions. [2022-02-20 18:07:36,651 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,655 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 280 transitions. [2022-02-20 18:07:36,655 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 280 transitions. [2022-02-20 18:07:36,882 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 280 edges. 280 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:36,887 INFO L225 Difference]: With dead ends: 213 [2022-02-20 18:07:36,887 INFO L226 Difference]: Without dead ends: 144 [2022-02-20 18:07:36,888 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:36,889 INFO L933 BasicCegarLoop]: 122 mSDtfsCounter, 91 mSDsluCounter, 86 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 91 SdHoareTripleChecker+Valid, 208 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:36,889 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [91 Valid, 208 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:36,890 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 144 states. [2022-02-20 18:07:36,912 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 144 to 141. [2022-02-20 18:07:36,912 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:36,913 INFO L82 GeneralOperation]: Start isEquivalent. First operand 144 states. Second operand has 141 states, 104 states have (on average 1.3557692307692308) internal successors, (141), 119 states have internal predecessors, (141), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2022-02-20 18:07:36,914 INFO L74 IsIncluded]: Start isIncluded. First operand 144 states. Second operand has 141 states, 104 states have (on average 1.3557692307692308) internal successors, (141), 119 states have internal predecessors, (141), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2022-02-20 18:07:36,914 INFO L87 Difference]: Start difference. First operand 144 states. Second operand has 141 states, 104 states have (on average 1.3557692307692308) internal successors, (141), 119 states have internal predecessors, (141), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2022-02-20 18:07:36,920 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:36,920 INFO L93 Difference]: Finished difference Result 144 states and 187 transitions. [2022-02-20 18:07:36,920 INFO L276 IsEmpty]: Start isEmpty. Operand 144 states and 187 transitions. [2022-02-20 18:07:36,921 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:36,921 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:36,921 INFO L74 IsIncluded]: Start isIncluded. First operand has 141 states, 104 states have (on average 1.3557692307692308) internal successors, (141), 119 states have internal predecessors, (141), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) Second operand 144 states. [2022-02-20 18:07:36,922 INFO L87 Difference]: Start difference. First operand has 141 states, 104 states have (on average 1.3557692307692308) internal successors, (141), 119 states have internal predecessors, (141), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) Second operand 144 states. [2022-02-20 18:07:36,930 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:36,931 INFO L93 Difference]: Finished difference Result 144 states and 187 transitions. [2022-02-20 18:07:36,931 INFO L276 IsEmpty]: Start isEmpty. Operand 144 states and 187 transitions. [2022-02-20 18:07:36,931 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:36,931 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:36,932 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:36,932 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:36,932 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 141 states, 104 states have (on average 1.3557692307692308) internal successors, (141), 119 states have internal predecessors, (141), 22 states have call successors, (22), 14 states have call predecessors, (22), 14 states have return successors, (22), 15 states have call predecessors, (22), 22 states have call successors, (22) [2022-02-20 18:07:36,938 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 141 states to 141 states and 185 transitions. [2022-02-20 18:07:36,939 INFO L78 Accepts]: Start accepts. Automaton has 141 states and 185 transitions. Word has length 31 [2022-02-20 18:07:36,939 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:36,939 INFO L470 AbstractCegarLoop]: Abstraction has 141 states and 185 transitions. [2022-02-20 18:07:36,939 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:36,939 INFO L276 IsEmpty]: Start isEmpty. Operand 141 states and 185 transitions. [2022-02-20 18:07:36,940 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-20 18:07:36,940 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:36,940 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:36,941 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:07:36,941 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:36,941 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:36,942 INFO L85 PathProgramCache]: Analyzing trace with hash -595617824, now seen corresponding path program 1 times [2022-02-20 18:07:36,942 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:36,942 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [412364406] [2022-02-20 18:07:36,942 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:36,942 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:36,995 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:37,062 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:07:37,064 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:37,072 INFO L290 TraceCheckUtils]: 0: Hoare triple {1930#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:37,072 INFO L290 TraceCheckUtils]: 1: Hoare triple {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:37,073 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1932#(= ~methaneLevelCritical~0 0)} #252#return; {1936#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret4#1| 0)} is VALID [2022-02-20 18:07:37,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {1930#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,074 INFO L290 TraceCheckUtils]: 1: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,074 INFO L290 TraceCheckUtils]: 2: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,075 INFO L290 TraceCheckUtils]: 3: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,075 INFO L290 TraceCheckUtils]: 4: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,076 INFO L290 TraceCheckUtils]: 5: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,076 INFO L290 TraceCheckUtils]: 6: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,077 INFO L290 TraceCheckUtils]: 7: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,077 INFO L290 TraceCheckUtils]: 8: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume !false; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,077 INFO L290 TraceCheckUtils]: 9: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume test_~splverifierCounter~0#1 < 4; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,078 INFO L290 TraceCheckUtils]: 10: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,078 INFO L290 TraceCheckUtils]: 11: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp~1#1); {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,079 INFO L290 TraceCheckUtils]: 12: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,079 INFO L290 TraceCheckUtils]: 13: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___0~1#1); {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,080 INFO L290 TraceCheckUtils]: 14: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,080 INFO L290 TraceCheckUtils]: 15: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,081 INFO L290 TraceCheckUtils]: 16: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,081 INFO L290 TraceCheckUtils]: 17: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,081 INFO L290 TraceCheckUtils]: 18: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} ~systemActive~0 := 0; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,082 INFO L290 TraceCheckUtils]: 19: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume { :end_inline_stopSystem } true; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,082 INFO L272 TraceCheckUtils]: 20: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} call timeShift(); {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,083 INFO L290 TraceCheckUtils]: 21: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume !(0 != ~pumpRunning~0); {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,083 INFO L290 TraceCheckUtils]: 22: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume !(0 != ~systemActive~0); {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,084 INFO L290 TraceCheckUtils]: 23: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {1932#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:37,084 INFO L272 TraceCheckUtils]: 24: Hoare triple {1932#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {1930#true} is VALID [2022-02-20 18:07:37,084 INFO L290 TraceCheckUtils]: 25: Hoare triple {1930#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:37,085 INFO L290 TraceCheckUtils]: 26: Hoare triple {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:37,085 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {1938#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {1932#(= ~methaneLevelCritical~0 0)} #252#return; {1936#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret4#1| 0)} is VALID [2022-02-20 18:07:37,086 INFO L290 TraceCheckUtils]: 28: Hoare triple {1936#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret4#1| 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {1937#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~0#1| 0)} is VALID [2022-02-20 18:07:37,086 INFO L290 TraceCheckUtils]: 29: Hoare triple {1937#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~0#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {1931#false} is VALID [2022-02-20 18:07:37,087 INFO L290 TraceCheckUtils]: 30: Hoare triple {1931#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {1931#false} is VALID [2022-02-20 18:07:37,087 INFO L290 TraceCheckUtils]: 31: Hoare triple {1931#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {1931#false} is VALID [2022-02-20 18:07:37,087 INFO L290 TraceCheckUtils]: 32: Hoare triple {1931#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1931#false} is VALID [2022-02-20 18:07:37,087 INFO L290 TraceCheckUtils]: 33: Hoare triple {1931#false} assume !false; {1931#false} is VALID [2022-02-20 18:07:37,088 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:37,088 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:37,088 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [412364406] [2022-02-20 18:07:37,088 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [412364406] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:37,088 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:37,088 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:37,089 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1170103849] [2022-02-20 18:07:37,089 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:37,093 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:37,093 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:37,093 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:37,122 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:37,123 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:37,123 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:37,124 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:37,124 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:37,125 INFO L87 Difference]: Start difference. First operand 141 states and 185 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:37,519 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:37,519 INFO L93 Difference]: Finished difference Result 405 states and 540 transitions. [2022-02-20 18:07:37,519 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:07:37,520 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:37,521 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:37,522 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:37,526 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 281 transitions. [2022-02-20 18:07:37,526 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:37,532 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 281 transitions. [2022-02-20 18:07:37,532 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 281 transitions. [2022-02-20 18:07:37,729 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 281 edges. 281 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:37,737 INFO L225 Difference]: With dead ends: 405 [2022-02-20 18:07:37,737 INFO L226 Difference]: Without dead ends: 272 [2022-02-20 18:07:37,738 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=21, Invalid=51, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:07:37,739 INFO L933 BasicCegarLoop]: 107 mSDtfsCounter, 67 mSDsluCounter, 376 mSDsCounter, 0 mSdLazyCounter, 48 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 70 SdHoareTripleChecker+Valid, 483 SdHoareTripleChecker+Invalid, 52 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 48 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:37,739 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [70 Valid, 483 Invalid, 52 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 48 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:37,740 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 272 states. [2022-02-20 18:07:37,758 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 272 to 266. [2022-02-20 18:07:37,758 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:37,759 INFO L82 GeneralOperation]: Start isEquivalent. First operand 272 states. Second operand has 266 states, 193 states have (on average 1.3419689119170986) internal successors, (259), 222 states have internal predecessors, (259), 44 states have call successors, (44), 28 states have call predecessors, (44), 28 states have return successors, (46), 30 states have call predecessors, (46), 44 states have call successors, (46) [2022-02-20 18:07:37,760 INFO L74 IsIncluded]: Start isIncluded. First operand 272 states. Second operand has 266 states, 193 states have (on average 1.3419689119170986) internal successors, (259), 222 states have internal predecessors, (259), 44 states have call successors, (44), 28 states have call predecessors, (44), 28 states have return successors, (46), 30 states have call predecessors, (46), 44 states have call successors, (46) [2022-02-20 18:07:37,761 INFO L87 Difference]: Start difference. First operand 272 states. Second operand has 266 states, 193 states have (on average 1.3419689119170986) internal successors, (259), 222 states have internal predecessors, (259), 44 states have call successors, (44), 28 states have call predecessors, (44), 28 states have return successors, (46), 30 states have call predecessors, (46), 44 states have call successors, (46) [2022-02-20 18:07:37,772 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:37,772 INFO L93 Difference]: Finished difference Result 272 states and 355 transitions. [2022-02-20 18:07:37,772 INFO L276 IsEmpty]: Start isEmpty. Operand 272 states and 355 transitions. [2022-02-20 18:07:37,773 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:37,773 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:37,775 INFO L74 IsIncluded]: Start isIncluded. First operand has 266 states, 193 states have (on average 1.3419689119170986) internal successors, (259), 222 states have internal predecessors, (259), 44 states have call successors, (44), 28 states have call predecessors, (44), 28 states have return successors, (46), 30 states have call predecessors, (46), 44 states have call successors, (46) Second operand 272 states. [2022-02-20 18:07:37,776 INFO L87 Difference]: Start difference. First operand has 266 states, 193 states have (on average 1.3419689119170986) internal successors, (259), 222 states have internal predecessors, (259), 44 states have call successors, (44), 28 states have call predecessors, (44), 28 states have return successors, (46), 30 states have call predecessors, (46), 44 states have call successors, (46) Second operand 272 states. [2022-02-20 18:07:37,787 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:37,787 INFO L93 Difference]: Finished difference Result 272 states and 355 transitions. [2022-02-20 18:07:37,787 INFO L276 IsEmpty]: Start isEmpty. Operand 272 states and 355 transitions. [2022-02-20 18:07:37,788 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:37,788 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:37,788 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:37,789 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:37,790 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 266 states, 193 states have (on average 1.3419689119170986) internal successors, (259), 222 states have internal predecessors, (259), 44 states have call successors, (44), 28 states have call predecessors, (44), 28 states have return successors, (46), 30 states have call predecessors, (46), 44 states have call successors, (46) [2022-02-20 18:07:37,803 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 266 states to 266 states and 349 transitions. [2022-02-20 18:07:37,803 INFO L78 Accepts]: Start accepts. Automaton has 266 states and 349 transitions. Word has length 34 [2022-02-20 18:07:37,803 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:37,804 INFO L470 AbstractCegarLoop]: Abstraction has 266 states and 349 transitions. [2022-02-20 18:07:37,804 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:37,804 INFO L276 IsEmpty]: Start isEmpty. Operand 266 states and 349 transitions. [2022-02-20 18:07:37,805 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:07:37,805 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:37,805 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:37,805 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:07:37,806 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:37,806 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:37,806 INFO L85 PathProgramCache]: Analyzing trace with hash -1037298340, now seen corresponding path program 1 times [2022-02-20 18:07:37,806 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:37,806 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1370765747] [2022-02-20 18:07:37,807 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:37,807 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:37,826 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:37,870 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:07:37,872 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:37,879 INFO L290 TraceCheckUtils]: 0: Hoare triple {3461#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3450#true} is VALID [2022-02-20 18:07:37,879 INFO L290 TraceCheckUtils]: 1: Hoare triple {3450#true} assume true; {3450#true} is VALID [2022-02-20 18:07:37,880 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3450#true} {3452#(= ~pumpRunning~0 0)} #256#return; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,880 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:07:37,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:37,886 INFO L290 TraceCheckUtils]: 0: Hoare triple {3450#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {3450#true} is VALID [2022-02-20 18:07:37,886 INFO L290 TraceCheckUtils]: 1: Hoare triple {3450#true} assume true; {3450#true} is VALID [2022-02-20 18:07:37,887 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3450#true} {3452#(= ~pumpRunning~0 0)} #252#return; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,887 INFO L290 TraceCheckUtils]: 0: Hoare triple {3450#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,888 INFO L290 TraceCheckUtils]: 1: Hoare triple {3452#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,888 INFO L290 TraceCheckUtils]: 2: Hoare triple {3452#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,888 INFO L290 TraceCheckUtils]: 3: Hoare triple {3452#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,889 INFO L290 TraceCheckUtils]: 4: Hoare triple {3452#(= ~pumpRunning~0 0)} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,889 INFO L290 TraceCheckUtils]: 5: Hoare triple {3452#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,890 INFO L290 TraceCheckUtils]: 6: Hoare triple {3452#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,890 INFO L290 TraceCheckUtils]: 7: Hoare triple {3452#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,890 INFO L290 TraceCheckUtils]: 8: Hoare triple {3452#(= ~pumpRunning~0 0)} assume !false; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,891 INFO L290 TraceCheckUtils]: 9: Hoare triple {3452#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,891 INFO L290 TraceCheckUtils]: 10: Hoare triple {3452#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,892 INFO L290 TraceCheckUtils]: 11: Hoare triple {3452#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~1#1); {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,894 INFO L290 TraceCheckUtils]: 12: Hoare triple {3452#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,894 INFO L290 TraceCheckUtils]: 13: Hoare triple {3452#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___0~1#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,895 INFO L272 TraceCheckUtils]: 14: Hoare triple {3452#(= ~pumpRunning~0 0)} call changeMethaneLevel(); {3461#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:37,895 INFO L290 TraceCheckUtils]: 15: Hoare triple {3461#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {3450#true} is VALID [2022-02-20 18:07:37,895 INFO L290 TraceCheckUtils]: 16: Hoare triple {3450#true} assume true; {3450#true} is VALID [2022-02-20 18:07:37,897 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {3450#true} {3452#(= ~pumpRunning~0 0)} #256#return; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,897 INFO L290 TraceCheckUtils]: 18: Hoare triple {3452#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,898 INFO L290 TraceCheckUtils]: 19: Hoare triple {3452#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,898 INFO L290 TraceCheckUtils]: 20: Hoare triple {3452#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,899 INFO L290 TraceCheckUtils]: 21: Hoare triple {3452#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,899 INFO L290 TraceCheckUtils]: 22: Hoare triple {3452#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,903 INFO L290 TraceCheckUtils]: 23: Hoare triple {3452#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,903 INFO L272 TraceCheckUtils]: 24: Hoare triple {3452#(= ~pumpRunning~0 0)} call timeShift(); {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,903 INFO L290 TraceCheckUtils]: 25: Hoare triple {3452#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,904 INFO L290 TraceCheckUtils]: 26: Hoare triple {3452#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,904 INFO L290 TraceCheckUtils]: 27: Hoare triple {3452#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,904 INFO L272 TraceCheckUtils]: 28: Hoare triple {3452#(= ~pumpRunning~0 0)} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {3450#true} is VALID [2022-02-20 18:07:37,905 INFO L290 TraceCheckUtils]: 29: Hoare triple {3450#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {3450#true} is VALID [2022-02-20 18:07:37,905 INFO L290 TraceCheckUtils]: 30: Hoare triple {3450#true} assume true; {3450#true} is VALID [2022-02-20 18:07:37,905 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {3450#true} {3452#(= ~pumpRunning~0 0)} #252#return; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,906 INFO L290 TraceCheckUtils]: 32: Hoare triple {3452#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {3452#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:37,906 INFO L290 TraceCheckUtils]: 33: Hoare triple {3452#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {3459#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:07:37,907 INFO L290 TraceCheckUtils]: 34: Hoare triple {3459#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {3460#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~0#1| 0)} is VALID [2022-02-20 18:07:37,907 INFO L290 TraceCheckUtils]: 35: Hoare triple {3460#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~0#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {3451#false} is VALID [2022-02-20 18:07:37,915 INFO L290 TraceCheckUtils]: 36: Hoare triple {3451#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {3451#false} is VALID [2022-02-20 18:07:37,915 INFO L290 TraceCheckUtils]: 37: Hoare triple {3451#false} assume !false; {3451#false} is VALID [2022-02-20 18:07:37,916 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:37,917 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:37,917 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1370765747] [2022-02-20 18:07:37,917 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1370765747] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:37,917 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:37,917 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:37,917 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [257803013] [2022-02-20 18:07:37,918 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:37,919 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 38 [2022-02-20 18:07:37,920 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:37,920 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:37,949 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 38 edges. 38 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:37,949 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:37,949 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:37,950 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:37,950 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:37,950 INFO L87 Difference]: Start difference. First operand 266 states and 349 transitions. Second operand has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:38,574 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:38,575 INFO L93 Difference]: Finished difference Result 698 states and 934 transitions. [2022-02-20 18:07:38,575 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 8 states. [2022-02-20 18:07:38,575 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 38 [2022-02-20 18:07:38,576 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:38,576 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:38,581 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 258 transitions. [2022-02-20 18:07:38,581 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:38,586 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 8 states to 8 states and 258 transitions. [2022-02-20 18:07:38,586 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 8 states and 258 transitions. [2022-02-20 18:07:38,777 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 258 edges. 258 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:38,795 INFO L225 Difference]: With dead ends: 698 [2022-02-20 18:07:38,795 INFO L226 Difference]: Without dead ends: 440 [2022-02-20 18:07:38,812 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 14 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=32, Invalid=58, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:07:38,819 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 112 mSDsluCounter, 111 mSDsCounter, 0 mSdLazyCounter, 247 mSolverCounterSat, 39 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 118 SdHoareTripleChecker+Valid, 204 SdHoareTripleChecker+Invalid, 286 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 39 IncrementalHoareTripleChecker+Valid, 247 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:38,820 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [118 Valid, 204 Invalid, 286 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [39 Valid, 247 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:07:38,823 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 440 states. [2022-02-20 18:07:38,863 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 440 to 426. [2022-02-20 18:07:38,863 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:38,870 INFO L82 GeneralOperation]: Start isEquivalent. First operand 440 states. Second operand has 426 states, 313 states have (on average 1.293929712460064) internal successors, (405), 342 states have internal predecessors, (405), 60 states have call successors, (60), 52 states have call predecessors, (60), 52 states have return successors, (80), 54 states have call predecessors, (80), 60 states have call successors, (80) [2022-02-20 18:07:38,873 INFO L74 IsIncluded]: Start isIncluded. First operand 440 states. Second operand has 426 states, 313 states have (on average 1.293929712460064) internal successors, (405), 342 states have internal predecessors, (405), 60 states have call successors, (60), 52 states have call predecessors, (60), 52 states have return successors, (80), 54 states have call predecessors, (80), 60 states have call successors, (80) [2022-02-20 18:07:38,874 INFO L87 Difference]: Start difference. First operand 440 states. Second operand has 426 states, 313 states have (on average 1.293929712460064) internal successors, (405), 342 states have internal predecessors, (405), 60 states have call successors, (60), 52 states have call predecessors, (60), 52 states have return successors, (80), 54 states have call predecessors, (80), 60 states have call successors, (80) [2022-02-20 18:07:38,908 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:38,909 INFO L93 Difference]: Finished difference Result 440 states and 563 transitions. [2022-02-20 18:07:38,909 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 563 transitions. [2022-02-20 18:07:38,911 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:38,911 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:38,915 INFO L74 IsIncluded]: Start isIncluded. First operand has 426 states, 313 states have (on average 1.293929712460064) internal successors, (405), 342 states have internal predecessors, (405), 60 states have call successors, (60), 52 states have call predecessors, (60), 52 states have return successors, (80), 54 states have call predecessors, (80), 60 states have call successors, (80) Second operand 440 states. [2022-02-20 18:07:38,916 INFO L87 Difference]: Start difference. First operand has 426 states, 313 states have (on average 1.293929712460064) internal successors, (405), 342 states have internal predecessors, (405), 60 states have call successors, (60), 52 states have call predecessors, (60), 52 states have return successors, (80), 54 states have call predecessors, (80), 60 states have call successors, (80) Second operand 440 states. [2022-02-20 18:07:38,935 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:38,935 INFO L93 Difference]: Finished difference Result 440 states and 563 transitions. [2022-02-20 18:07:38,935 INFO L276 IsEmpty]: Start isEmpty. Operand 440 states and 563 transitions. [2022-02-20 18:07:38,938 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:38,938 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:38,938 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:38,938 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:38,940 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 426 states, 313 states have (on average 1.293929712460064) internal successors, (405), 342 states have internal predecessors, (405), 60 states have call successors, (60), 52 states have call predecessors, (60), 52 states have return successors, (80), 54 states have call predecessors, (80), 60 states have call successors, (80) [2022-02-20 18:07:38,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 426 states to 426 states and 545 transitions. [2022-02-20 18:07:38,957 INFO L78 Accepts]: Start accepts. Automaton has 426 states and 545 transitions. Word has length 38 [2022-02-20 18:07:38,959 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:38,959 INFO L470 AbstractCegarLoop]: Abstraction has 426 states and 545 transitions. [2022-02-20 18:07:38,959 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.5) internal successors, (33), 5 states have internal predecessors, (33), 1 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:38,959 INFO L276 IsEmpty]: Start isEmpty. Operand 426 states and 545 transitions. [2022-02-20 18:07:38,962 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2022-02-20 18:07:38,962 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:38,962 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:38,962 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:07:38,963 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:38,964 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:38,964 INFO L85 PathProgramCache]: Analyzing trace with hash 1524944222, now seen corresponding path program 1 times [2022-02-20 18:07:38,964 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:38,964 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2136971473] [2022-02-20 18:07:38,964 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:38,964 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:39,006 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:39,044 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:07:39,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:39,052 INFO L290 TraceCheckUtils]: 0: Hoare triple {5952#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {5933#true} is VALID [2022-02-20 18:07:39,052 INFO L290 TraceCheckUtils]: 1: Hoare triple {5933#true} assume true; {5933#true} is VALID [2022-02-20 18:07:39,052 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5933#true} {5933#true} #256#return; {5933#true} is VALID [2022-02-20 18:07:39,055 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:07:39,071 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:39,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {5953#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {5933#true} is VALID [2022-02-20 18:07:39,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {5933#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {5933#true} is VALID [2022-02-20 18:07:39,102 INFO L290 TraceCheckUtils]: 2: Hoare triple {5933#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {5933#true} is VALID [2022-02-20 18:07:39,103 INFO L290 TraceCheckUtils]: 3: Hoare triple {5933#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {5933#true} is VALID [2022-02-20 18:07:39,103 INFO L290 TraceCheckUtils]: 4: Hoare triple {5933#true} assume 0 != isHighWaterLevel_~tmp~4#1;isHighWaterLevel_~tmp___0~2#1 := 0; {5954#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:07:39,104 INFO L290 TraceCheckUtils]: 5: Hoare triple {5954#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0)} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {5955#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:07:39,105 INFO L290 TraceCheckUtils]: 6: Hoare triple {5955#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {5956#(= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0)} is VALID [2022-02-20 18:07:39,106 INFO L290 TraceCheckUtils]: 7: Hoare triple {5956#(= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0)} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {5934#false} is VALID [2022-02-20 18:07:39,106 INFO L290 TraceCheckUtils]: 8: Hoare triple {5934#false} assume { :end_inline_activatePump } true; {5934#false} is VALID [2022-02-20 18:07:39,108 INFO L290 TraceCheckUtils]: 9: Hoare triple {5934#false} assume true; {5934#false} is VALID [2022-02-20 18:07:39,109 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {5934#false} {5933#true} #250#return; {5934#false} is VALID [2022-02-20 18:07:39,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:07:39,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:39,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {5933#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {5933#true} is VALID [2022-02-20 18:07:39,114 INFO L290 TraceCheckUtils]: 1: Hoare triple {5933#true} assume true; {5933#true} is VALID [2022-02-20 18:07:39,114 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5933#true} {5934#false} #252#return; {5934#false} is VALID [2022-02-20 18:07:39,114 INFO L290 TraceCheckUtils]: 0: Hoare triple {5933#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {5933#true} is VALID [2022-02-20 18:07:39,115 INFO L290 TraceCheckUtils]: 1: Hoare triple {5933#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {5933#true} is VALID [2022-02-20 18:07:39,115 INFO L290 TraceCheckUtils]: 2: Hoare triple {5933#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5933#true} is VALID [2022-02-20 18:07:39,115 INFO L290 TraceCheckUtils]: 3: Hoare triple {5933#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {5933#true} is VALID [2022-02-20 18:07:39,115 INFO L290 TraceCheckUtils]: 4: Hoare triple {5933#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {5933#true} is VALID [2022-02-20 18:07:39,115 INFO L290 TraceCheckUtils]: 5: Hoare triple {5933#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {5933#true} is VALID [2022-02-20 18:07:39,116 INFO L290 TraceCheckUtils]: 6: Hoare triple {5933#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {5933#true} is VALID [2022-02-20 18:07:39,116 INFO L290 TraceCheckUtils]: 7: Hoare triple {5933#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5933#true} is VALID [2022-02-20 18:07:39,116 INFO L290 TraceCheckUtils]: 8: Hoare triple {5933#true} assume !false; {5933#true} is VALID [2022-02-20 18:07:39,116 INFO L290 TraceCheckUtils]: 9: Hoare triple {5933#true} assume test_~splverifierCounter~0#1 < 4; {5933#true} is VALID [2022-02-20 18:07:39,116 INFO L290 TraceCheckUtils]: 10: Hoare triple {5933#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {5933#true} is VALID [2022-02-20 18:07:39,117 INFO L290 TraceCheckUtils]: 11: Hoare triple {5933#true} assume !(0 != test_~tmp~1#1); {5933#true} is VALID [2022-02-20 18:07:39,117 INFO L290 TraceCheckUtils]: 12: Hoare triple {5933#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {5933#true} is VALID [2022-02-20 18:07:39,117 INFO L290 TraceCheckUtils]: 13: Hoare triple {5933#true} assume 0 != test_~tmp___0~1#1; {5933#true} is VALID [2022-02-20 18:07:39,117 INFO L272 TraceCheckUtils]: 14: Hoare triple {5933#true} call changeMethaneLevel(); {5952#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:39,118 INFO L290 TraceCheckUtils]: 15: Hoare triple {5952#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {5933#true} is VALID [2022-02-20 18:07:39,118 INFO L290 TraceCheckUtils]: 16: Hoare triple {5933#true} assume true; {5933#true} is VALID [2022-02-20 18:07:39,118 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {5933#true} {5933#true} #256#return; {5933#true} is VALID [2022-02-20 18:07:39,118 INFO L290 TraceCheckUtils]: 18: Hoare triple {5933#true} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {5933#true} is VALID [2022-02-20 18:07:39,118 INFO L290 TraceCheckUtils]: 19: Hoare triple {5933#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {5933#true} is VALID [2022-02-20 18:07:39,119 INFO L290 TraceCheckUtils]: 20: Hoare triple {5933#true} assume { :end_inline_startSystem } true; {5933#true} is VALID [2022-02-20 18:07:39,119 INFO L272 TraceCheckUtils]: 21: Hoare triple {5933#true} call timeShift(); {5933#true} is VALID [2022-02-20 18:07:39,119 INFO L290 TraceCheckUtils]: 22: Hoare triple {5933#true} assume !(0 != ~pumpRunning~0); {5933#true} is VALID [2022-02-20 18:07:39,119 INFO L290 TraceCheckUtils]: 23: Hoare triple {5933#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {5933#true} is VALID [2022-02-20 18:07:39,119 INFO L290 TraceCheckUtils]: 24: Hoare triple {5933#true} assume !(0 != ~pumpRunning~0); {5933#true} is VALID [2022-02-20 18:07:39,120 INFO L272 TraceCheckUtils]: 25: Hoare triple {5933#true} call processEnvironment__wrappee__highWaterSensor(); {5953#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:39,120 INFO L290 TraceCheckUtils]: 26: Hoare triple {5953#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {5933#true} is VALID [2022-02-20 18:07:39,120 INFO L290 TraceCheckUtils]: 27: Hoare triple {5933#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {5933#true} is VALID [2022-02-20 18:07:39,120 INFO L290 TraceCheckUtils]: 28: Hoare triple {5933#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {5933#true} is VALID [2022-02-20 18:07:39,121 INFO L290 TraceCheckUtils]: 29: Hoare triple {5933#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {5933#true} is VALID [2022-02-20 18:07:39,121 INFO L290 TraceCheckUtils]: 30: Hoare triple {5933#true} assume 0 != isHighWaterLevel_~tmp~4#1;isHighWaterLevel_~tmp___0~2#1 := 0; {5954#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:07:39,122 INFO L290 TraceCheckUtils]: 31: Hoare triple {5954#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0)} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {5955#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:07:39,122 INFO L290 TraceCheckUtils]: 32: Hoare triple {5955#(= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {5956#(= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0)} is VALID [2022-02-20 18:07:39,122 INFO L290 TraceCheckUtils]: 33: Hoare triple {5956#(= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0)} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {5934#false} is VALID [2022-02-20 18:07:39,123 INFO L290 TraceCheckUtils]: 34: Hoare triple {5934#false} assume { :end_inline_activatePump } true; {5934#false} is VALID [2022-02-20 18:07:39,123 INFO L290 TraceCheckUtils]: 35: Hoare triple {5934#false} assume true; {5934#false} is VALID [2022-02-20 18:07:39,123 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {5934#false} {5933#true} #250#return; {5934#false} is VALID [2022-02-20 18:07:39,123 INFO L290 TraceCheckUtils]: 37: Hoare triple {5934#false} assume { :end_inline_processEnvironment } true; {5934#false} is VALID [2022-02-20 18:07:39,123 INFO L290 TraceCheckUtils]: 38: Hoare triple {5934#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {5934#false} is VALID [2022-02-20 18:07:39,124 INFO L272 TraceCheckUtils]: 39: Hoare triple {5934#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {5933#true} is VALID [2022-02-20 18:07:39,124 INFO L290 TraceCheckUtils]: 40: Hoare triple {5933#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {5933#true} is VALID [2022-02-20 18:07:39,124 INFO L290 TraceCheckUtils]: 41: Hoare triple {5933#true} assume true; {5933#true} is VALID [2022-02-20 18:07:39,124 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {5933#true} {5934#false} #252#return; {5934#false} is VALID [2022-02-20 18:07:39,124 INFO L290 TraceCheckUtils]: 43: Hoare triple {5934#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {5934#false} is VALID [2022-02-20 18:07:39,124 INFO L290 TraceCheckUtils]: 44: Hoare triple {5934#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {5934#false} is VALID [2022-02-20 18:07:39,125 INFO L290 TraceCheckUtils]: 45: Hoare triple {5934#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {5934#false} is VALID [2022-02-20 18:07:39,125 INFO L290 TraceCheckUtils]: 46: Hoare triple {5934#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {5934#false} is VALID [2022-02-20 18:07:39,125 INFO L290 TraceCheckUtils]: 47: Hoare triple {5934#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {5934#false} is VALID [2022-02-20 18:07:39,125 INFO L290 TraceCheckUtils]: 48: Hoare triple {5934#false} assume !false; {5934#false} is VALID [2022-02-20 18:07:39,126 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:39,126 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:39,126 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2136971473] [2022-02-20 18:07:39,126 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2136971473] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:39,126 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:39,126 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:07:39,127 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [686486476] [2022-02-20 18:07:39,127 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:39,127 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-20 18:07:39,128 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:39,128 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:39,159 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:39,159 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:07:39,160 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:39,160 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:07:39,160 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:07:39,161 INFO L87 Difference]: Start difference. First operand 426 states and 545 transitions. Second operand has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:39,949 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:39,949 INFO L93 Difference]: Finished difference Result 952 states and 1233 transitions. [2022-02-20 18:07:39,949 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:07:39,950 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-20 18:07:39,950 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:39,950 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:39,953 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 223 transitions. [2022-02-20 18:07:39,954 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:39,956 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 223 transitions. [2022-02-20 18:07:39,956 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 223 transitions. [2022-02-20 18:07:40,136 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 223 edges. 223 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:40,160 INFO L225 Difference]: With dead ends: 952 [2022-02-20 18:07:40,160 INFO L226 Difference]: Without dead ends: 534 [2022-02-20 18:07:40,161 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 8 SyntacticMatches, 0 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=46, Invalid=86, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:07:40,162 INFO L933 BasicCegarLoop]: 86 mSDtfsCounter, 117 mSDsluCounter, 138 mSDsCounter, 0 mSdLazyCounter, 296 mSolverCounterSat, 47 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 118 SdHoareTripleChecker+Valid, 224 SdHoareTripleChecker+Invalid, 343 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 47 IncrementalHoareTripleChecker+Valid, 296 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:40,163 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [118 Valid, 224 Invalid, 343 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [47 Valid, 296 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:07:40,168 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 534 states. [2022-02-20 18:07:40,209 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 534 to 520. [2022-02-20 18:07:40,211 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:40,213 INFO L82 GeneralOperation]: Start isEquivalent. First operand 534 states. Second operand has 520 states, 387 states have (on average 1.2583979328165376) internal successors, (487), 416 states have internal predecessors, (487), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:40,214 INFO L74 IsIncluded]: Start isIncluded. First operand 534 states. Second operand has 520 states, 387 states have (on average 1.2583979328165376) internal successors, (487), 416 states have internal predecessors, (487), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:40,215 INFO L87 Difference]: Start difference. First operand 534 states. Second operand has 520 states, 387 states have (on average 1.2583979328165376) internal successors, (487), 416 states have internal predecessors, (487), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:40,235 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,236 INFO L93 Difference]: Finished difference Result 534 states and 676 transitions. [2022-02-20 18:07:40,236 INFO L276 IsEmpty]: Start isEmpty. Operand 534 states and 676 transitions. [2022-02-20 18:07:40,238 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:40,238 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:40,240 INFO L74 IsIncluded]: Start isIncluded. First operand has 520 states, 387 states have (on average 1.2583979328165376) internal successors, (487), 416 states have internal predecessors, (487), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) Second operand 534 states. [2022-02-20 18:07:40,241 INFO L87 Difference]: Start difference. First operand has 520 states, 387 states have (on average 1.2583979328165376) internal successors, (487), 416 states have internal predecessors, (487), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) Second operand 534 states. [2022-02-20 18:07:40,260 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,261 INFO L93 Difference]: Finished difference Result 534 states and 676 transitions. [2022-02-20 18:07:40,261 INFO L276 IsEmpty]: Start isEmpty. Operand 534 states and 676 transitions. [2022-02-20 18:07:40,263 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:40,263 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:40,263 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:40,263 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:40,265 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 520 states, 387 states have (on average 1.2583979328165376) internal successors, (487), 416 states have internal predecessors, (487), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:40,287 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 520 states to 520 states and 655 transitions. [2022-02-20 18:07:40,287 INFO L78 Accepts]: Start accepts. Automaton has 520 states and 655 transitions. Word has length 49 [2022-02-20 18:07:40,287 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:40,288 INFO L470 AbstractCegarLoop]: Abstraction has 520 states and 655 transitions. [2022-02-20 18:07:40,288 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 2 states have call successors, (4), 3 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:40,288 INFO L276 IsEmpty]: Start isEmpty. Operand 520 states and 655 transitions. [2022-02-20 18:07:40,289 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2022-02-20 18:07:40,289 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:40,289 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:40,289 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:07:40,290 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:40,290 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:40,290 INFO L85 PathProgramCache]: Analyzing trace with hash -163999520, now seen corresponding path program 1 times [2022-02-20 18:07:40,290 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:40,290 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [124379586] [2022-02-20 18:07:40,291 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:40,291 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:40,340 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,372 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:07:40,373 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,375 INFO L290 TraceCheckUtils]: 0: Hoare triple {9106#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {9086#true} is VALID [2022-02-20 18:07:40,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {9086#true} assume true; {9086#true} is VALID [2022-02-20 18:07:40,376 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9086#true} {9086#true} #256#return; {9086#true} is VALID [2022-02-20 18:07:40,379 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:07:40,383 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {9107#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {9086#true} is VALID [2022-02-20 18:07:40,407 INFO L290 TraceCheckUtils]: 1: Hoare triple {9086#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {9086#true} is VALID [2022-02-20 18:07:40,412 INFO L290 TraceCheckUtils]: 2: Hoare triple {9086#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {9108#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:07:40,412 INFO L290 TraceCheckUtils]: 3: Hoare triple {9108#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {9109#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~4#1| 0))} is VALID [2022-02-20 18:07:40,414 INFO L290 TraceCheckUtils]: 4: Hoare triple {9109#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~4#1| 0))} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {9087#false} is VALID [2022-02-20 18:07:40,414 INFO L290 TraceCheckUtils]: 5: Hoare triple {9087#false} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {9087#false} is VALID [2022-02-20 18:07:40,414 INFO L290 TraceCheckUtils]: 6: Hoare triple {9087#false} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {9087#false} is VALID [2022-02-20 18:07:40,414 INFO L290 TraceCheckUtils]: 7: Hoare triple {9087#false} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {9087#false} is VALID [2022-02-20 18:07:40,414 INFO L290 TraceCheckUtils]: 8: Hoare triple {9087#false} assume { :end_inline_activatePump } true; {9087#false} is VALID [2022-02-20 18:07:40,415 INFO L290 TraceCheckUtils]: 9: Hoare triple {9087#false} assume true; {9087#false} is VALID [2022-02-20 18:07:40,415 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {9087#false} {9086#true} #250#return; {9087#false} is VALID [2022-02-20 18:07:40,415 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:07:40,416 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,418 INFO L290 TraceCheckUtils]: 0: Hoare triple {9086#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {9086#true} is VALID [2022-02-20 18:07:40,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {9086#true} assume true; {9086#true} is VALID [2022-02-20 18:07:40,419 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9086#true} {9087#false} #252#return; {9087#false} is VALID [2022-02-20 18:07:40,419 INFO L290 TraceCheckUtils]: 0: Hoare triple {9086#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {9086#true} is VALID [2022-02-20 18:07:40,419 INFO L290 TraceCheckUtils]: 1: Hoare triple {9086#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {9086#true} is VALID [2022-02-20 18:07:40,419 INFO L290 TraceCheckUtils]: 2: Hoare triple {9086#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9086#true} is VALID [2022-02-20 18:07:40,420 INFO L290 TraceCheckUtils]: 3: Hoare triple {9086#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {9086#true} is VALID [2022-02-20 18:07:40,420 INFO L290 TraceCheckUtils]: 4: Hoare triple {9086#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {9086#true} is VALID [2022-02-20 18:07:40,420 INFO L290 TraceCheckUtils]: 5: Hoare triple {9086#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {9086#true} is VALID [2022-02-20 18:07:40,420 INFO L290 TraceCheckUtils]: 6: Hoare triple {9086#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {9086#true} is VALID [2022-02-20 18:07:40,420 INFO L290 TraceCheckUtils]: 7: Hoare triple {9086#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {9086#true} is VALID [2022-02-20 18:07:40,421 INFO L290 TraceCheckUtils]: 8: Hoare triple {9086#true} assume !false; {9086#true} is VALID [2022-02-20 18:07:40,421 INFO L290 TraceCheckUtils]: 9: Hoare triple {9086#true} assume test_~splverifierCounter~0#1 < 4; {9086#true} is VALID [2022-02-20 18:07:40,421 INFO L290 TraceCheckUtils]: 10: Hoare triple {9086#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {9086#true} is VALID [2022-02-20 18:07:40,421 INFO L290 TraceCheckUtils]: 11: Hoare triple {9086#true} assume !(0 != test_~tmp~1#1); {9086#true} is VALID [2022-02-20 18:07:40,421 INFO L290 TraceCheckUtils]: 12: Hoare triple {9086#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {9086#true} is VALID [2022-02-20 18:07:40,421 INFO L290 TraceCheckUtils]: 13: Hoare triple {9086#true} assume 0 != test_~tmp___0~1#1; {9086#true} is VALID [2022-02-20 18:07:40,422 INFO L272 TraceCheckUtils]: 14: Hoare triple {9086#true} call changeMethaneLevel(); {9106#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:40,422 INFO L290 TraceCheckUtils]: 15: Hoare triple {9106#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {9086#true} is VALID [2022-02-20 18:07:40,422 INFO L290 TraceCheckUtils]: 16: Hoare triple {9086#true} assume true; {9086#true} is VALID [2022-02-20 18:07:40,422 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {9086#true} {9086#true} #256#return; {9086#true} is VALID [2022-02-20 18:07:40,423 INFO L290 TraceCheckUtils]: 18: Hoare triple {9086#true} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {9086#true} is VALID [2022-02-20 18:07:40,423 INFO L290 TraceCheckUtils]: 19: Hoare triple {9086#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {9091#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:40,424 INFO L290 TraceCheckUtils]: 20: Hoare triple {9091#(= 1 ~systemActive~0)} assume { :end_inline_startSystem } true; {9091#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:40,424 INFO L272 TraceCheckUtils]: 21: Hoare triple {9091#(= 1 ~systemActive~0)} call timeShift(); {9091#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:40,424 INFO L290 TraceCheckUtils]: 22: Hoare triple {9091#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {9091#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:40,425 INFO L290 TraceCheckUtils]: 23: Hoare triple {9091#(= 1 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {9086#true} is VALID [2022-02-20 18:07:40,425 INFO L290 TraceCheckUtils]: 24: Hoare triple {9086#true} assume !(0 != ~pumpRunning~0); {9086#true} is VALID [2022-02-20 18:07:40,426 INFO L272 TraceCheckUtils]: 25: Hoare triple {9086#true} call processEnvironment__wrappee__highWaterSensor(); {9107#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:40,426 INFO L290 TraceCheckUtils]: 26: Hoare triple {9107#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {9086#true} is VALID [2022-02-20 18:07:40,426 INFO L290 TraceCheckUtils]: 27: Hoare triple {9086#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {9086#true} is VALID [2022-02-20 18:07:40,427 INFO L290 TraceCheckUtils]: 28: Hoare triple {9086#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~2#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {9108#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} is VALID [2022-02-20 18:07:40,427 INFO L290 TraceCheckUtils]: 29: Hoare triple {9108#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0))} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {9109#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~4#1| 0))} is VALID [2022-02-20 18:07:40,428 INFO L290 TraceCheckUtils]: 30: Hoare triple {9109#(not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~4#1| 0))} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {9087#false} is VALID [2022-02-20 18:07:40,428 INFO L290 TraceCheckUtils]: 31: Hoare triple {9087#false} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {9087#false} is VALID [2022-02-20 18:07:40,428 INFO L290 TraceCheckUtils]: 32: Hoare triple {9087#false} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {9087#false} is VALID [2022-02-20 18:07:40,428 INFO L290 TraceCheckUtils]: 33: Hoare triple {9087#false} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {9087#false} is VALID [2022-02-20 18:07:40,428 INFO L290 TraceCheckUtils]: 34: Hoare triple {9087#false} assume { :end_inline_activatePump } true; {9087#false} is VALID [2022-02-20 18:07:40,428 INFO L290 TraceCheckUtils]: 35: Hoare triple {9087#false} assume true; {9087#false} is VALID [2022-02-20 18:07:40,429 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {9087#false} {9086#true} #250#return; {9087#false} is VALID [2022-02-20 18:07:40,429 INFO L290 TraceCheckUtils]: 37: Hoare triple {9087#false} assume { :end_inline_processEnvironment } true; {9087#false} is VALID [2022-02-20 18:07:40,429 INFO L290 TraceCheckUtils]: 38: Hoare triple {9087#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {9087#false} is VALID [2022-02-20 18:07:40,429 INFO L272 TraceCheckUtils]: 39: Hoare triple {9087#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {9086#true} is VALID [2022-02-20 18:07:40,429 INFO L290 TraceCheckUtils]: 40: Hoare triple {9086#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {9086#true} is VALID [2022-02-20 18:07:40,429 INFO L290 TraceCheckUtils]: 41: Hoare triple {9086#true} assume true; {9086#true} is VALID [2022-02-20 18:07:40,430 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {9086#true} {9087#false} #252#return; {9087#false} is VALID [2022-02-20 18:07:40,430 INFO L290 TraceCheckUtils]: 43: Hoare triple {9087#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {9087#false} is VALID [2022-02-20 18:07:40,430 INFO L290 TraceCheckUtils]: 44: Hoare triple {9087#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {9087#false} is VALID [2022-02-20 18:07:40,430 INFO L290 TraceCheckUtils]: 45: Hoare triple {9087#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {9087#false} is VALID [2022-02-20 18:07:40,430 INFO L290 TraceCheckUtils]: 46: Hoare triple {9087#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {9087#false} is VALID [2022-02-20 18:07:40,431 INFO L290 TraceCheckUtils]: 47: Hoare triple {9087#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {9087#false} is VALID [2022-02-20 18:07:40,431 INFO L290 TraceCheckUtils]: 48: Hoare triple {9087#false} assume !false; {9087#false} is VALID [2022-02-20 18:07:40,431 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:40,431 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:40,431 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [124379586] [2022-02-20 18:07:40,432 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [124379586] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:40,432 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:40,432 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:07:40,432 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1373199052] [2022-02-20 18:07:40,432 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:40,433 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-20 18:07:40,433 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:40,433 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:40,465 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:40,466 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:07:40,466 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:40,466 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:07:40,466 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:07:40,467 INFO L87 Difference]: Start difference. First operand 520 states and 655 transitions. Second operand has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:41,690 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:41,691 INFO L93 Difference]: Finished difference Result 1086 states and 1405 transitions. [2022-02-20 18:07:41,691 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 15 states. [2022-02-20 18:07:41,691 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-20 18:07:41,691 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:41,692 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:41,697 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 360 transitions. [2022-02-20 18:07:41,698 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:41,702 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 15 states to 15 states and 360 transitions. [2022-02-20 18:07:41,702 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 15 states and 360 transitions. [2022-02-20 18:07:41,985 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 360 edges. 360 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:42,011 INFO L225 Difference]: With dead ends: 1086 [2022-02-20 18:07:42,011 INFO L226 Difference]: Without dead ends: 574 [2022-02-20 18:07:42,013 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 26 GetRequests, 11 SyntacticMatches, 0 SemanticMatches, 15 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 41 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=90, Invalid=182, Unknown=0, NotChecked=0, Total=272 [2022-02-20 18:07:42,013 INFO L933 BasicCegarLoop]: 112 mSDtfsCounter, 318 mSDsluCounter, 127 mSDsCounter, 0 mSdLazyCounter, 419 mSolverCounterSat, 123 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.5s Time, 0 mProtectedPredicate, 0 mProtectedAction, 323 SdHoareTripleChecker+Valid, 239 SdHoareTripleChecker+Invalid, 542 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 123 IncrementalHoareTripleChecker+Valid, 419 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.5s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:42,014 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [323 Valid, 239 Invalid, 542 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [123 Valid, 419 Invalid, 0 Unknown, 0 Unchecked, 0.5s Time] [2022-02-20 18:07:42,015 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 574 states. [2022-02-20 18:07:42,037 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 574 to 528. [2022-02-20 18:07:42,037 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:42,039 INFO L82 GeneralOperation]: Start isEquivalent. First operand 574 states. Second operand has 528 states, 395 states have (on average 1.2531645569620253) internal successors, (495), 424 states have internal predecessors, (495), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:42,040 INFO L74 IsIncluded]: Start isIncluded. First operand 574 states. Second operand has 528 states, 395 states have (on average 1.2531645569620253) internal successors, (495), 424 states have internal predecessors, (495), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:42,041 INFO L87 Difference]: Start difference. First operand 574 states. Second operand has 528 states, 395 states have (on average 1.2531645569620253) internal successors, (495), 424 states have internal predecessors, (495), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:42,063 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,063 INFO L93 Difference]: Finished difference Result 574 states and 722 transitions. [2022-02-20 18:07:42,064 INFO L276 IsEmpty]: Start isEmpty. Operand 574 states and 722 transitions. [2022-02-20 18:07:42,065 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:42,065 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:42,067 INFO L74 IsIncluded]: Start isIncluded. First operand has 528 states, 395 states have (on average 1.2531645569620253) internal successors, (495), 424 states have internal predecessors, (495), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) Second operand 574 states. [2022-02-20 18:07:42,068 INFO L87 Difference]: Start difference. First operand has 528 states, 395 states have (on average 1.2531645569620253) internal successors, (495), 424 states have internal predecessors, (495), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) Second operand 574 states. [2022-02-20 18:07:42,089 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,090 INFO L93 Difference]: Finished difference Result 574 states and 722 transitions. [2022-02-20 18:07:42,090 INFO L276 IsEmpty]: Start isEmpty. Operand 574 states and 722 transitions. [2022-02-20 18:07:42,091 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:42,092 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:42,092 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:42,092 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:42,094 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 528 states, 395 states have (on average 1.2531645569620253) internal successors, (495), 424 states have internal predecessors, (495), 68 states have call successors, (68), 52 states have call predecessors, (68), 64 states have return successors, (100), 70 states have call predecessors, (100), 68 states have call successors, (100) [2022-02-20 18:07:42,125 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 528 states to 528 states and 663 transitions. [2022-02-20 18:07:42,126 INFO L78 Accepts]: Start accepts. Automaton has 528 states and 663 transitions. Word has length 49 [2022-02-20 18:07:42,126 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:42,127 INFO L470 AbstractCegarLoop]: Abstraction has 528 states and 663 transitions. [2022-02-20 18:07:42,127 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.0) internal successors, (42), 5 states have internal predecessors, (42), 3 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:42,127 INFO L276 IsEmpty]: Start isEmpty. Operand 528 states and 663 transitions. [2022-02-20 18:07:42,128 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 50 [2022-02-20 18:07:42,128 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:42,128 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:42,129 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:07:42,129 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:42,129 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:42,129 INFO L85 PathProgramCache]: Analyzing trace with hash 258702306, now seen corresponding path program 1 times [2022-02-20 18:07:42,130 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:42,130 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1838383003] [2022-02-20 18:07:42,130 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:42,130 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:42,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 14 [2022-02-20 18:07:42,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,178 INFO L290 TraceCheckUtils]: 0: Hoare triple {12541#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {12521#true} is VALID [2022-02-20 18:07:42,178 INFO L290 TraceCheckUtils]: 1: Hoare triple {12521#true} assume true; {12521#true} is VALID [2022-02-20 18:07:42,179 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12521#true} {12523#(= ~waterLevel~0 1)} #256#return; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,182 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:07:42,185 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,196 INFO L290 TraceCheckUtils]: 0: Hoare triple {12542#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {12521#true} is VALID [2022-02-20 18:07:42,196 INFO L290 TraceCheckUtils]: 1: Hoare triple {12521#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {12521#true} is VALID [2022-02-20 18:07:42,197 INFO L290 TraceCheckUtils]: 2: Hoare triple {12521#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,197 INFO L290 TraceCheckUtils]: 3: Hoare triple {12543#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,198 INFO L290 TraceCheckUtils]: 4: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,198 INFO L290 TraceCheckUtils]: 5: Hoare triple {12543#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,198 INFO L290 TraceCheckUtils]: 6: Hoare triple {12543#(<= 2 ~waterLevel~0)} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,199 INFO L290 TraceCheckUtils]: 7: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,199 INFO L290 TraceCheckUtils]: 8: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,200 INFO L290 TraceCheckUtils]: 9: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume true; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,200 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {12543#(<= 2 ~waterLevel~0)} {12523#(= ~waterLevel~0 1)} #250#return; {12522#false} is VALID [2022-02-20 18:07:42,200 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 39 [2022-02-20 18:07:42,201 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,203 INFO L290 TraceCheckUtils]: 0: Hoare triple {12521#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {12521#true} is VALID [2022-02-20 18:07:42,203 INFO L290 TraceCheckUtils]: 1: Hoare triple {12521#true} assume true; {12521#true} is VALID [2022-02-20 18:07:42,204 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12521#true} {12522#false} #252#return; {12522#false} is VALID [2022-02-20 18:07:42,204 INFO L290 TraceCheckUtils]: 0: Hoare triple {12521#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,205 INFO L290 TraceCheckUtils]: 1: Hoare triple {12523#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,205 INFO L290 TraceCheckUtils]: 2: Hoare triple {12523#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,205 INFO L290 TraceCheckUtils]: 3: Hoare triple {12523#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,206 INFO L290 TraceCheckUtils]: 4: Hoare triple {12523#(= ~waterLevel~0 1)} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,206 INFO L290 TraceCheckUtils]: 5: Hoare triple {12523#(= ~waterLevel~0 1)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,206 INFO L290 TraceCheckUtils]: 6: Hoare triple {12523#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,207 INFO L290 TraceCheckUtils]: 7: Hoare triple {12523#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,207 INFO L290 TraceCheckUtils]: 8: Hoare triple {12523#(= ~waterLevel~0 1)} assume !false; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,207 INFO L290 TraceCheckUtils]: 9: Hoare triple {12523#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,208 INFO L290 TraceCheckUtils]: 10: Hoare triple {12523#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,208 INFO L290 TraceCheckUtils]: 11: Hoare triple {12523#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~1#1); {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,208 INFO L290 TraceCheckUtils]: 12: Hoare triple {12523#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,209 INFO L290 TraceCheckUtils]: 13: Hoare triple {12523#(= ~waterLevel~0 1)} assume 0 != test_~tmp___0~1#1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,212 INFO L272 TraceCheckUtils]: 14: Hoare triple {12523#(= ~waterLevel~0 1)} call changeMethaneLevel(); {12541#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:42,212 INFO L290 TraceCheckUtils]: 15: Hoare triple {12541#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {12521#true} is VALID [2022-02-20 18:07:42,212 INFO L290 TraceCheckUtils]: 16: Hoare triple {12521#true} assume true; {12521#true} is VALID [2022-02-20 18:07:42,212 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {12521#true} {12523#(= ~waterLevel~0 1)} #256#return; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,213 INFO L290 TraceCheckUtils]: 18: Hoare triple {12523#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,213 INFO L290 TraceCheckUtils]: 19: Hoare triple {12523#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,214 INFO L290 TraceCheckUtils]: 20: Hoare triple {12523#(= ~waterLevel~0 1)} assume { :end_inline_startSystem } true; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,214 INFO L272 TraceCheckUtils]: 21: Hoare triple {12523#(= ~waterLevel~0 1)} call timeShift(); {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,214 INFO L290 TraceCheckUtils]: 22: Hoare triple {12523#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,215 INFO L290 TraceCheckUtils]: 23: Hoare triple {12523#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,215 INFO L290 TraceCheckUtils]: 24: Hoare triple {12523#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {12523#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:42,215 INFO L272 TraceCheckUtils]: 25: Hoare triple {12523#(= ~waterLevel~0 1)} call processEnvironment__wrappee__highWaterSensor(); {12542#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:42,216 INFO L290 TraceCheckUtils]: 26: Hoare triple {12542#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {12521#true} is VALID [2022-02-20 18:07:42,216 INFO L290 TraceCheckUtils]: 27: Hoare triple {12521#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {12521#true} is VALID [2022-02-20 18:07:42,216 INFO L290 TraceCheckUtils]: 28: Hoare triple {12521#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,217 INFO L290 TraceCheckUtils]: 29: Hoare triple {12543#(<= 2 ~waterLevel~0)} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,217 INFO L290 TraceCheckUtils]: 30: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,217 INFO L290 TraceCheckUtils]: 31: Hoare triple {12543#(<= 2 ~waterLevel~0)} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,218 INFO L290 TraceCheckUtils]: 32: Hoare triple {12543#(<= 2 ~waterLevel~0)} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,218 INFO L290 TraceCheckUtils]: 33: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,218 INFO L290 TraceCheckUtils]: 34: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume { :end_inline_activatePump } true; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,219 INFO L290 TraceCheckUtils]: 35: Hoare triple {12543#(<= 2 ~waterLevel~0)} assume true; {12543#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:07:42,219 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {12543#(<= 2 ~waterLevel~0)} {12523#(= ~waterLevel~0 1)} #250#return; {12522#false} is VALID [2022-02-20 18:07:42,219 INFO L290 TraceCheckUtils]: 37: Hoare triple {12522#false} assume { :end_inline_processEnvironment } true; {12522#false} is VALID [2022-02-20 18:07:42,220 INFO L290 TraceCheckUtils]: 38: Hoare triple {12522#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {12522#false} is VALID [2022-02-20 18:07:42,220 INFO L272 TraceCheckUtils]: 39: Hoare triple {12522#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {12521#true} is VALID [2022-02-20 18:07:42,220 INFO L290 TraceCheckUtils]: 40: Hoare triple {12521#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {12521#true} is VALID [2022-02-20 18:07:42,220 INFO L290 TraceCheckUtils]: 41: Hoare triple {12521#true} assume true; {12521#true} is VALID [2022-02-20 18:07:42,220 INFO L284 TraceCheckUtils]: 42: Hoare quadruple {12521#true} {12522#false} #252#return; {12522#false} is VALID [2022-02-20 18:07:42,220 INFO L290 TraceCheckUtils]: 43: Hoare triple {12522#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {12522#false} is VALID [2022-02-20 18:07:42,221 INFO L290 TraceCheckUtils]: 44: Hoare triple {12522#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {12522#false} is VALID [2022-02-20 18:07:42,221 INFO L290 TraceCheckUtils]: 45: Hoare triple {12522#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {12522#false} is VALID [2022-02-20 18:07:42,221 INFO L290 TraceCheckUtils]: 46: Hoare triple {12522#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {12522#false} is VALID [2022-02-20 18:07:42,221 INFO L290 TraceCheckUtils]: 47: Hoare triple {12522#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {12522#false} is VALID [2022-02-20 18:07:42,221 INFO L290 TraceCheckUtils]: 48: Hoare triple {12522#false} assume !false; {12522#false} is VALID [2022-02-20 18:07:42,222 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:42,222 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:42,222 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1838383003] [2022-02-20 18:07:42,222 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1838383003] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:42,222 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:42,223 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:42,223 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1493729526] [2022-02-20 18:07:42,223 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:42,223 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-20 18:07:42,224 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:42,224 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 7.0) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:42,256 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:42,256 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:42,256 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:42,257 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:42,257 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:42,257 INFO L87 Difference]: Start difference. First operand 528 states and 663 transitions. Second operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:43,371 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,372 INFO L93 Difference]: Finished difference Result 1540 states and 2013 transitions. [2022-02-20 18:07:43,372 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 12 states. [2022-02-20 18:07:43,372 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 49 [2022-02-20 18:07:43,372 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:43,373 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:43,377 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 364 transitions. [2022-02-20 18:07:43,377 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.0) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:43,381 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 12 states to 12 states and 364 transitions. [2022-02-20 18:07:43,381 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 12 states and 364 transitions. [2022-02-20 18:07:43,663 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 364 edges. 364 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:43,733 INFO L225 Difference]: With dead ends: 1540 [2022-02-20 18:07:43,734 INFO L226 Difference]: Without dead ends: 1020 [2022-02-20 18:07:43,736 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 21 GetRequests, 10 SyntacticMatches, 1 SemanticMatches, 10 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=40, Invalid=92, Unknown=0, NotChecked=0, Total=132 [2022-02-20 18:07:43,736 INFO L933 BasicCegarLoop]: 135 mSDtfsCounter, 316 mSDsluCounter, 125 mSDsCounter, 0 mSdLazyCounter, 270 mSolverCounterSat, 125 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 319 SdHoareTripleChecker+Valid, 260 SdHoareTripleChecker+Invalid, 395 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 125 IncrementalHoareTripleChecker+Valid, 270 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:43,737 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [319 Valid, 260 Invalid, 395 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [125 Valid, 270 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:07:43,738 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1020 states. [2022-02-20 18:07:43,851 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1020 to 1008. [2022-02-20 18:07:43,852 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:43,854 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1020 states. Second operand has 1008 states, 755 states have (on average 1.2225165562913907) internal successors, (923), 802 states have internal predecessors, (923), 130 states have call successors, (130), 118 states have call predecessors, (130), 122 states have return successors, (216), 128 states have call predecessors, (216), 130 states have call successors, (216) [2022-02-20 18:07:43,857 INFO L74 IsIncluded]: Start isIncluded. First operand 1020 states. Second operand has 1008 states, 755 states have (on average 1.2225165562913907) internal successors, (923), 802 states have internal predecessors, (923), 130 states have call successors, (130), 118 states have call predecessors, (130), 122 states have return successors, (216), 128 states have call predecessors, (216), 130 states have call successors, (216) [2022-02-20 18:07:43,859 INFO L87 Difference]: Start difference. First operand 1020 states. Second operand has 1008 states, 755 states have (on average 1.2225165562913907) internal successors, (923), 802 states have internal predecessors, (923), 130 states have call successors, (130), 118 states have call predecessors, (130), 122 states have return successors, (216), 128 states have call predecessors, (216), 130 states have call successors, (216) [2022-02-20 18:07:43,916 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,917 INFO L93 Difference]: Finished difference Result 1020 states and 1282 transitions. [2022-02-20 18:07:43,917 INFO L276 IsEmpty]: Start isEmpty. Operand 1020 states and 1282 transitions. [2022-02-20 18:07:43,920 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:43,920 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:43,923 INFO L74 IsIncluded]: Start isIncluded. First operand has 1008 states, 755 states have (on average 1.2225165562913907) internal successors, (923), 802 states have internal predecessors, (923), 130 states have call successors, (130), 118 states have call predecessors, (130), 122 states have return successors, (216), 128 states have call predecessors, (216), 130 states have call successors, (216) Second operand 1020 states. [2022-02-20 18:07:43,924 INFO L87 Difference]: Start difference. First operand has 1008 states, 755 states have (on average 1.2225165562913907) internal successors, (923), 802 states have internal predecessors, (923), 130 states have call successors, (130), 118 states have call predecessors, (130), 122 states have return successors, (216), 128 states have call predecessors, (216), 130 states have call successors, (216) Second operand 1020 states. [2022-02-20 18:07:43,980 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,980 INFO L93 Difference]: Finished difference Result 1020 states and 1282 transitions. [2022-02-20 18:07:43,980 INFO L276 IsEmpty]: Start isEmpty. Operand 1020 states and 1282 transitions. [2022-02-20 18:07:43,983 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:43,984 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:43,984 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:43,984 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:43,986 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1008 states, 755 states have (on average 1.2225165562913907) internal successors, (923), 802 states have internal predecessors, (923), 130 states have call successors, (130), 118 states have call predecessors, (130), 122 states have return successors, (216), 128 states have call predecessors, (216), 130 states have call successors, (216) [2022-02-20 18:07:44,057 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1008 states to 1008 states and 1269 transitions. [2022-02-20 18:07:44,057 INFO L78 Accepts]: Start accepts. Automaton has 1008 states and 1269 transitions. Word has length 49 [2022-02-20 18:07:44,058 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:44,058 INFO L470 AbstractCegarLoop]: Abstraction has 1008 states and 1269 transitions. [2022-02-20 18:07:44,058 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.0) internal successors, (42), 4 states have internal predecessors, (42), 2 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:44,058 INFO L276 IsEmpty]: Start isEmpty. Operand 1008 states and 1269 transitions. [2022-02-20 18:07:44,059 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 54 [2022-02-20 18:07:44,060 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:44,060 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:44,060 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:07:44,060 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:44,061 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:44,061 INFO L85 PathProgramCache]: Analyzing trace with hash 525985416, now seen corresponding path program 1 times [2022-02-20 18:07:44,061 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:44,061 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1384369194] [2022-02-20 18:07:44,061 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:44,061 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:44,079 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:44,101 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:07:44,103 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:44,105 INFO L290 TraceCheckUtils]: 0: Hoare triple {18158#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {18135#true} is VALID [2022-02-20 18:07:44,106 INFO L290 TraceCheckUtils]: 1: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,106 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #254#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,109 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:07:44,110 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:44,113 INFO L290 TraceCheckUtils]: 0: Hoare triple {18159#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {18135#true} is VALID [2022-02-20 18:07:44,113 INFO L290 TraceCheckUtils]: 1: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,116 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #256#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,120 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 29 [2022-02-20 18:07:44,123 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:44,126 INFO L290 TraceCheckUtils]: 0: Hoare triple {18160#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {18135#true} is VALID [2022-02-20 18:07:44,127 INFO L290 TraceCheckUtils]: 1: Hoare triple {18135#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {18135#true} is VALID [2022-02-20 18:07:44,127 INFO L290 TraceCheckUtils]: 2: Hoare triple {18135#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {18135#true} is VALID [2022-02-20 18:07:44,127 INFO L290 TraceCheckUtils]: 3: Hoare triple {18135#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {18135#true} is VALID [2022-02-20 18:07:44,127 INFO L290 TraceCheckUtils]: 4: Hoare triple {18135#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {18135#true} is VALID [2022-02-20 18:07:44,127 INFO L290 TraceCheckUtils]: 5: Hoare triple {18135#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {18135#true} is VALID [2022-02-20 18:07:44,128 INFO L290 TraceCheckUtils]: 6: Hoare triple {18135#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {18135#true} is VALID [2022-02-20 18:07:44,128 INFO L290 TraceCheckUtils]: 7: Hoare triple {18135#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {18135#true} is VALID [2022-02-20 18:07:44,128 INFO L290 TraceCheckUtils]: 8: Hoare triple {18135#true} assume { :end_inline_activatePump } true; {18135#true} is VALID [2022-02-20 18:07:44,128 INFO L290 TraceCheckUtils]: 9: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,130 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #250#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,131 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 43 [2022-02-20 18:07:44,131 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:44,134 INFO L290 TraceCheckUtils]: 0: Hoare triple {18135#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {18135#true} is VALID [2022-02-20 18:07:44,135 INFO L290 TraceCheckUtils]: 1: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,135 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #252#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,135 INFO L290 TraceCheckUtils]: 0: Hoare triple {18135#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {18135#true} is VALID [2022-02-20 18:07:44,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {18135#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {18135#true} is VALID [2022-02-20 18:07:44,136 INFO L290 TraceCheckUtils]: 2: Hoare triple {18135#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18135#true} is VALID [2022-02-20 18:07:44,136 INFO L290 TraceCheckUtils]: 3: Hoare triple {18135#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {18135#true} is VALID [2022-02-20 18:07:44,136 INFO L290 TraceCheckUtils]: 4: Hoare triple {18135#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {18135#true} is VALID [2022-02-20 18:07:44,136 INFO L290 TraceCheckUtils]: 5: Hoare triple {18135#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {18135#true} is VALID [2022-02-20 18:07:44,137 INFO L290 TraceCheckUtils]: 6: Hoare triple {18135#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,137 INFO L290 TraceCheckUtils]: 7: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,137 INFO L290 TraceCheckUtils]: 8: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume !false; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,138 INFO L290 TraceCheckUtils]: 9: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume test_~splverifierCounter~0#1 < 4; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,138 INFO L290 TraceCheckUtils]: 10: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,138 INFO L290 TraceCheckUtils]: 11: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume 0 != test_~tmp~1#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,139 INFO L272 TraceCheckUtils]: 12: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} call waterRise(); {18158#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:07:44,139 INFO L290 TraceCheckUtils]: 13: Hoare triple {18158#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {18135#true} is VALID [2022-02-20 18:07:44,139 INFO L290 TraceCheckUtils]: 14: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,140 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #254#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,140 INFO L290 TraceCheckUtils]: 16: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,140 INFO L290 TraceCheckUtils]: 17: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume 0 != test_~tmp___0~1#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,141 INFO L272 TraceCheckUtils]: 18: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} call changeMethaneLevel(); {18159#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:44,141 INFO L290 TraceCheckUtils]: 19: Hoare triple {18159#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {18135#true} is VALID [2022-02-20 18:07:44,141 INFO L290 TraceCheckUtils]: 20: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,142 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #256#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,142 INFO L290 TraceCheckUtils]: 22: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,142 INFO L290 TraceCheckUtils]: 23: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,143 INFO L290 TraceCheckUtils]: 24: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_startSystem } true; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,143 INFO L272 TraceCheckUtils]: 25: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} call timeShift(); {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,144 INFO L290 TraceCheckUtils]: 26: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume !(0 != ~pumpRunning~0); {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,144 INFO L290 TraceCheckUtils]: 27: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,144 INFO L290 TraceCheckUtils]: 28: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume !(0 != ~pumpRunning~0); {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,145 INFO L272 TraceCheckUtils]: 29: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} call processEnvironment__wrappee__highWaterSensor(); {18160#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:44,145 INFO L290 TraceCheckUtils]: 30: Hoare triple {18160#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {18135#true} is VALID [2022-02-20 18:07:44,145 INFO L290 TraceCheckUtils]: 31: Hoare triple {18135#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {18135#true} is VALID [2022-02-20 18:07:44,145 INFO L290 TraceCheckUtils]: 32: Hoare triple {18135#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {18135#true} is VALID [2022-02-20 18:07:44,145 INFO L290 TraceCheckUtils]: 33: Hoare triple {18135#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {18135#true} is VALID [2022-02-20 18:07:44,146 INFO L290 TraceCheckUtils]: 34: Hoare triple {18135#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {18135#true} is VALID [2022-02-20 18:07:44,146 INFO L290 TraceCheckUtils]: 35: Hoare triple {18135#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {18135#true} is VALID [2022-02-20 18:07:44,146 INFO L290 TraceCheckUtils]: 36: Hoare triple {18135#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {18135#true} is VALID [2022-02-20 18:07:44,146 INFO L290 TraceCheckUtils]: 37: Hoare triple {18135#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {18135#true} is VALID [2022-02-20 18:07:44,146 INFO L290 TraceCheckUtils]: 38: Hoare triple {18135#true} assume { :end_inline_activatePump } true; {18135#true} is VALID [2022-02-20 18:07:44,146 INFO L290 TraceCheckUtils]: 39: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,147 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #250#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,147 INFO L290 TraceCheckUtils]: 41: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_processEnvironment } true; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,148 INFO L290 TraceCheckUtils]: 42: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,148 INFO L272 TraceCheckUtils]: 43: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {18135#true} is VALID [2022-02-20 18:07:44,148 INFO L290 TraceCheckUtils]: 44: Hoare triple {18135#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {18135#true} is VALID [2022-02-20 18:07:44,148 INFO L290 TraceCheckUtils]: 45: Hoare triple {18135#true} assume true; {18135#true} is VALID [2022-02-20 18:07:44,149 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {18135#true} {18137#(= ~methAndRunningLastTime~0 0)} #252#return; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,149 INFO L290 TraceCheckUtils]: 47: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,150 INFO L290 TraceCheckUtils]: 48: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,150 INFO L290 TraceCheckUtils]: 49: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,150 INFO L290 TraceCheckUtils]: 50: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {18137#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:44,151 INFO L290 TraceCheckUtils]: 51: Hoare triple {18137#(= ~methAndRunningLastTime~0 0)} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {18136#false} is VALID [2022-02-20 18:07:44,151 INFO L290 TraceCheckUtils]: 52: Hoare triple {18136#false} assume !false; {18136#false} is VALID [2022-02-20 18:07:44,151 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:44,151 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:44,152 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1384369194] [2022-02-20 18:07:44,152 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1384369194] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:44,152 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:44,152 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:07:44,152 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [778092871] [2022-02-20 18:07:44,152 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:44,153 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 3 states have internal predecessors, (44), 1 states have call successors, (5), 5 states have call predecessors, (5), 1 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) Word has length 53 [2022-02-20 18:07:44,153 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:44,153 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 3 states have internal predecessors, (44), 1 states have call successors, (5), 5 states have call predecessors, (5), 1 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:07:44,194 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 53 edges. 53 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:44,194 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:44,194 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:44,195 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:44,195 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:44,195 INFO L87 Difference]: Start difference. First operand 1008 states and 1269 transitions. Second operand has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 3 states have internal predecessors, (44), 1 states have call successors, (5), 5 states have call predecessors, (5), 1 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:07:45,670 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:45,670 INFO L93 Difference]: Finished difference Result 1986 states and 2649 transitions. [2022-02-20 18:07:45,670 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 13 states. [2022-02-20 18:07:45,670 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 3 states have internal predecessors, (44), 1 states have call successors, (5), 5 states have call predecessors, (5), 1 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) Word has length 53 [2022-02-20 18:07:45,671 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:45,672 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 3 states have internal predecessors, (44), 1 states have call successors, (5), 5 states have call predecessors, (5), 1 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:07:45,676 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 339 transitions. [2022-02-20 18:07:45,676 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 3 states have internal predecessors, (44), 1 states have call successors, (5), 5 states have call predecessors, (5), 1 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:07:45,679 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 13 states to 13 states and 339 transitions. [2022-02-20 18:07:45,680 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 13 states and 339 transitions. [2022-02-20 18:07:45,965 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 339 edges. 339 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:46,215 INFO L225 Difference]: With dead ends: 1986 [2022-02-20 18:07:46,215 INFO L226 Difference]: Without dead ends: 1984 [2022-02-20 18:07:46,216 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 29 GetRequests, 16 SyntacticMatches, 0 SemanticMatches, 13 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 35 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=67, Invalid=143, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:07:46,216 INFO L933 BasicCegarLoop]: 95 mSDtfsCounter, 427 mSDsluCounter, 95 mSDsCounter, 0 mSdLazyCounter, 259 mSolverCounterSat, 230 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 429 SdHoareTripleChecker+Valid, 190 SdHoareTripleChecker+Invalid, 489 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 230 IncrementalHoareTripleChecker+Valid, 259 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:46,217 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [429 Valid, 190 Invalid, 489 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [230 Valid, 259 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-02-20 18:07:46,218 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1984 states. [2022-02-20 18:07:46,384 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1984 to 1545. [2022-02-20 18:07:46,385 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:46,387 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1984 states. Second operand has 1545 states, 1150 states have (on average 1.2269565217391305) internal successors, (1411), 1240 states have internal predecessors, (1411), 211 states have call successors, (211), 151 states have call predecessors, (211), 183 states have return successors, (428), 204 states have call predecessors, (428), 211 states have call successors, (428) [2022-02-20 18:07:46,389 INFO L74 IsIncluded]: Start isIncluded. First operand 1984 states. Second operand has 1545 states, 1150 states have (on average 1.2269565217391305) internal successors, (1411), 1240 states have internal predecessors, (1411), 211 states have call successors, (211), 151 states have call predecessors, (211), 183 states have return successors, (428), 204 states have call predecessors, (428), 211 states have call successors, (428) [2022-02-20 18:07:46,391 INFO L87 Difference]: Start difference. First operand 1984 states. Second operand has 1545 states, 1150 states have (on average 1.2269565217391305) internal successors, (1411), 1240 states have internal predecessors, (1411), 211 states have call successors, (211), 151 states have call predecessors, (211), 183 states have return successors, (428), 204 states have call predecessors, (428), 211 states have call successors, (428) [2022-02-20 18:07:46,582 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:46,582 INFO L93 Difference]: Finished difference Result 1984 states and 2640 transitions. [2022-02-20 18:07:46,582 INFO L276 IsEmpty]: Start isEmpty. Operand 1984 states and 2640 transitions. [2022-02-20 18:07:46,590 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:46,590 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:46,607 INFO L74 IsIncluded]: Start isIncluded. First operand has 1545 states, 1150 states have (on average 1.2269565217391305) internal successors, (1411), 1240 states have internal predecessors, (1411), 211 states have call successors, (211), 151 states have call predecessors, (211), 183 states have return successors, (428), 204 states have call predecessors, (428), 211 states have call successors, (428) Second operand 1984 states. [2022-02-20 18:07:46,611 INFO L87 Difference]: Start difference. First operand has 1545 states, 1150 states have (on average 1.2269565217391305) internal successors, (1411), 1240 states have internal predecessors, (1411), 211 states have call successors, (211), 151 states have call predecessors, (211), 183 states have return successors, (428), 204 states have call predecessors, (428), 211 states have call successors, (428) Second operand 1984 states. [2022-02-20 18:07:46,808 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:46,808 INFO L93 Difference]: Finished difference Result 1984 states and 2640 transitions. [2022-02-20 18:07:46,808 INFO L276 IsEmpty]: Start isEmpty. Operand 1984 states and 2640 transitions. [2022-02-20 18:07:46,817 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:46,818 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:46,818 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:46,818 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:46,821 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 1545 states, 1150 states have (on average 1.2269565217391305) internal successors, (1411), 1240 states have internal predecessors, (1411), 211 states have call successors, (211), 151 states have call predecessors, (211), 183 states have return successors, (428), 204 states have call predecessors, (428), 211 states have call successors, (428) [2022-02-20 18:07:46,979 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 1545 states to 1545 states and 2050 transitions. [2022-02-20 18:07:46,979 INFO L78 Accepts]: Start accepts. Automaton has 1545 states and 2050 transitions. Word has length 53 [2022-02-20 18:07:46,979 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:46,979 INFO L470 AbstractCegarLoop]: Abstraction has 1545 states and 2050 transitions. [2022-02-20 18:07:46,980 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 7.333333333333333) internal successors, (44), 3 states have internal predecessors, (44), 1 states have call successors, (5), 5 states have call predecessors, (5), 1 states have return successors, (4), 1 states have call predecessors, (4), 1 states have call successors, (4) [2022-02-20 18:07:46,980 INFO L276 IsEmpty]: Start isEmpty. Operand 1545 states and 2050 transitions. [2022-02-20 18:07:46,983 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 84 [2022-02-20 18:07:46,983 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:46,983 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:46,983 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:07:46,984 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:46,984 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:46,984 INFO L85 PathProgramCache]: Analyzing trace with hash -1653016264, now seen corresponding path program 1 times [2022-02-20 18:07:46,984 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:46,985 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [550245908] [2022-02-20 18:07:46,985 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:46,985 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:47,019 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:47,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:07:47,042 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:47,045 INFO L290 TraceCheckUtils]: 0: Hoare triple {27115#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {27074#true} is VALID [2022-02-20 18:07:47,045 INFO L290 TraceCheckUtils]: 1: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,045 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27074#true} {27074#true} #254#return; {27074#true} is VALID [2022-02-20 18:07:47,048 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:07:47,049 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:47,051 INFO L290 TraceCheckUtils]: 0: Hoare triple {27116#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {27074#true} is VALID [2022-02-20 18:07:47,051 INFO L290 TraceCheckUtils]: 1: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,051 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27074#true} {27074#true} #256#return; {27074#true} is VALID [2022-02-20 18:07:47,057 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 28 [2022-02-20 18:07:47,062 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:47,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:07:47,081 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:47,084 INFO L290 TraceCheckUtils]: 0: Hoare triple {27133#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {27074#true} is VALID [2022-02-20 18:07:47,084 INFO L290 TraceCheckUtils]: 1: Hoare triple {27074#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {27074#true} is VALID [2022-02-20 18:07:47,084 INFO L290 TraceCheckUtils]: 2: Hoare triple {27074#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {27074#true} is VALID [2022-02-20 18:07:47,084 INFO L290 TraceCheckUtils]: 3: Hoare triple {27074#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {27074#true} is VALID [2022-02-20 18:07:47,084 INFO L290 TraceCheckUtils]: 4: Hoare triple {27074#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {27074#true} is VALID [2022-02-20 18:07:47,085 INFO L290 TraceCheckUtils]: 5: Hoare triple {27074#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {27074#true} is VALID [2022-02-20 18:07:47,085 INFO L290 TraceCheckUtils]: 6: Hoare triple {27074#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {27074#true} is VALID [2022-02-20 18:07:47,085 INFO L290 TraceCheckUtils]: 7: Hoare triple {27074#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {27074#true} is VALID [2022-02-20 18:07:47,085 INFO L290 TraceCheckUtils]: 8: Hoare triple {27074#true} assume { :end_inline_activatePump } true; {27074#true} is VALID [2022-02-20 18:07:47,085 INFO L290 TraceCheckUtils]: 9: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,086 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {27074#true} {27118#(not (= 0 ~systemActive~0))} #250#return; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,086 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-20 18:07:47,087 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:47,088 INFO L290 TraceCheckUtils]: 0: Hoare triple {27074#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {27074#true} is VALID [2022-02-20 18:07:47,089 INFO L290 TraceCheckUtils]: 1: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,089 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27074#true} {27118#(not (= 0 ~systemActive~0))} #252#return; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,089 INFO L290 TraceCheckUtils]: 0: Hoare triple {27117#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {27074#true} is VALID [2022-02-20 18:07:47,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {27074#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,090 INFO L290 TraceCheckUtils]: 2: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,090 INFO L272 TraceCheckUtils]: 3: Hoare triple {27118#(not (= 0 ~systemActive~0))} call processEnvironment__wrappee__highWaterSensor(); {27133#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:47,091 INFO L290 TraceCheckUtils]: 4: Hoare triple {27133#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {27074#true} is VALID [2022-02-20 18:07:47,091 INFO L290 TraceCheckUtils]: 5: Hoare triple {27074#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {27074#true} is VALID [2022-02-20 18:07:47,091 INFO L290 TraceCheckUtils]: 6: Hoare triple {27074#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {27074#true} is VALID [2022-02-20 18:07:47,091 INFO L290 TraceCheckUtils]: 7: Hoare triple {27074#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {27074#true} is VALID [2022-02-20 18:07:47,091 INFO L290 TraceCheckUtils]: 8: Hoare triple {27074#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {27074#true} is VALID [2022-02-20 18:07:47,091 INFO L290 TraceCheckUtils]: 9: Hoare triple {27074#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {27074#true} is VALID [2022-02-20 18:07:47,092 INFO L290 TraceCheckUtils]: 10: Hoare triple {27074#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {27074#true} is VALID [2022-02-20 18:07:47,092 INFO L290 TraceCheckUtils]: 11: Hoare triple {27074#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {27074#true} is VALID [2022-02-20 18:07:47,092 INFO L290 TraceCheckUtils]: 12: Hoare triple {27074#true} assume { :end_inline_activatePump } true; {27074#true} is VALID [2022-02-20 18:07:47,092 INFO L290 TraceCheckUtils]: 13: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,092 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {27074#true} {27118#(not (= 0 ~systemActive~0))} #250#return; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,093 INFO L290 TraceCheckUtils]: 15: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume { :end_inline_processEnvironment } true; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,093 INFO L290 TraceCheckUtils]: 16: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,093 INFO L272 TraceCheckUtils]: 17: Hoare triple {27118#(not (= 0 ~systemActive~0))} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {27074#true} is VALID [2022-02-20 18:07:47,094 INFO L290 TraceCheckUtils]: 18: Hoare triple {27074#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {27074#true} is VALID [2022-02-20 18:07:47,094 INFO L290 TraceCheckUtils]: 19: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,094 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {27074#true} {27118#(not (= 0 ~systemActive~0))} #252#return; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,095 INFO L290 TraceCheckUtils]: 21: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,095 INFO L290 TraceCheckUtils]: 22: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,095 INFO L290 TraceCheckUtils]: 23: Hoare triple {27118#(not (= 0 ~systemActive~0))} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,096 INFO L290 TraceCheckUtils]: 24: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,096 INFO L290 TraceCheckUtils]: 25: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,097 INFO L290 TraceCheckUtils]: 26: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,097 INFO L290 TraceCheckUtils]: 27: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume true; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,097 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {27118#(not (= 0 ~systemActive~0))} {27082#(= 0 ~systemActive~0)} #260#return; {27075#false} is VALID [2022-02-20 18:07:47,098 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 73 [2022-02-20 18:07:47,098 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:47,100 INFO L290 TraceCheckUtils]: 0: Hoare triple {27074#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {27074#true} is VALID [2022-02-20 18:07:47,100 INFO L290 TraceCheckUtils]: 1: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,100 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {27074#true} {27075#false} #252#return; {27075#false} is VALID [2022-02-20 18:07:47,101 INFO L290 TraceCheckUtils]: 0: Hoare triple {27074#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {27074#true} is VALID [2022-02-20 18:07:47,101 INFO L290 TraceCheckUtils]: 1: Hoare triple {27074#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {27074#true} is VALID [2022-02-20 18:07:47,101 INFO L290 TraceCheckUtils]: 2: Hoare triple {27074#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {27074#true} is VALID [2022-02-20 18:07:47,101 INFO L290 TraceCheckUtils]: 3: Hoare triple {27074#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {27074#true} is VALID [2022-02-20 18:07:47,101 INFO L290 TraceCheckUtils]: 4: Hoare triple {27074#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {27074#true} is VALID [2022-02-20 18:07:47,101 INFO L290 TraceCheckUtils]: 5: Hoare triple {27074#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {27074#true} is VALID [2022-02-20 18:07:47,102 INFO L290 TraceCheckUtils]: 6: Hoare triple {27074#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {27074#true} is VALID [2022-02-20 18:07:47,102 INFO L290 TraceCheckUtils]: 7: Hoare triple {27074#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {27074#true} is VALID [2022-02-20 18:07:47,102 INFO L290 TraceCheckUtils]: 8: Hoare triple {27074#true} assume !false; {27074#true} is VALID [2022-02-20 18:07:47,102 INFO L290 TraceCheckUtils]: 9: Hoare triple {27074#true} assume test_~splverifierCounter~0#1 < 4; {27074#true} is VALID [2022-02-20 18:07:47,102 INFO L290 TraceCheckUtils]: 10: Hoare triple {27074#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {27074#true} is VALID [2022-02-20 18:07:47,102 INFO L290 TraceCheckUtils]: 11: Hoare triple {27074#true} assume 0 != test_~tmp~1#1; {27074#true} is VALID [2022-02-20 18:07:47,103 INFO L272 TraceCheckUtils]: 12: Hoare triple {27074#true} call waterRise(); {27115#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:07:47,103 INFO L290 TraceCheckUtils]: 13: Hoare triple {27115#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {27074#true} is VALID [2022-02-20 18:07:47,103 INFO L290 TraceCheckUtils]: 14: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,103 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {27074#true} {27074#true} #254#return; {27074#true} is VALID [2022-02-20 18:07:47,103 INFO L290 TraceCheckUtils]: 16: Hoare triple {27074#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {27074#true} is VALID [2022-02-20 18:07:47,104 INFO L290 TraceCheckUtils]: 17: Hoare triple {27074#true} assume 0 != test_~tmp___0~1#1; {27074#true} is VALID [2022-02-20 18:07:47,104 INFO L272 TraceCheckUtils]: 18: Hoare triple {27074#true} call changeMethaneLevel(); {27116#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:47,104 INFO L290 TraceCheckUtils]: 19: Hoare triple {27116#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {27074#true} is VALID [2022-02-20 18:07:47,104 INFO L290 TraceCheckUtils]: 20: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,104 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {27074#true} {27074#true} #256#return; {27074#true} is VALID [2022-02-20 18:07:47,104 INFO L290 TraceCheckUtils]: 22: Hoare triple {27074#true} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {27074#true} is VALID [2022-02-20 18:07:47,105 INFO L290 TraceCheckUtils]: 23: Hoare triple {27074#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {27074#true} is VALID [2022-02-20 18:07:47,105 INFO L290 TraceCheckUtils]: 24: Hoare triple {27074#true} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {27074#true} is VALID [2022-02-20 18:07:47,105 INFO L290 TraceCheckUtils]: 25: Hoare triple {27074#true} assume !(0 != ~pumpRunning~0); {27074#true} is VALID [2022-02-20 18:07:47,105 INFO L290 TraceCheckUtils]: 26: Hoare triple {27074#true} ~systemActive~0 := 0; {27082#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:07:47,106 INFO L290 TraceCheckUtils]: 27: Hoare triple {27082#(= 0 ~systemActive~0)} assume { :end_inline_stopSystem } true; {27082#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:07:47,106 INFO L272 TraceCheckUtils]: 28: Hoare triple {27082#(= 0 ~systemActive~0)} call timeShift(); {27117#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} is VALID [2022-02-20 18:07:47,106 INFO L290 TraceCheckUtils]: 29: Hoare triple {27117#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {27074#true} is VALID [2022-02-20 18:07:47,107 INFO L290 TraceCheckUtils]: 30: Hoare triple {27074#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,107 INFO L290 TraceCheckUtils]: 31: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,108 INFO L272 TraceCheckUtils]: 32: Hoare triple {27118#(not (= 0 ~systemActive~0))} call processEnvironment__wrappee__highWaterSensor(); {27133#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:47,108 INFO L290 TraceCheckUtils]: 33: Hoare triple {27133#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {27074#true} is VALID [2022-02-20 18:07:47,108 INFO L290 TraceCheckUtils]: 34: Hoare triple {27074#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {27074#true} is VALID [2022-02-20 18:07:47,108 INFO L290 TraceCheckUtils]: 35: Hoare triple {27074#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {27074#true} is VALID [2022-02-20 18:07:47,108 INFO L290 TraceCheckUtils]: 36: Hoare triple {27074#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {27074#true} is VALID [2022-02-20 18:07:47,108 INFO L290 TraceCheckUtils]: 37: Hoare triple {27074#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {27074#true} is VALID [2022-02-20 18:07:47,109 INFO L290 TraceCheckUtils]: 38: Hoare triple {27074#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {27074#true} is VALID [2022-02-20 18:07:47,109 INFO L290 TraceCheckUtils]: 39: Hoare triple {27074#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {27074#true} is VALID [2022-02-20 18:07:47,109 INFO L290 TraceCheckUtils]: 40: Hoare triple {27074#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {27074#true} is VALID [2022-02-20 18:07:47,109 INFO L290 TraceCheckUtils]: 41: Hoare triple {27074#true} assume { :end_inline_activatePump } true; {27074#true} is VALID [2022-02-20 18:07:47,109 INFO L290 TraceCheckUtils]: 42: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,110 INFO L284 TraceCheckUtils]: 43: Hoare quadruple {27074#true} {27118#(not (= 0 ~systemActive~0))} #250#return; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,110 INFO L290 TraceCheckUtils]: 44: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume { :end_inline_processEnvironment } true; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,110 INFO L290 TraceCheckUtils]: 45: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,110 INFO L272 TraceCheckUtils]: 46: Hoare triple {27118#(not (= 0 ~systemActive~0))} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {27074#true} is VALID [2022-02-20 18:07:47,111 INFO L290 TraceCheckUtils]: 47: Hoare triple {27074#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {27074#true} is VALID [2022-02-20 18:07:47,111 INFO L290 TraceCheckUtils]: 48: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,111 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {27074#true} {27118#(not (= 0 ~systemActive~0))} #252#return; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,112 INFO L290 TraceCheckUtils]: 50: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,112 INFO L290 TraceCheckUtils]: 51: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,112 INFO L290 TraceCheckUtils]: 52: Hoare triple {27118#(not (= 0 ~systemActive~0))} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,113 INFO L290 TraceCheckUtils]: 53: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,113 INFO L290 TraceCheckUtils]: 54: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,114 INFO L290 TraceCheckUtils]: 55: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,114 INFO L290 TraceCheckUtils]: 56: Hoare triple {27118#(not (= 0 ~systemActive~0))} assume true; {27118#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:47,114 INFO L284 TraceCheckUtils]: 57: Hoare quadruple {27118#(not (= 0 ~systemActive~0))} {27082#(= 0 ~systemActive~0)} #260#return; {27075#false} is VALID [2022-02-20 18:07:47,114 INFO L290 TraceCheckUtils]: 58: Hoare triple {27075#false} assume !false; {27075#false} is VALID [2022-02-20 18:07:47,115 INFO L290 TraceCheckUtils]: 59: Hoare triple {27075#false} assume test_~splverifierCounter~0#1 < 4; {27075#false} is VALID [2022-02-20 18:07:47,115 INFO L290 TraceCheckUtils]: 60: Hoare triple {27075#false} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {27075#false} is VALID [2022-02-20 18:07:47,115 INFO L290 TraceCheckUtils]: 61: Hoare triple {27075#false} assume !(0 != test_~tmp~1#1); {27075#false} is VALID [2022-02-20 18:07:47,115 INFO L290 TraceCheckUtils]: 62: Hoare triple {27075#false} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {27075#false} is VALID [2022-02-20 18:07:47,115 INFO L290 TraceCheckUtils]: 63: Hoare triple {27075#false} assume !(0 != test_~tmp___0~1#1); {27075#false} is VALID [2022-02-20 18:07:47,115 INFO L290 TraceCheckUtils]: 64: Hoare triple {27075#false} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {27075#false} is VALID [2022-02-20 18:07:47,116 INFO L290 TraceCheckUtils]: 65: Hoare triple {27075#false} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet14#1 && test_#t~nondet14#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet14#1;havoc test_#t~nondet14#1; {27075#false} is VALID [2022-02-20 18:07:47,116 INFO L290 TraceCheckUtils]: 66: Hoare triple {27075#false} assume !(0 != test_~tmp___1~0#1); {27075#false} is VALID [2022-02-20 18:07:47,116 INFO L272 TraceCheckUtils]: 67: Hoare triple {27075#false} call timeShift(); {27075#false} is VALID [2022-02-20 18:07:47,116 INFO L290 TraceCheckUtils]: 68: Hoare triple {27075#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {27075#false} is VALID [2022-02-20 18:07:47,116 INFO L290 TraceCheckUtils]: 69: Hoare triple {27075#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {27075#false} is VALID [2022-02-20 18:07:47,116 INFO L290 TraceCheckUtils]: 70: Hoare triple {27075#false} assume { :end_inline_lowerWaterLevel } true; {27075#false} is VALID [2022-02-20 18:07:47,117 INFO L290 TraceCheckUtils]: 71: Hoare triple {27075#false} assume !(0 != ~systemActive~0); {27075#false} is VALID [2022-02-20 18:07:47,117 INFO L290 TraceCheckUtils]: 72: Hoare triple {27075#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {27075#false} is VALID [2022-02-20 18:07:47,117 INFO L272 TraceCheckUtils]: 73: Hoare triple {27075#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {27074#true} is VALID [2022-02-20 18:07:47,117 INFO L290 TraceCheckUtils]: 74: Hoare triple {27074#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {27074#true} is VALID [2022-02-20 18:07:47,117 INFO L290 TraceCheckUtils]: 75: Hoare triple {27074#true} assume true; {27074#true} is VALID [2022-02-20 18:07:47,117 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {27074#true} {27075#false} #252#return; {27075#false} is VALID [2022-02-20 18:07:47,117 INFO L290 TraceCheckUtils]: 77: Hoare triple {27075#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {27075#false} is VALID [2022-02-20 18:07:47,118 INFO L290 TraceCheckUtils]: 78: Hoare triple {27075#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {27075#false} is VALID [2022-02-20 18:07:47,118 INFO L290 TraceCheckUtils]: 79: Hoare triple {27075#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {27075#false} is VALID [2022-02-20 18:07:47,118 INFO L290 TraceCheckUtils]: 80: Hoare triple {27075#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {27075#false} is VALID [2022-02-20 18:07:47,118 INFO L290 TraceCheckUtils]: 81: Hoare triple {27075#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {27075#false} is VALID [2022-02-20 18:07:47,118 INFO L290 TraceCheckUtils]: 82: Hoare triple {27075#false} assume !false; {27075#false} is VALID [2022-02-20 18:07:47,119 INFO L134 CoverageAnalysis]: Checked inductivity of 22 backedges. 19 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:47,119 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:47,119 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [550245908] [2022-02-20 18:07:47,119 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [550245908] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:47,119 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:47,119 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:07:47,120 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [570354028] [2022-02-20 18:07:47,120 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:47,120 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.5) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 6 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) Word has length 83 [2022-02-20 18:07:47,121 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:47,121 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 8.5) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 6 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:07:47,179 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 81 edges. 81 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:47,180 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:07:47,180 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:47,180 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:07:47,181 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=15, Invalid=41, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:07:47,181 INFO L87 Difference]: Start difference. First operand 1545 states and 2050 transitions. Second operand has 8 states, 8 states have (on average 8.5) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 6 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:07:48,716 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:48,716 INFO L93 Difference]: Finished difference Result 2565 states and 3385 transitions. [2022-02-20 18:07:48,717 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:07:48,717 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 8.5) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 6 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) Word has length 83 [2022-02-20 18:07:48,717 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:48,717 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.5) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 6 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:07:48,720 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 305 transitions. [2022-02-20 18:07:48,721 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 8.5) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 6 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:07:48,723 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 305 transitions. [2022-02-20 18:07:48,723 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 305 transitions. [2022-02-20 18:07:48,986 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 305 edges. 305 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:49,060 INFO L225 Difference]: With dead ends: 2565 [2022-02-20 18:07:49,060 INFO L226 Difference]: Without dead ends: 1028 [2022-02-20 18:07:49,067 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 32 GetRequests, 16 SyntacticMatches, 0 SemanticMatches, 16 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 49 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=86, Invalid=220, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:07:49,068 INFO L933 BasicCegarLoop]: 124 mSDtfsCounter, 339 mSDsluCounter, 153 mSDsCounter, 0 mSdLazyCounter, 307 mSolverCounterSat, 138 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.4s Time, 0 mProtectedPredicate, 0 mProtectedAction, 348 SdHoareTripleChecker+Valid, 277 SdHoareTripleChecker+Invalid, 445 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 138 IncrementalHoareTripleChecker+Valid, 307 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.4s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:49,069 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [348 Valid, 277 Invalid, 445 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [138 Valid, 307 Invalid, 0 Unknown, 0 Unchecked, 0.4s Time] [2022-02-20 18:07:49,070 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 1028 states. [2022-02-20 18:07:49,168 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 1028 to 970. [2022-02-20 18:07:49,168 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:49,170 INFO L82 GeneralOperation]: Start isEquivalent. First operand 1028 states. Second operand has 970 states, 728 states have (on average 1.2129120879120878) internal successors, (883), 783 states have internal predecessors, (883), 126 states have call successors, (126), 98 states have call predecessors, (126), 115 states have return successors, (237), 125 states have call predecessors, (237), 126 states have call successors, (237) [2022-02-20 18:07:49,171 INFO L74 IsIncluded]: Start isIncluded. First operand 1028 states. Second operand has 970 states, 728 states have (on average 1.2129120879120878) internal successors, (883), 783 states have internal predecessors, (883), 126 states have call successors, (126), 98 states have call predecessors, (126), 115 states have return successors, (237), 125 states have call predecessors, (237), 126 states have call successors, (237) [2022-02-20 18:07:49,172 INFO L87 Difference]: Start difference. First operand 1028 states. Second operand has 970 states, 728 states have (on average 1.2129120879120878) internal successors, (883), 783 states have internal predecessors, (883), 126 states have call successors, (126), 98 states have call predecessors, (126), 115 states have return successors, (237), 125 states have call predecessors, (237), 126 states have call successors, (237) [2022-02-20 18:07:49,226 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:49,227 INFO L93 Difference]: Finished difference Result 1028 states and 1314 transitions. [2022-02-20 18:07:49,227 INFO L276 IsEmpty]: Start isEmpty. Operand 1028 states and 1314 transitions. [2022-02-20 18:07:49,230 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:49,230 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:49,232 INFO L74 IsIncluded]: Start isIncluded. First operand has 970 states, 728 states have (on average 1.2129120879120878) internal successors, (883), 783 states have internal predecessors, (883), 126 states have call successors, (126), 98 states have call predecessors, (126), 115 states have return successors, (237), 125 states have call predecessors, (237), 126 states have call successors, (237) Second operand 1028 states. [2022-02-20 18:07:49,233 INFO L87 Difference]: Start difference. First operand has 970 states, 728 states have (on average 1.2129120879120878) internal successors, (883), 783 states have internal predecessors, (883), 126 states have call successors, (126), 98 states have call predecessors, (126), 115 states have return successors, (237), 125 states have call predecessors, (237), 126 states have call successors, (237) Second operand 1028 states. [2022-02-20 18:07:49,286 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:49,287 INFO L93 Difference]: Finished difference Result 1028 states and 1314 transitions. [2022-02-20 18:07:49,287 INFO L276 IsEmpty]: Start isEmpty. Operand 1028 states and 1314 transitions. [2022-02-20 18:07:49,290 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:49,290 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:49,290 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:49,290 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:49,292 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 970 states, 728 states have (on average 1.2129120879120878) internal successors, (883), 783 states have internal predecessors, (883), 126 states have call successors, (126), 98 states have call predecessors, (126), 115 states have return successors, (237), 125 states have call predecessors, (237), 126 states have call successors, (237) [2022-02-20 18:07:49,368 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 970 states to 970 states and 1246 transitions. [2022-02-20 18:07:49,369 INFO L78 Accepts]: Start accepts. Automaton has 970 states and 1246 transitions. Word has length 83 [2022-02-20 18:07:49,369 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:49,369 INFO L470 AbstractCegarLoop]: Abstraction has 970 states and 1246 transitions. [2022-02-20 18:07:49,370 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 8.5) internal successors, (68), 4 states have internal predecessors, (68), 4 states have call successors, (7), 6 states have call predecessors, (7), 2 states have return successors, (6), 3 states have call predecessors, (6), 4 states have call successors, (6) [2022-02-20 18:07:49,370 INFO L276 IsEmpty]: Start isEmpty. Operand 970 states and 1246 transitions. [2022-02-20 18:07:49,372 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 93 [2022-02-20 18:07:49,372 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:49,373 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:49,373 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable9 [2022-02-20 18:07:49,373 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:49,374 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:49,374 INFO L85 PathProgramCache]: Analyzing trace with hash -365592096, now seen corresponding path program 1 times [2022-02-20 18:07:49,374 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:49,374 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [187599375] [2022-02-20 18:07:49,374 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:49,374 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:49,418 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,457 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:07:49,458 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,462 INFO L290 TraceCheckUtils]: 0: Hoare triple {34163#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {34110#true} is VALID [2022-02-20 18:07:49,462 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,462 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34110#true} {34110#true} #254#return; {34110#true} is VALID [2022-02-20 18:07:49,467 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:07:49,468 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,471 INFO L290 TraceCheckUtils]: 0: Hoare triple {34164#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {34110#true} is VALID [2022-02-20 18:07:49,472 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,472 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34110#true} {34110#true} #256#return; {34110#true} is VALID [2022-02-20 18:07:49,480 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:07:49,488 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,513 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:07:49,517 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {34110#true} is VALID [2022-02-20 18:07:49,524 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,525 INFO L290 TraceCheckUtils]: 2: Hoare triple {34110#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,525 INFO L290 TraceCheckUtils]: 3: Hoare triple {34110#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {34110#true} is VALID [2022-02-20 18:07:49,525 INFO L290 TraceCheckUtils]: 4: Hoare triple {34110#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {34110#true} is VALID [2022-02-20 18:07:49,525 INFO L290 TraceCheckUtils]: 5: Hoare triple {34110#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {34110#true} is VALID [2022-02-20 18:07:49,525 INFO L290 TraceCheckUtils]: 6: Hoare triple {34110#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {34110#true} is VALID [2022-02-20 18:07:49,526 INFO L290 TraceCheckUtils]: 7: Hoare triple {34110#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,526 INFO L290 TraceCheckUtils]: 8: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,527 INFO L290 TraceCheckUtils]: 9: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,527 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34110#true} #250#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,527 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-20 18:07:49,528 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,534 INFO L290 TraceCheckUtils]: 0: Hoare triple {34110#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {34110#true} is VALID [2022-02-20 18:07:49,534 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,534 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34110#true} {34177#(<= 1 ~pumpRunning~0)} #252#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,535 INFO L290 TraceCheckUtils]: 0: Hoare triple {34165#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {34110#true} is VALID [2022-02-20 18:07:49,535 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {34110#true} is VALID [2022-02-20 18:07:49,535 INFO L290 TraceCheckUtils]: 2: Hoare triple {34110#true} assume !(0 != ~pumpRunning~0); {34110#true} is VALID [2022-02-20 18:07:49,536 INFO L272 TraceCheckUtils]: 3: Hoare triple {34110#true} call processEnvironment__wrappee__highWaterSensor(); {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:49,536 INFO L290 TraceCheckUtils]: 4: Hoare triple {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {34110#true} is VALID [2022-02-20 18:07:49,536 INFO L290 TraceCheckUtils]: 5: Hoare triple {34110#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,536 INFO L290 TraceCheckUtils]: 6: Hoare triple {34110#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,536 INFO L290 TraceCheckUtils]: 7: Hoare triple {34110#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {34110#true} is VALID [2022-02-20 18:07:49,536 INFO L290 TraceCheckUtils]: 8: Hoare triple {34110#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {34110#true} is VALID [2022-02-20 18:07:49,537 INFO L290 TraceCheckUtils]: 9: Hoare triple {34110#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {34110#true} is VALID [2022-02-20 18:07:49,537 INFO L290 TraceCheckUtils]: 10: Hoare triple {34110#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {34110#true} is VALID [2022-02-20 18:07:49,537 INFO L290 TraceCheckUtils]: 11: Hoare triple {34110#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,539 INFO L290 TraceCheckUtils]: 12: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,539 INFO L290 TraceCheckUtils]: 13: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,539 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34110#true} #250#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,540 INFO L290 TraceCheckUtils]: 15: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,540 INFO L290 TraceCheckUtils]: 16: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,540 INFO L272 TraceCheckUtils]: 17: Hoare triple {34177#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {34110#true} is VALID [2022-02-20 18:07:49,540 INFO L290 TraceCheckUtils]: 18: Hoare triple {34110#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {34110#true} is VALID [2022-02-20 18:07:49,541 INFO L290 TraceCheckUtils]: 19: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,541 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {34110#true} {34177#(<= 1 ~pumpRunning~0)} #252#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,542 INFO L290 TraceCheckUtils]: 21: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,542 INFO L290 TraceCheckUtils]: 22: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,542 INFO L290 TraceCheckUtils]: 23: Hoare triple {34177#(<= 1 ~pumpRunning~0)} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,543 INFO L290 TraceCheckUtils]: 24: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,543 INFO L290 TraceCheckUtils]: 25: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,544 INFO L290 TraceCheckUtils]: 26: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,544 INFO L290 TraceCheckUtils]: 27: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,545 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34118#(= 1 ~systemActive~0)} #260#return; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,545 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:07:49,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,554 INFO L290 TraceCheckUtils]: 0: Hoare triple {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {34110#true} is VALID [2022-02-20 18:07:49,554 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,554 INFO L290 TraceCheckUtils]: 2: Hoare triple {34110#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,554 INFO L290 TraceCheckUtils]: 3: Hoare triple {34110#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {34110#true} is VALID [2022-02-20 18:07:49,555 INFO L290 TraceCheckUtils]: 4: Hoare triple {34110#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {34110#true} is VALID [2022-02-20 18:07:49,555 INFO L290 TraceCheckUtils]: 5: Hoare triple {34110#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {34110#true} is VALID [2022-02-20 18:07:49,555 INFO L290 TraceCheckUtils]: 6: Hoare triple {34110#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {34110#true} is VALID [2022-02-20 18:07:49,555 INFO L290 TraceCheckUtils]: 7: Hoare triple {34110#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {34110#true} is VALID [2022-02-20 18:07:49,555 INFO L290 TraceCheckUtils]: 8: Hoare triple {34110#true} assume { :end_inline_activatePump } true; {34110#true} is VALID [2022-02-20 18:07:49,555 INFO L290 TraceCheckUtils]: 9: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,556 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {34110#true} {34111#false} #250#return; {34111#false} is VALID [2022-02-20 18:07:49,556 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 82 [2022-02-20 18:07:49,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {34110#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {34110#true} is VALID [2022-02-20 18:07:49,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,560 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {34110#true} {34111#false} #252#return; {34111#false} is VALID [2022-02-20 18:07:49,560 INFO L290 TraceCheckUtils]: 0: Hoare triple {34110#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {34110#true} is VALID [2022-02-20 18:07:49,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {34110#true} is VALID [2022-02-20 18:07:49,560 INFO L290 TraceCheckUtils]: 2: Hoare triple {34110#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {34110#true} is VALID [2022-02-20 18:07:49,561 INFO L290 TraceCheckUtils]: 3: Hoare triple {34110#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {34110#true} is VALID [2022-02-20 18:07:49,561 INFO L290 TraceCheckUtils]: 4: Hoare triple {34110#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {34110#true} is VALID [2022-02-20 18:07:49,561 INFO L290 TraceCheckUtils]: 5: Hoare triple {34110#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {34110#true} is VALID [2022-02-20 18:07:49,561 INFO L290 TraceCheckUtils]: 6: Hoare triple {34110#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {34110#true} is VALID [2022-02-20 18:07:49,561 INFO L290 TraceCheckUtils]: 7: Hoare triple {34110#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {34110#true} is VALID [2022-02-20 18:07:49,561 INFO L290 TraceCheckUtils]: 8: Hoare triple {34110#true} assume !false; {34110#true} is VALID [2022-02-20 18:07:49,562 INFO L290 TraceCheckUtils]: 9: Hoare triple {34110#true} assume test_~splverifierCounter~0#1 < 4; {34110#true} is VALID [2022-02-20 18:07:49,562 INFO L290 TraceCheckUtils]: 10: Hoare triple {34110#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {34110#true} is VALID [2022-02-20 18:07:49,562 INFO L290 TraceCheckUtils]: 11: Hoare triple {34110#true} assume 0 != test_~tmp~1#1; {34110#true} is VALID [2022-02-20 18:07:49,562 INFO L272 TraceCheckUtils]: 12: Hoare triple {34110#true} call waterRise(); {34163#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:07:49,563 INFO L290 TraceCheckUtils]: 13: Hoare triple {34163#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {34110#true} is VALID [2022-02-20 18:07:49,563 INFO L290 TraceCheckUtils]: 14: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,563 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {34110#true} {34110#true} #254#return; {34110#true} is VALID [2022-02-20 18:07:49,563 INFO L290 TraceCheckUtils]: 16: Hoare triple {34110#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {34110#true} is VALID [2022-02-20 18:07:49,563 INFO L290 TraceCheckUtils]: 17: Hoare triple {34110#true} assume 0 != test_~tmp___0~1#1; {34110#true} is VALID [2022-02-20 18:07:49,564 INFO L272 TraceCheckUtils]: 18: Hoare triple {34110#true} call changeMethaneLevel(); {34164#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:49,564 INFO L290 TraceCheckUtils]: 19: Hoare triple {34164#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {34110#true} is VALID [2022-02-20 18:07:49,564 INFO L290 TraceCheckUtils]: 20: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,564 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34110#true} {34110#true} #256#return; {34110#true} is VALID [2022-02-20 18:07:49,564 INFO L290 TraceCheckUtils]: 22: Hoare triple {34110#true} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {34110#true} is VALID [2022-02-20 18:07:49,565 INFO L290 TraceCheckUtils]: 23: Hoare triple {34110#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {34118#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:49,568 INFO L290 TraceCheckUtils]: 24: Hoare triple {34118#(= 1 ~systemActive~0)} assume { :end_inline_startSystem } true; {34118#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:07:49,569 INFO L272 TraceCheckUtils]: 25: Hoare triple {34118#(= 1 ~systemActive~0)} call timeShift(); {34165#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} is VALID [2022-02-20 18:07:49,569 INFO L290 TraceCheckUtils]: 26: Hoare triple {34165#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {34110#true} is VALID [2022-02-20 18:07:49,569 INFO L290 TraceCheckUtils]: 27: Hoare triple {34110#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {34110#true} is VALID [2022-02-20 18:07:49,569 INFO L290 TraceCheckUtils]: 28: Hoare triple {34110#true} assume !(0 != ~pumpRunning~0); {34110#true} is VALID [2022-02-20 18:07:49,570 INFO L272 TraceCheckUtils]: 29: Hoare triple {34110#true} call processEnvironment__wrappee__highWaterSensor(); {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:49,570 INFO L290 TraceCheckUtils]: 30: Hoare triple {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {34110#true} is VALID [2022-02-20 18:07:49,570 INFO L290 TraceCheckUtils]: 31: Hoare triple {34110#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,570 INFO L290 TraceCheckUtils]: 32: Hoare triple {34110#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,570 INFO L290 TraceCheckUtils]: 33: Hoare triple {34110#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {34110#true} is VALID [2022-02-20 18:07:49,571 INFO L290 TraceCheckUtils]: 34: Hoare triple {34110#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {34110#true} is VALID [2022-02-20 18:07:49,571 INFO L290 TraceCheckUtils]: 35: Hoare triple {34110#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {34110#true} is VALID [2022-02-20 18:07:49,571 INFO L290 TraceCheckUtils]: 36: Hoare triple {34110#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {34110#true} is VALID [2022-02-20 18:07:49,571 INFO L290 TraceCheckUtils]: 37: Hoare triple {34110#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,572 INFO L290 TraceCheckUtils]: 38: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,572 INFO L290 TraceCheckUtils]: 39: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,573 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34110#true} #250#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,573 INFO L290 TraceCheckUtils]: 41: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,573 INFO L290 TraceCheckUtils]: 42: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,574 INFO L272 TraceCheckUtils]: 43: Hoare triple {34177#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {34110#true} is VALID [2022-02-20 18:07:49,574 INFO L290 TraceCheckUtils]: 44: Hoare triple {34110#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {34110#true} is VALID [2022-02-20 18:07:49,574 INFO L290 TraceCheckUtils]: 45: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,574 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {34110#true} {34177#(<= 1 ~pumpRunning~0)} #252#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,575 INFO L290 TraceCheckUtils]: 47: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,575 INFO L290 TraceCheckUtils]: 48: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,576 INFO L290 TraceCheckUtils]: 49: Hoare triple {34177#(<= 1 ~pumpRunning~0)} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,576 INFO L290 TraceCheckUtils]: 50: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,576 INFO L290 TraceCheckUtils]: 51: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,577 INFO L290 TraceCheckUtils]: 52: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,577 INFO L290 TraceCheckUtils]: 53: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:49,578 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34118#(= 1 ~systemActive~0)} #260#return; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,578 INFO L290 TraceCheckUtils]: 55: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume !false; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,578 INFO L290 TraceCheckUtils]: 56: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume test_~splverifierCounter~0#1 < 4; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,579 INFO L290 TraceCheckUtils]: 57: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,579 INFO L290 TraceCheckUtils]: 58: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp~1#1); {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,580 INFO L290 TraceCheckUtils]: 59: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,580 INFO L290 TraceCheckUtils]: 60: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume !(0 != test_~tmp___0~1#1); {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,580 INFO L290 TraceCheckUtils]: 61: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,581 INFO L290 TraceCheckUtils]: 62: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,581 INFO L290 TraceCheckUtils]: 63: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume { :end_inline_startSystem } true; {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,582 INFO L272 TraceCheckUtils]: 64: Hoare triple {34148#(not (= ~pumpRunning~0 0))} call timeShift(); {34148#(not (= ~pumpRunning~0 0))} is VALID [2022-02-20 18:07:49,583 INFO L290 TraceCheckUtils]: 65: Hoare triple {34148#(not (= ~pumpRunning~0 0))} assume !(0 != ~pumpRunning~0); {34111#false} is VALID [2022-02-20 18:07:49,583 INFO L290 TraceCheckUtils]: 66: Hoare triple {34111#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {34111#false} is VALID [2022-02-20 18:07:49,583 INFO L290 TraceCheckUtils]: 67: Hoare triple {34111#false} assume !(0 != ~pumpRunning~0); {34111#false} is VALID [2022-02-20 18:07:49,584 INFO L272 TraceCheckUtils]: 68: Hoare triple {34111#false} call processEnvironment__wrappee__highWaterSensor(); {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:49,584 INFO L290 TraceCheckUtils]: 69: Hoare triple {34181#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {34110#true} is VALID [2022-02-20 18:07:49,584 INFO L290 TraceCheckUtils]: 70: Hoare triple {34110#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,584 INFO L290 TraceCheckUtils]: 71: Hoare triple {34110#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:49,584 INFO L290 TraceCheckUtils]: 72: Hoare triple {34110#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {34110#true} is VALID [2022-02-20 18:07:49,585 INFO L290 TraceCheckUtils]: 73: Hoare triple {34110#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {34110#true} is VALID [2022-02-20 18:07:49,585 INFO L290 TraceCheckUtils]: 74: Hoare triple {34110#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {34110#true} is VALID [2022-02-20 18:07:49,585 INFO L290 TraceCheckUtils]: 75: Hoare triple {34110#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {34110#true} is VALID [2022-02-20 18:07:49,585 INFO L290 TraceCheckUtils]: 76: Hoare triple {34110#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {34110#true} is VALID [2022-02-20 18:07:49,585 INFO L290 TraceCheckUtils]: 77: Hoare triple {34110#true} assume { :end_inline_activatePump } true; {34110#true} is VALID [2022-02-20 18:07:49,585 INFO L290 TraceCheckUtils]: 78: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,586 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {34110#true} {34111#false} #250#return; {34111#false} is VALID [2022-02-20 18:07:49,595 INFO L290 TraceCheckUtils]: 80: Hoare triple {34111#false} assume { :end_inline_processEnvironment } true; {34111#false} is VALID [2022-02-20 18:07:49,595 INFO L290 TraceCheckUtils]: 81: Hoare triple {34111#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34111#false} is VALID [2022-02-20 18:07:49,595 INFO L272 TraceCheckUtils]: 82: Hoare triple {34111#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {34110#true} is VALID [2022-02-20 18:07:49,596 INFO L290 TraceCheckUtils]: 83: Hoare triple {34110#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {34110#true} is VALID [2022-02-20 18:07:49,596 INFO L290 TraceCheckUtils]: 84: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:49,596 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {34110#true} {34111#false} #252#return; {34111#false} is VALID [2022-02-20 18:07:49,596 INFO L290 TraceCheckUtils]: 86: Hoare triple {34111#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {34111#false} is VALID [2022-02-20 18:07:49,596 INFO L290 TraceCheckUtils]: 87: Hoare triple {34111#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {34111#false} is VALID [2022-02-20 18:07:49,597 INFO L290 TraceCheckUtils]: 88: Hoare triple {34111#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {34111#false} is VALID [2022-02-20 18:07:49,597 INFO L290 TraceCheckUtils]: 89: Hoare triple {34111#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34111#false} is VALID [2022-02-20 18:07:49,597 INFO L290 TraceCheckUtils]: 90: Hoare triple {34111#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {34111#false} is VALID [2022-02-20 18:07:49,597 INFO L290 TraceCheckUtils]: 91: Hoare triple {34111#false} assume !false; {34111#false} is VALID [2022-02-20 18:07:49,597 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 19 proven. 6 refuted. 0 times theorem prover too weak. 11 trivial. 0 not checked. [2022-02-20 18:07:49,598 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:49,598 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [187599375] [2022-02-20 18:07:49,598 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [187599375] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:07:49,598 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1042779551] [2022-02-20 18:07:49,598 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:49,599 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:07:49,599 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:49,601 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:07:49,602 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:07:49,709 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,712 INFO L263 TraceCheckSpWp]: Trace formula consists of 472 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:07:49,734 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:49,740 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:50,024 INFO L290 TraceCheckUtils]: 0: Hoare triple {34110#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {34110#true} is VALID [2022-02-20 18:07:50,025 INFO L290 TraceCheckUtils]: 1: Hoare triple {34110#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {34110#true} is VALID [2022-02-20 18:07:50,025 INFO L290 TraceCheckUtils]: 2: Hoare triple {34110#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {34110#true} is VALID [2022-02-20 18:07:50,025 INFO L290 TraceCheckUtils]: 3: Hoare triple {34110#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {34110#true} is VALID [2022-02-20 18:07:50,039 INFO L290 TraceCheckUtils]: 4: Hoare triple {34110#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {34110#true} is VALID [2022-02-20 18:07:50,039 INFO L290 TraceCheckUtils]: 5: Hoare triple {34110#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {34110#true} is VALID [2022-02-20 18:07:50,039 INFO L290 TraceCheckUtils]: 6: Hoare triple {34110#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {34110#true} is VALID [2022-02-20 18:07:50,040 INFO L290 TraceCheckUtils]: 7: Hoare triple {34110#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {34110#true} is VALID [2022-02-20 18:07:50,040 INFO L290 TraceCheckUtils]: 8: Hoare triple {34110#true} assume !false; {34110#true} is VALID [2022-02-20 18:07:50,040 INFO L290 TraceCheckUtils]: 9: Hoare triple {34110#true} assume test_~splverifierCounter~0#1 < 4; {34110#true} is VALID [2022-02-20 18:07:50,040 INFO L290 TraceCheckUtils]: 10: Hoare triple {34110#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {34110#true} is VALID [2022-02-20 18:07:50,040 INFO L290 TraceCheckUtils]: 11: Hoare triple {34110#true} assume 0 != test_~tmp~1#1; {34110#true} is VALID [2022-02-20 18:07:50,040 INFO L272 TraceCheckUtils]: 12: Hoare triple {34110#true} call waterRise(); {34110#true} is VALID [2022-02-20 18:07:50,041 INFO L290 TraceCheckUtils]: 13: Hoare triple {34110#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {34110#true} is VALID [2022-02-20 18:07:50,041 INFO L290 TraceCheckUtils]: 14: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:50,041 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {34110#true} {34110#true} #254#return; {34110#true} is VALID [2022-02-20 18:07:50,041 INFO L290 TraceCheckUtils]: 16: Hoare triple {34110#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {34110#true} is VALID [2022-02-20 18:07:50,041 INFO L290 TraceCheckUtils]: 17: Hoare triple {34110#true} assume 0 != test_~tmp___0~1#1; {34110#true} is VALID [2022-02-20 18:07:50,042 INFO L272 TraceCheckUtils]: 18: Hoare triple {34110#true} call changeMethaneLevel(); {34110#true} is VALID [2022-02-20 18:07:50,042 INFO L290 TraceCheckUtils]: 19: Hoare triple {34110#true} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {34110#true} is VALID [2022-02-20 18:07:50,042 INFO L290 TraceCheckUtils]: 20: Hoare triple {34110#true} assume true; {34110#true} is VALID [2022-02-20 18:07:50,042 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {34110#true} {34110#true} #256#return; {34110#true} is VALID [2022-02-20 18:07:50,042 INFO L290 TraceCheckUtils]: 22: Hoare triple {34110#true} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {34110#true} is VALID [2022-02-20 18:07:50,042 INFO L290 TraceCheckUtils]: 23: Hoare triple {34110#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {34110#true} is VALID [2022-02-20 18:07:50,043 INFO L290 TraceCheckUtils]: 24: Hoare triple {34110#true} assume { :end_inline_startSystem } true; {34110#true} is VALID [2022-02-20 18:07:50,043 INFO L272 TraceCheckUtils]: 25: Hoare triple {34110#true} call timeShift(); {34110#true} is VALID [2022-02-20 18:07:50,043 INFO L290 TraceCheckUtils]: 26: Hoare triple {34110#true} assume !(0 != ~pumpRunning~0); {34110#true} is VALID [2022-02-20 18:07:50,043 INFO L290 TraceCheckUtils]: 27: Hoare triple {34110#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {34110#true} is VALID [2022-02-20 18:07:50,043 INFO L290 TraceCheckUtils]: 28: Hoare triple {34110#true} assume !(0 != ~pumpRunning~0); {34110#true} is VALID [2022-02-20 18:07:50,043 INFO L272 TraceCheckUtils]: 29: Hoare triple {34110#true} call processEnvironment__wrappee__highWaterSensor(); {34110#true} is VALID [2022-02-20 18:07:50,044 INFO L290 TraceCheckUtils]: 30: Hoare triple {34110#true} havoc ~tmp~2#1; {34110#true} is VALID [2022-02-20 18:07:50,044 INFO L290 TraceCheckUtils]: 31: Hoare triple {34110#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:50,044 INFO L290 TraceCheckUtils]: 32: Hoare triple {34110#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {34110#true} is VALID [2022-02-20 18:07:50,044 INFO L290 TraceCheckUtils]: 33: Hoare triple {34110#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {34110#true} is VALID [2022-02-20 18:07:50,044 INFO L290 TraceCheckUtils]: 34: Hoare triple {34110#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {34110#true} is VALID [2022-02-20 18:07:50,044 INFO L290 TraceCheckUtils]: 35: Hoare triple {34110#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {34110#true} is VALID [2022-02-20 18:07:50,045 INFO L290 TraceCheckUtils]: 36: Hoare triple {34110#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {34110#true} is VALID [2022-02-20 18:07:50,045 INFO L290 TraceCheckUtils]: 37: Hoare triple {34110#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,046 INFO L290 TraceCheckUtils]: 38: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_activatePump } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,046 INFO L290 TraceCheckUtils]: 39: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,047 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34110#true} #250#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,047 INFO L290 TraceCheckUtils]: 41: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_processEnvironment } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,047 INFO L290 TraceCheckUtils]: 42: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,048 INFO L272 TraceCheckUtils]: 43: Hoare triple {34177#(<= 1 ~pumpRunning~0)} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,048 INFO L290 TraceCheckUtils]: 44: Hoare triple {34177#(<= 1 ~pumpRunning~0)} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,049 INFO L290 TraceCheckUtils]: 45: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,049 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34177#(<= 1 ~pumpRunning~0)} #252#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,049 INFO L290 TraceCheckUtils]: 47: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,050 INFO L290 TraceCheckUtils]: 48: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,050 INFO L290 TraceCheckUtils]: 49: Hoare triple {34177#(<= 1 ~pumpRunning~0)} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,051 INFO L290 TraceCheckUtils]: 50: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,051 INFO L290 TraceCheckUtils]: 51: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,051 INFO L290 TraceCheckUtils]: 52: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,052 INFO L290 TraceCheckUtils]: 53: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,052 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {34177#(<= 1 ~pumpRunning~0)} {34110#true} #260#return; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,053 INFO L290 TraceCheckUtils]: 55: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume !false; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,053 INFO L290 TraceCheckUtils]: 56: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume test_~splverifierCounter~0#1 < 4; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,053 INFO L290 TraceCheckUtils]: 57: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,054 INFO L290 TraceCheckUtils]: 58: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp~1#1); {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,054 INFO L290 TraceCheckUtils]: 59: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,055 INFO L290 TraceCheckUtils]: 60: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume !(0 != test_~tmp___0~1#1); {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,055 INFO L290 TraceCheckUtils]: 61: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,055 INFO L290 TraceCheckUtils]: 62: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,056 INFO L290 TraceCheckUtils]: 63: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume { :end_inline_startSystem } true; {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,056 INFO L272 TraceCheckUtils]: 64: Hoare triple {34177#(<= 1 ~pumpRunning~0)} call timeShift(); {34177#(<= 1 ~pumpRunning~0)} is VALID [2022-02-20 18:07:50,056 INFO L290 TraceCheckUtils]: 65: Hoare triple {34177#(<= 1 ~pumpRunning~0)} assume !(0 != ~pumpRunning~0); {34111#false} is VALID [2022-02-20 18:07:50,057 INFO L290 TraceCheckUtils]: 66: Hoare triple {34111#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {34111#false} is VALID [2022-02-20 18:07:50,057 INFO L290 TraceCheckUtils]: 67: Hoare triple {34111#false} assume !(0 != ~pumpRunning~0); {34111#false} is VALID [2022-02-20 18:07:50,057 INFO L272 TraceCheckUtils]: 68: Hoare triple {34111#false} call processEnvironment__wrappee__highWaterSensor(); {34111#false} is VALID [2022-02-20 18:07:50,057 INFO L290 TraceCheckUtils]: 69: Hoare triple {34111#false} havoc ~tmp~2#1; {34111#false} is VALID [2022-02-20 18:07:50,057 INFO L290 TraceCheckUtils]: 70: Hoare triple {34111#false} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {34111#false} is VALID [2022-02-20 18:07:50,057 INFO L290 TraceCheckUtils]: 71: Hoare triple {34111#false} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {34111#false} is VALID [2022-02-20 18:07:50,058 INFO L290 TraceCheckUtils]: 72: Hoare triple {34111#false} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {34111#false} is VALID [2022-02-20 18:07:50,058 INFO L290 TraceCheckUtils]: 73: Hoare triple {34111#false} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {34111#false} is VALID [2022-02-20 18:07:50,058 INFO L290 TraceCheckUtils]: 74: Hoare triple {34111#false} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {34111#false} is VALID [2022-02-20 18:07:50,058 INFO L290 TraceCheckUtils]: 75: Hoare triple {34111#false} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {34111#false} is VALID [2022-02-20 18:07:50,058 INFO L290 TraceCheckUtils]: 76: Hoare triple {34111#false} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {34111#false} is VALID [2022-02-20 18:07:50,059 INFO L290 TraceCheckUtils]: 77: Hoare triple {34111#false} assume { :end_inline_activatePump } true; {34111#false} is VALID [2022-02-20 18:07:50,059 INFO L290 TraceCheckUtils]: 78: Hoare triple {34111#false} assume true; {34111#false} is VALID [2022-02-20 18:07:50,059 INFO L284 TraceCheckUtils]: 79: Hoare quadruple {34111#false} {34111#false} #250#return; {34111#false} is VALID [2022-02-20 18:07:50,059 INFO L290 TraceCheckUtils]: 80: Hoare triple {34111#false} assume { :end_inline_processEnvironment } true; {34111#false} is VALID [2022-02-20 18:07:50,059 INFO L290 TraceCheckUtils]: 81: Hoare triple {34111#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34111#false} is VALID [2022-02-20 18:07:50,059 INFO L272 TraceCheckUtils]: 82: Hoare triple {34111#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {34111#false} is VALID [2022-02-20 18:07:50,060 INFO L290 TraceCheckUtils]: 83: Hoare triple {34111#false} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {34111#false} is VALID [2022-02-20 18:07:50,060 INFO L290 TraceCheckUtils]: 84: Hoare triple {34111#false} assume true; {34111#false} is VALID [2022-02-20 18:07:50,060 INFO L284 TraceCheckUtils]: 85: Hoare quadruple {34111#false} {34111#false} #252#return; {34111#false} is VALID [2022-02-20 18:07:50,060 INFO L290 TraceCheckUtils]: 86: Hoare triple {34111#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {34111#false} is VALID [2022-02-20 18:07:50,060 INFO L290 TraceCheckUtils]: 87: Hoare triple {34111#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {34111#false} is VALID [2022-02-20 18:07:50,060 INFO L290 TraceCheckUtils]: 88: Hoare triple {34111#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {34111#false} is VALID [2022-02-20 18:07:50,061 INFO L290 TraceCheckUtils]: 89: Hoare triple {34111#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {34111#false} is VALID [2022-02-20 18:07:50,061 INFO L290 TraceCheckUtils]: 90: Hoare triple {34111#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {34111#false} is VALID [2022-02-20 18:07:50,061 INFO L290 TraceCheckUtils]: 91: Hoare triple {34111#false} assume !false; {34111#false} is VALID [2022-02-20 18:07:50,061 INFO L134 CoverageAnalysis]: Checked inductivity of 36 backedges. 36 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:50,062 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:50,062 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1042779551] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:50,062 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:07:50,062 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [9] total 9 [2022-02-20 18:07:50,062 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [417172017] [2022-02-20 18:07:50,063 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:50,063 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.666666666666668) internal successors, (77), 3 states have internal predecessors, (77), 3 states have call successors, (8), 3 states have call predecessors, (8), 3 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 92 [2022-02-20 18:07:50,063 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:50,064 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 25.666666666666668) internal successors, (77), 3 states have internal predecessors, (77), 3 states have call successors, (8), 3 states have call predecessors, (8), 3 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:07:50,135 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:50,136 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:50,136 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:50,136 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:50,137 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=18, Invalid=54, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:07:50,137 INFO L87 Difference]: Start difference. First operand 970 states and 1246 transitions. Second operand has 3 states, 3 states have (on average 25.666666666666668) internal successors, (77), 3 states have internal predecessors, (77), 3 states have call successors, (8), 3 states have call predecessors, (8), 3 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:07:50,598 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:50,598 INFO L93 Difference]: Finished difference Result 1668 states and 2181 transitions. [2022-02-20 18:07:50,598 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:50,599 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 25.666666666666668) internal successors, (77), 3 states have internal predecessors, (77), 3 states have call successors, (8), 3 states have call predecessors, (8), 3 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 92 [2022-02-20 18:07:50,599 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:50,599 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.666666666666668) internal successors, (77), 3 states have internal predecessors, (77), 3 states have call successors, (8), 3 states have call predecessors, (8), 3 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:07:50,601 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 242 transitions. [2022-02-20 18:07:50,602 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 25.666666666666668) internal successors, (77), 3 states have internal predecessors, (77), 3 states have call successors, (8), 3 states have call predecessors, (8), 3 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:07:50,603 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 242 transitions. [2022-02-20 18:07:50,603 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 242 transitions. [2022-02-20 18:07:50,799 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 242 edges. 242 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:50,851 INFO L225 Difference]: With dead ends: 1668 [2022-02-20 18:07:50,851 INFO L226 Difference]: Without dead ends: 870 [2022-02-20 18:07:50,854 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 112 GetRequests, 105 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=18, Invalid=54, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:07:50,855 INFO L933 BasicCegarLoop]: 140 mSDtfsCounter, 41 mSDsluCounter, 68 mSDsCounter, 0 mSdLazyCounter, 12 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 208 SdHoareTripleChecker+Invalid, 15 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 12 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:50,855 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 208 Invalid, 15 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 12 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:50,856 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 870 states. [2022-02-20 18:07:51,001 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 870 to 870. [2022-02-20 18:07:51,002 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:51,003 INFO L82 GeneralOperation]: Start isEquivalent. First operand 870 states. Second operand has 870 states, 652 states have (on average 1.1901840490797546) internal successors, (776), 702 states have internal predecessors, (776), 113 states have call successors, (113), 93 states have call predecessors, (113), 104 states have return successors, (162), 111 states have call predecessors, (162), 113 states have call successors, (162) [2022-02-20 18:07:51,004 INFO L74 IsIncluded]: Start isIncluded. First operand 870 states. Second operand has 870 states, 652 states have (on average 1.1901840490797546) internal successors, (776), 702 states have internal predecessors, (776), 113 states have call successors, (113), 93 states have call predecessors, (113), 104 states have return successors, (162), 111 states have call predecessors, (162), 113 states have call successors, (162) [2022-02-20 18:07:51,005 INFO L87 Difference]: Start difference. First operand 870 states. Second operand has 870 states, 652 states have (on average 1.1901840490797546) internal successors, (776), 702 states have internal predecessors, (776), 113 states have call successors, (113), 93 states have call predecessors, (113), 104 states have return successors, (162), 111 states have call predecessors, (162), 113 states have call successors, (162) [2022-02-20 18:07:51,041 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:51,041 INFO L93 Difference]: Finished difference Result 870 states and 1051 transitions. [2022-02-20 18:07:51,041 INFO L276 IsEmpty]: Start isEmpty. Operand 870 states and 1051 transitions. [2022-02-20 18:07:51,043 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:51,044 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:51,046 INFO L74 IsIncluded]: Start isIncluded. First operand has 870 states, 652 states have (on average 1.1901840490797546) internal successors, (776), 702 states have internal predecessors, (776), 113 states have call successors, (113), 93 states have call predecessors, (113), 104 states have return successors, (162), 111 states have call predecessors, (162), 113 states have call successors, (162) Second operand 870 states. [2022-02-20 18:07:51,047 INFO L87 Difference]: Start difference. First operand has 870 states, 652 states have (on average 1.1901840490797546) internal successors, (776), 702 states have internal predecessors, (776), 113 states have call successors, (113), 93 states have call predecessors, (113), 104 states have return successors, (162), 111 states have call predecessors, (162), 113 states have call successors, (162) Second operand 870 states. [2022-02-20 18:07:51,085 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:51,086 INFO L93 Difference]: Finished difference Result 870 states and 1051 transitions. [2022-02-20 18:07:51,086 INFO L276 IsEmpty]: Start isEmpty. Operand 870 states and 1051 transitions. [2022-02-20 18:07:51,088 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:51,088 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:51,088 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:51,088 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:51,090 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 870 states, 652 states have (on average 1.1901840490797546) internal successors, (776), 702 states have internal predecessors, (776), 113 states have call successors, (113), 93 states have call predecessors, (113), 104 states have return successors, (162), 111 states have call predecessors, (162), 113 states have call successors, (162) [2022-02-20 18:07:51,138 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 870 states to 870 states and 1051 transitions. [2022-02-20 18:07:51,139 INFO L78 Accepts]: Start accepts. Automaton has 870 states and 1051 transitions. Word has length 92 [2022-02-20 18:07:51,139 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:51,139 INFO L470 AbstractCegarLoop]: Abstraction has 870 states and 1051 transitions. [2022-02-20 18:07:51,139 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 25.666666666666668) internal successors, (77), 3 states have internal predecessors, (77), 3 states have call successors, (8), 3 states have call predecessors, (8), 3 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:07:51,140 INFO L276 IsEmpty]: Start isEmpty. Operand 870 states and 1051 transitions. [2022-02-20 18:07:51,141 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 98 [2022-02-20 18:07:51,141 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:51,142 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:51,171 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Ended with exit code 0 [2022-02-20 18:07:51,355 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2022-02-20 18:07:51,355 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:51,356 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:51,356 INFO L85 PathProgramCache]: Analyzing trace with hash -1099123803, now seen corresponding path program 1 times [2022-02-20 18:07:51,356 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:51,356 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1159363535] [2022-02-20 18:07:51,356 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:51,356 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:51,391 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,439 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:07:51,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,443 INFO L290 TraceCheckUtils]: 0: Hoare triple {39756#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {39702#true} is VALID [2022-02-20 18:07:51,443 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,443 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39702#true} {39702#true} #254#return; {39702#true} is VALID [2022-02-20 18:07:51,448 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:07:51,450 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,454 INFO L290 TraceCheckUtils]: 0: Hoare triple {39757#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,455 INFO L290 TraceCheckUtils]: 1: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume true; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,455 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39710#(= ~methaneLevelCritical~0 1)} {39702#true} #256#return; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,464 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:07:51,470 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,481 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:07:51,483 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,486 INFO L290 TraceCheckUtils]: 0: Hoare triple {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {39702#true} is VALID [2022-02-20 18:07:51,487 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {39702#true} is VALID [2022-02-20 18:07:51,487 INFO L290 TraceCheckUtils]: 2: Hoare triple {39702#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {39702#true} is VALID [2022-02-20 18:07:51,487 INFO L290 TraceCheckUtils]: 3: Hoare triple {39702#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {39702#true} is VALID [2022-02-20 18:07:51,487 INFO L290 TraceCheckUtils]: 4: Hoare triple {39702#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {39702#true} is VALID [2022-02-20 18:07:51,487 INFO L290 TraceCheckUtils]: 5: Hoare triple {39702#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {39702#true} is VALID [2022-02-20 18:07:51,487 INFO L290 TraceCheckUtils]: 6: Hoare triple {39702#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {39702#true} is VALID [2022-02-20 18:07:51,488 INFO L290 TraceCheckUtils]: 7: Hoare triple {39702#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {39702#true} is VALID [2022-02-20 18:07:51,488 INFO L290 TraceCheckUtils]: 8: Hoare triple {39702#true} assume { :end_inline_activatePump } true; {39702#true} is VALID [2022-02-20 18:07:51,488 INFO L290 TraceCheckUtils]: 9: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,488 INFO L284 TraceCheckUtils]: 10: Hoare quadruple {39702#true} {39702#true} #250#return; {39702#true} is VALID [2022-02-20 18:07:51,488 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 17 [2022-02-20 18:07:51,489 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,491 INFO L290 TraceCheckUtils]: 0: Hoare triple {39702#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39702#true} is VALID [2022-02-20 18:07:51,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,492 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39702#true} {39702#true} #252#return; {39702#true} is VALID [2022-02-20 18:07:51,492 INFO L290 TraceCheckUtils]: 0: Hoare triple {39758#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {39702#true} is VALID [2022-02-20 18:07:51,492 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {39702#true} is VALID [2022-02-20 18:07:51,492 INFO L290 TraceCheckUtils]: 2: Hoare triple {39702#true} assume !(0 != ~pumpRunning~0); {39702#true} is VALID [2022-02-20 18:07:51,493 INFO L272 TraceCheckUtils]: 3: Hoare triple {39702#true} call processEnvironment__wrappee__highWaterSensor(); {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:51,493 INFO L290 TraceCheckUtils]: 4: Hoare triple {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {39702#true} is VALID [2022-02-20 18:07:51,493 INFO L290 TraceCheckUtils]: 5: Hoare triple {39702#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {39702#true} is VALID [2022-02-20 18:07:51,493 INFO L290 TraceCheckUtils]: 6: Hoare triple {39702#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {39702#true} is VALID [2022-02-20 18:07:51,494 INFO L290 TraceCheckUtils]: 7: Hoare triple {39702#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {39702#true} is VALID [2022-02-20 18:07:51,494 INFO L290 TraceCheckUtils]: 8: Hoare triple {39702#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {39702#true} is VALID [2022-02-20 18:07:51,494 INFO L290 TraceCheckUtils]: 9: Hoare triple {39702#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {39702#true} is VALID [2022-02-20 18:07:51,494 INFO L290 TraceCheckUtils]: 10: Hoare triple {39702#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {39702#true} is VALID [2022-02-20 18:07:51,494 INFO L290 TraceCheckUtils]: 11: Hoare triple {39702#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {39702#true} is VALID [2022-02-20 18:07:51,494 INFO L290 TraceCheckUtils]: 12: Hoare triple {39702#true} assume { :end_inline_activatePump } true; {39702#true} is VALID [2022-02-20 18:07:51,494 INFO L290 TraceCheckUtils]: 13: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,495 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {39702#true} {39702#true} #250#return; {39702#true} is VALID [2022-02-20 18:07:51,495 INFO L290 TraceCheckUtils]: 15: Hoare triple {39702#true} assume { :end_inline_processEnvironment } true; {39702#true} is VALID [2022-02-20 18:07:51,495 INFO L290 TraceCheckUtils]: 16: Hoare triple {39702#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39702#true} is VALID [2022-02-20 18:07:51,495 INFO L272 TraceCheckUtils]: 17: Hoare triple {39702#true} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {39702#true} is VALID [2022-02-20 18:07:51,495 INFO L290 TraceCheckUtils]: 18: Hoare triple {39702#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39702#true} is VALID [2022-02-20 18:07:51,495 INFO L290 TraceCheckUtils]: 19: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,496 INFO L284 TraceCheckUtils]: 20: Hoare quadruple {39702#true} {39702#true} #252#return; {39702#true} is VALID [2022-02-20 18:07:51,496 INFO L290 TraceCheckUtils]: 21: Hoare triple {39702#true} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {39702#true} is VALID [2022-02-20 18:07:51,496 INFO L290 TraceCheckUtils]: 22: Hoare triple {39702#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {39702#true} is VALID [2022-02-20 18:07:51,496 INFO L290 TraceCheckUtils]: 23: Hoare triple {39702#true} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {39702#true} is VALID [2022-02-20 18:07:51,496 INFO L290 TraceCheckUtils]: 24: Hoare triple {39702#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39702#true} is VALID [2022-02-20 18:07:51,496 INFO L290 TraceCheckUtils]: 25: Hoare triple {39702#true} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {39702#true} is VALID [2022-02-20 18:07:51,497 INFO L290 TraceCheckUtils]: 26: Hoare triple {39702#true} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {39702#true} is VALID [2022-02-20 18:07:51,497 INFO L290 TraceCheckUtils]: 27: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,497 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {39702#true} {39710#(= ~methaneLevelCritical~0 1)} #260#return; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,498 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:07:51,499 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,517 INFO L290 TraceCheckUtils]: 0: Hoare triple {39702#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:51,517 INFO L290 TraceCheckUtils]: 1: Hoare triple {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:51,518 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {39710#(= ~methaneLevelCritical~0 1)} #244#return; {39743#(= |timeShift_isMethaneAlarm_#t~ret17#1| 1)} is VALID [2022-02-20 18:07:51,518 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 77 [2022-02-20 18:07:51,519 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,521 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:07:51,522 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,524 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {39702#true} {39702#true} #266#return; {39702#true} is VALID [2022-02-20 18:07:51,524 INFO L290 TraceCheckUtils]: 0: Hoare triple {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {39702#true} is VALID [2022-02-20 18:07:51,525 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume !(0 == ~pumpRunning~0); {39702#true} is VALID [2022-02-20 18:07:51,525 INFO L272 TraceCheckUtils]: 2: Hoare triple {39702#true} call processEnvironment__wrappee__base(); {39702#true} is VALID [2022-02-20 18:07:51,525 INFO L290 TraceCheckUtils]: 3: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,525 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {39702#true} {39702#true} #266#return; {39702#true} is VALID [2022-02-20 18:07:51,525 INFO L290 TraceCheckUtils]: 5: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,525 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {39702#true} {39703#false} #248#return; {39703#false} is VALID [2022-02-20 18:07:51,526 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 87 [2022-02-20 18:07:51,526 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {39702#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39702#true} is VALID [2022-02-20 18:07:51,529 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,529 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {39702#true} {39703#false} #252#return; {39703#false} is VALID [2022-02-20 18:07:51,529 INFO L290 TraceCheckUtils]: 0: Hoare triple {39702#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {39702#true} is VALID [2022-02-20 18:07:51,530 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {39702#true} is VALID [2022-02-20 18:07:51,530 INFO L290 TraceCheckUtils]: 2: Hoare triple {39702#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {39702#true} is VALID [2022-02-20 18:07:51,530 INFO L290 TraceCheckUtils]: 3: Hoare triple {39702#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {39702#true} is VALID [2022-02-20 18:07:51,530 INFO L290 TraceCheckUtils]: 4: Hoare triple {39702#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {39702#true} is VALID [2022-02-20 18:07:51,530 INFO L290 TraceCheckUtils]: 5: Hoare triple {39702#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {39702#true} is VALID [2022-02-20 18:07:51,530 INFO L290 TraceCheckUtils]: 6: Hoare triple {39702#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {39702#true} is VALID [2022-02-20 18:07:51,530 INFO L290 TraceCheckUtils]: 7: Hoare triple {39702#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {39702#true} is VALID [2022-02-20 18:07:51,531 INFO L290 TraceCheckUtils]: 8: Hoare triple {39702#true} assume !false; {39702#true} is VALID [2022-02-20 18:07:51,531 INFO L290 TraceCheckUtils]: 9: Hoare triple {39702#true} assume test_~splverifierCounter~0#1 < 4; {39702#true} is VALID [2022-02-20 18:07:51,531 INFO L290 TraceCheckUtils]: 10: Hoare triple {39702#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {39702#true} is VALID [2022-02-20 18:07:51,531 INFO L290 TraceCheckUtils]: 11: Hoare triple {39702#true} assume 0 != test_~tmp~1#1; {39702#true} is VALID [2022-02-20 18:07:51,532 INFO L272 TraceCheckUtils]: 12: Hoare triple {39702#true} call waterRise(); {39756#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:07:51,532 INFO L290 TraceCheckUtils]: 13: Hoare triple {39756#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {39702#true} is VALID [2022-02-20 18:07:51,532 INFO L290 TraceCheckUtils]: 14: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,532 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {39702#true} {39702#true} #254#return; {39702#true} is VALID [2022-02-20 18:07:51,532 INFO L290 TraceCheckUtils]: 16: Hoare triple {39702#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {39702#true} is VALID [2022-02-20 18:07:51,532 INFO L290 TraceCheckUtils]: 17: Hoare triple {39702#true} assume 0 != test_~tmp___0~1#1; {39702#true} is VALID [2022-02-20 18:07:51,533 INFO L272 TraceCheckUtils]: 18: Hoare triple {39702#true} call changeMethaneLevel(); {39757#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:51,533 INFO L290 TraceCheckUtils]: 19: Hoare triple {39757#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,534 INFO L290 TraceCheckUtils]: 20: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume true; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,534 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {39710#(= ~methaneLevelCritical~0 1)} {39702#true} #256#return; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,534 INFO L290 TraceCheckUtils]: 22: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,535 INFO L290 TraceCheckUtils]: 23: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,535 INFO L290 TraceCheckUtils]: 24: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume { :end_inline_startSystem } true; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,536 INFO L272 TraceCheckUtils]: 25: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} call timeShift(); {39758#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} is VALID [2022-02-20 18:07:51,536 INFO L290 TraceCheckUtils]: 26: Hoare triple {39758#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {39702#true} is VALID [2022-02-20 18:07:51,536 INFO L290 TraceCheckUtils]: 27: Hoare triple {39702#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {39702#true} is VALID [2022-02-20 18:07:51,536 INFO L290 TraceCheckUtils]: 28: Hoare triple {39702#true} assume !(0 != ~pumpRunning~0); {39702#true} is VALID [2022-02-20 18:07:51,536 INFO L272 TraceCheckUtils]: 29: Hoare triple {39702#true} call processEnvironment__wrappee__highWaterSensor(); {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:51,537 INFO L290 TraceCheckUtils]: 30: Hoare triple {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {39702#true} is VALID [2022-02-20 18:07:51,537 INFO L290 TraceCheckUtils]: 31: Hoare triple {39702#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {39702#true} is VALID [2022-02-20 18:07:51,537 INFO L290 TraceCheckUtils]: 32: Hoare triple {39702#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {39702#true} is VALID [2022-02-20 18:07:51,537 INFO L290 TraceCheckUtils]: 33: Hoare triple {39702#true} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {39702#true} is VALID [2022-02-20 18:07:51,537 INFO L290 TraceCheckUtils]: 34: Hoare triple {39702#true} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {39702#true} is VALID [2022-02-20 18:07:51,537 INFO L290 TraceCheckUtils]: 35: Hoare triple {39702#true} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {39702#true} is VALID [2022-02-20 18:07:51,538 INFO L290 TraceCheckUtils]: 36: Hoare triple {39702#true} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {39702#true} is VALID [2022-02-20 18:07:51,538 INFO L290 TraceCheckUtils]: 37: Hoare triple {39702#true} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {39702#true} is VALID [2022-02-20 18:07:51,538 INFO L290 TraceCheckUtils]: 38: Hoare triple {39702#true} assume { :end_inline_activatePump } true; {39702#true} is VALID [2022-02-20 18:07:51,538 INFO L290 TraceCheckUtils]: 39: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,538 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {39702#true} {39702#true} #250#return; {39702#true} is VALID [2022-02-20 18:07:51,538 INFO L290 TraceCheckUtils]: 41: Hoare triple {39702#true} assume { :end_inline_processEnvironment } true; {39702#true} is VALID [2022-02-20 18:07:51,538 INFO L290 TraceCheckUtils]: 42: Hoare triple {39702#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39702#true} is VALID [2022-02-20 18:07:51,539 INFO L272 TraceCheckUtils]: 43: Hoare triple {39702#true} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {39702#true} is VALID [2022-02-20 18:07:51,539 INFO L290 TraceCheckUtils]: 44: Hoare triple {39702#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39702#true} is VALID [2022-02-20 18:07:51,539 INFO L290 TraceCheckUtils]: 45: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,539 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {39702#true} {39702#true} #252#return; {39702#true} is VALID [2022-02-20 18:07:51,539 INFO L290 TraceCheckUtils]: 47: Hoare triple {39702#true} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {39702#true} is VALID [2022-02-20 18:07:51,539 INFO L290 TraceCheckUtils]: 48: Hoare triple {39702#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {39702#true} is VALID [2022-02-20 18:07:51,540 INFO L290 TraceCheckUtils]: 49: Hoare triple {39702#true} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {39702#true} is VALID [2022-02-20 18:07:51,540 INFO L290 TraceCheckUtils]: 50: Hoare triple {39702#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39702#true} is VALID [2022-02-20 18:07:51,540 INFO L290 TraceCheckUtils]: 51: Hoare triple {39702#true} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {39702#true} is VALID [2022-02-20 18:07:51,540 INFO L290 TraceCheckUtils]: 52: Hoare triple {39702#true} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {39702#true} is VALID [2022-02-20 18:07:51,540 INFO L290 TraceCheckUtils]: 53: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,541 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {39702#true} {39710#(= ~methaneLevelCritical~0 1)} #260#return; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,541 INFO L290 TraceCheckUtils]: 55: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume !false; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,542 INFO L290 TraceCheckUtils]: 56: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume test_~splverifierCounter~0#1 < 4; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,542 INFO L290 TraceCheckUtils]: 57: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,542 INFO L290 TraceCheckUtils]: 58: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume !(0 != test_~tmp~1#1); {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,543 INFO L290 TraceCheckUtils]: 59: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,543 INFO L290 TraceCheckUtils]: 60: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume !(0 != test_~tmp___0~1#1); {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,543 INFO L290 TraceCheckUtils]: 61: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,544 INFO L290 TraceCheckUtils]: 62: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,544 INFO L290 TraceCheckUtils]: 63: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume { :end_inline_startSystem } true; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,544 INFO L272 TraceCheckUtils]: 64: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} call timeShift(); {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,545 INFO L290 TraceCheckUtils]: 65: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,545 INFO L290 TraceCheckUtils]: 66: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,546 INFO L290 TraceCheckUtils]: 67: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume { :end_inline_lowerWaterLevel } true; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,546 INFO L290 TraceCheckUtils]: 68: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,546 INFO L290 TraceCheckUtils]: 69: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} assume 0 != ~pumpRunning~0;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret17#1, isMethaneAlarm_~retValue_acc~3#1;havoc isMethaneAlarm_~retValue_acc~3#1; {39710#(= ~methaneLevelCritical~0 1)} is VALID [2022-02-20 18:07:51,546 INFO L272 TraceCheckUtils]: 70: Hoare triple {39710#(= ~methaneLevelCritical~0 1)} call isMethaneAlarm_#t~ret17#1 := isMethaneLevelCritical(); {39702#true} is VALID [2022-02-20 18:07:51,547 INFO L290 TraceCheckUtils]: 71: Hoare triple {39702#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:51,547 INFO L290 TraceCheckUtils]: 72: Hoare triple {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:51,548 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {39774#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {39710#(= ~methaneLevelCritical~0 1)} #244#return; {39743#(= |timeShift_isMethaneAlarm_#t~ret17#1| 1)} is VALID [2022-02-20 18:07:51,549 INFO L290 TraceCheckUtils]: 74: Hoare triple {39743#(= |timeShift_isMethaneAlarm_#t~ret17#1| 1)} assume -2147483648 <= isMethaneAlarm_#t~ret17#1 && isMethaneAlarm_#t~ret17#1 <= 2147483647;isMethaneAlarm_~retValue_acc~3#1 := isMethaneAlarm_#t~ret17#1;havoc isMethaneAlarm_#t~ret17#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~3#1; {39744#(= |timeShift_isMethaneAlarm_#res#1| 1)} is VALID [2022-02-20 18:07:51,549 INFO L290 TraceCheckUtils]: 75: Hoare triple {39744#(= |timeShift_isMethaneAlarm_#res#1| 1)} processEnvironment_#t~ret16#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= processEnvironment_#t~ret16#1 && processEnvironment_#t~ret16#1 <= 2147483647;processEnvironment_~tmp~3#1 := processEnvironment_#t~ret16#1;havoc processEnvironment_#t~ret16#1; {39745#(= (+ (- 1) |timeShift_processEnvironment_~tmp~3#1|) 0)} is VALID [2022-02-20 18:07:51,549 INFO L290 TraceCheckUtils]: 76: Hoare triple {39745#(= (+ (- 1) |timeShift_processEnvironment_~tmp~3#1|) 0)} assume !(0 != processEnvironment_~tmp~3#1); {39703#false} is VALID [2022-02-20 18:07:51,550 INFO L272 TraceCheckUtils]: 77: Hoare triple {39703#false} call processEnvironment__wrappee__highWaterSensor(); {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:07:51,550 INFO L290 TraceCheckUtils]: 78: Hoare triple {39773#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~2#1; {39702#true} is VALID [2022-02-20 18:07:51,550 INFO L290 TraceCheckUtils]: 79: Hoare triple {39702#true} assume !(0 == ~pumpRunning~0); {39702#true} is VALID [2022-02-20 18:07:51,550 INFO L272 TraceCheckUtils]: 80: Hoare triple {39702#true} call processEnvironment__wrappee__base(); {39702#true} is VALID [2022-02-20 18:07:51,550 INFO L290 TraceCheckUtils]: 81: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,550 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {39702#true} {39702#true} #266#return; {39702#true} is VALID [2022-02-20 18:07:51,551 INFO L290 TraceCheckUtils]: 83: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,551 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {39702#true} {39703#false} #248#return; {39703#false} is VALID [2022-02-20 18:07:51,551 INFO L290 TraceCheckUtils]: 85: Hoare triple {39703#false} assume { :end_inline_processEnvironment } true; {39703#false} is VALID [2022-02-20 18:07:51,551 INFO L290 TraceCheckUtils]: 86: Hoare triple {39703#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39703#false} is VALID [2022-02-20 18:07:51,551 INFO L272 TraceCheckUtils]: 87: Hoare triple {39703#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {39702#true} is VALID [2022-02-20 18:07:51,551 INFO L290 TraceCheckUtils]: 88: Hoare triple {39702#true} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39702#true} is VALID [2022-02-20 18:07:51,552 INFO L290 TraceCheckUtils]: 89: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:51,552 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {39702#true} {39703#false} #252#return; {39703#false} is VALID [2022-02-20 18:07:51,552 INFO L290 TraceCheckUtils]: 91: Hoare triple {39703#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {39703#false} is VALID [2022-02-20 18:07:51,552 INFO L290 TraceCheckUtils]: 92: Hoare triple {39703#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {39703#false} is VALID [2022-02-20 18:07:51,552 INFO L290 TraceCheckUtils]: 93: Hoare triple {39703#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {39703#false} is VALID [2022-02-20 18:07:51,552 INFO L290 TraceCheckUtils]: 94: Hoare triple {39703#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39703#false} is VALID [2022-02-20 18:07:51,553 INFO L290 TraceCheckUtils]: 95: Hoare triple {39703#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {39703#false} is VALID [2022-02-20 18:07:51,553 INFO L290 TraceCheckUtils]: 96: Hoare triple {39703#false} assume !false; {39703#false} is VALID [2022-02-20 18:07:51,553 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 18 proven. 3 refuted. 0 times theorem prover too weak. 13 trivial. 0 not checked. [2022-02-20 18:07:51,553 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:51,554 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1159363535] [2022-02-20 18:07:51,554 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1159363535] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:07:51,554 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1268403748] [2022-02-20 18:07:51,554 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:51,554 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:07:51,554 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:51,556 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:07:51,557 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:07:51,655 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,657 INFO L263 TraceCheckSpWp]: Trace formula consists of 475 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:07:51,686 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:51,690 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:52,146 INFO L290 TraceCheckUtils]: 0: Hoare triple {39702#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(7, 5);call write~init~int(44, 5, 0, 1);call write~init~int(77, 5, 1, 1);call write~init~int(101, 5, 2, 1);call write~init~int(116, 5, 3, 1);call write~init~int(104, 5, 4, 1);call write~init~int(58, 5, 5, 1);call write~init~int(0, 5, 6, 1);call #Ultimate.allocInit(5, 6);call write~init~int(67, 6, 0, 1);call write~init~int(82, 6, 1, 1);call write~init~int(73, 6, 2, 1);call write~init~int(84, 6, 3, 1);call write~init~int(0, 6, 4, 1);call #Ultimate.allocInit(3, 7);call write~init~int(79, 7, 0, 1);call write~init~int(75, 7, 1, 1);call write~init~int(0, 7, 2, 1);call #Ultimate.allocInit(2, 8);call write~init~int(41, 8, 0, 1);call write~init~int(0, 8, 1, 1);call #Ultimate.allocInit(13, 9);call #Ultimate.allocInit(3, 10);call write~init~int(79, 10, 0, 1);call write~init~int(110, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(4, 11);call write~init~int(79, 11, 0, 1);call write~init~int(102, 11, 1, 1);call write~init~int(102, 11, 2, 1);call write~init~int(0, 11, 3, 1);call #Ultimate.allocInit(7, 12);call write~init~int(44, 12, 0, 1);call write~init~int(80, 12, 1, 1);call write~init~int(117, 12, 2, 1);call write~init~int(109, 12, 3, 1);call write~init~int(112, 12, 4, 1);call write~init~int(58, 12, 5, 1);call write~init~int(0, 12, 6, 1);call #Ultimate.allocInit(3, 13);call write~init~int(79, 13, 0, 1);call write~init~int(110, 13, 1, 1);call write~init~int(0, 13, 2, 1);call #Ultimate.allocInit(4, 14);call write~init~int(79, 14, 0, 1);call write~init~int(102, 14, 1, 1);call write~init~int(102, 14, 2, 1);call write~init~int(0, 14, 3, 1);call #Ultimate.allocInit(3, 15);call write~init~int(41, 15, 0, 1);call write~init~int(32, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(10, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 1: Hoare triple {39702#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret50#1, main_~retValue_acc~9#1, main_~tmp~8#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 2: Hoare triple {39702#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 3: Hoare triple {39702#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~11#1;havoc valid_product_~retValue_acc~11#1;valid_product_~retValue_acc~11#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~11#1; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 4: Hoare triple {39702#true} main_#t~ret50#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret50#1 && main_#t~ret50#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret50#1;havoc main_#t~ret50#1; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 5: Hoare triple {39702#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 6: Hoare triple {39702#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 7: Hoare triple {39702#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet11#1, test_#t~nondet12#1, test_#t~nondet13#1, test_#t~nondet14#1, test_~splverifierCounter~0#1, test_~tmp~1#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~1#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {39702#true} is VALID [2022-02-20 18:07:52,147 INFO L290 TraceCheckUtils]: 8: Hoare triple {39702#true} assume !false; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L290 TraceCheckUtils]: 9: Hoare triple {39702#true} assume test_~splverifierCounter~0#1 < 4; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L290 TraceCheckUtils]: 10: Hoare triple {39702#true} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L290 TraceCheckUtils]: 11: Hoare triple {39702#true} assume 0 != test_~tmp~1#1; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L272 TraceCheckUtils]: 12: Hoare triple {39702#true} call waterRise(); {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L290 TraceCheckUtils]: 13: Hoare triple {39702#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L290 TraceCheckUtils]: 14: Hoare triple {39702#true} assume true; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {39702#true} {39702#true} #254#return; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L290 TraceCheckUtils]: 16: Hoare triple {39702#true} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {39702#true} is VALID [2022-02-20 18:07:52,148 INFO L290 TraceCheckUtils]: 17: Hoare triple {39702#true} assume 0 != test_~tmp___0~1#1; {39702#true} is VALID [2022-02-20 18:07:52,149 INFO L272 TraceCheckUtils]: 18: Hoare triple {39702#true} call changeMethaneLevel(); {39702#true} is VALID [2022-02-20 18:07:52,149 INFO L290 TraceCheckUtils]: 19: Hoare triple {39702#true} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,149 INFO L290 TraceCheckUtils]: 20: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,150 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {39837#(<= 1 ~methaneLevelCritical~0)} {39702#true} #256#return; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,150 INFO L290 TraceCheckUtils]: 22: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,150 INFO L290 TraceCheckUtils]: 23: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,151 INFO L290 TraceCheckUtils]: 24: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume { :end_inline_startSystem } true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,151 INFO L272 TraceCheckUtils]: 25: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} call timeShift(); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,152 INFO L290 TraceCheckUtils]: 26: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !(0 != ~pumpRunning~0); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,152 INFO L290 TraceCheckUtils]: 27: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,152 INFO L290 TraceCheckUtils]: 28: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !(0 != ~pumpRunning~0); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,153 INFO L272 TraceCheckUtils]: 29: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} call processEnvironment__wrappee__highWaterSensor(); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,153 INFO L290 TraceCheckUtils]: 30: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} havoc ~tmp~2#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,153 INFO L290 TraceCheckUtils]: 31: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret26#1, isHighWaterLevel_~retValue_acc~5#1, isHighWaterLevel_~tmp~4#1, isHighWaterLevel_~tmp___0~2#1;havoc isHighWaterLevel_~retValue_acc~5#1;havoc isHighWaterLevel_~tmp~4#1;havoc isHighWaterLevel_~tmp___0~2#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~2#1;havoc isHighWaterSensorDry_~retValue_acc~2#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,154 INFO L290 TraceCheckUtils]: 32: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~2#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~2#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,154 INFO L290 TraceCheckUtils]: 33: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} isHighWaterLevel_#t~ret26#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret26#1 && isHighWaterLevel_#t~ret26#1 <= 2147483647;isHighWaterLevel_~tmp~4#1 := isHighWaterLevel_#t~ret26#1;havoc isHighWaterLevel_#t~ret26#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,154 INFO L290 TraceCheckUtils]: 34: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !(0 != isHighWaterLevel_~tmp~4#1);isHighWaterLevel_~tmp___0~2#1 := 1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,155 INFO L290 TraceCheckUtils]: 35: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} isHighWaterLevel_~retValue_acc~5#1 := isHighWaterLevel_~tmp___0~2#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~5#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,155 INFO L290 TraceCheckUtils]: 36: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} #t~ret15#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= #t~ret15#1 && #t~ret15#1 <= 2147483647;~tmp~2#1 := #t~ret15#1;havoc #t~ret15#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,155 INFO L290 TraceCheckUtils]: 37: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != ~tmp~2#1;assume { :begin_inline_activatePump } true;~pumpRunning~0 := 1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,156 INFO L290 TraceCheckUtils]: 38: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume { :end_inline_activatePump } true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,156 INFO L290 TraceCheckUtils]: 39: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,156 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {39837#(<= 1 ~methaneLevelCritical~0)} {39837#(<= 1 ~methaneLevelCritical~0)} #250#return; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,157 INFO L290 TraceCheckUtils]: 41: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume { :end_inline_processEnvironment } true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,157 INFO L290 TraceCheckUtils]: 42: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,158 INFO L272 TraceCheckUtils]: 43: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,158 INFO L290 TraceCheckUtils]: 44: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,158 INFO L290 TraceCheckUtils]: 45: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,159 INFO L284 TraceCheckUtils]: 46: Hoare quadruple {39837#(<= 1 ~methaneLevelCritical~0)} {39837#(<= 1 ~methaneLevelCritical~0)} #252#return; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,159 INFO L290 TraceCheckUtils]: 47: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,159 INFO L290 TraceCheckUtils]: 48: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,160 INFO L290 TraceCheckUtils]: 49: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,160 INFO L290 TraceCheckUtils]: 50: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,160 INFO L290 TraceCheckUtils]: 51: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,161 INFO L290 TraceCheckUtils]: 52: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,161 INFO L290 TraceCheckUtils]: 53: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,161 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {39837#(<= 1 ~methaneLevelCritical~0)} {39837#(<= 1 ~methaneLevelCritical~0)} #260#return; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,162 INFO L290 TraceCheckUtils]: 55: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !false; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,162 INFO L290 TraceCheckUtils]: 56: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume test_~splverifierCounter~0#1 < 4; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,162 INFO L290 TraceCheckUtils]: 57: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume -2147483648 <= test_#t~nondet11#1 && test_#t~nondet11#1 <= 2147483647;test_~tmp~1#1 := test_#t~nondet11#1;havoc test_#t~nondet11#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,163 INFO L290 TraceCheckUtils]: 58: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !(0 != test_~tmp~1#1); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,163 INFO L290 TraceCheckUtils]: 59: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume -2147483648 <= test_#t~nondet12#1 && test_#t~nondet12#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet12#1;havoc test_#t~nondet12#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,163 INFO L290 TraceCheckUtils]: 60: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume !(0 != test_~tmp___0~1#1); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,164 INFO L290 TraceCheckUtils]: 61: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume -2147483648 <= test_#t~nondet13#1 && test_#t~nondet13#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet13#1;havoc test_#t~nondet13#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,164 INFO L290 TraceCheckUtils]: 62: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,164 INFO L290 TraceCheckUtils]: 63: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume { :end_inline_startSystem } true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,165 INFO L272 TraceCheckUtils]: 64: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} call timeShift(); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,165 INFO L290 TraceCheckUtils]: 65: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,166 INFO L290 TraceCheckUtils]: 66: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,166 INFO L290 TraceCheckUtils]: 67: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume { :end_inline_lowerWaterLevel } true; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,166 INFO L290 TraceCheckUtils]: 68: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret16#1, processEnvironment_~tmp~3#1;havoc processEnvironment_~tmp~3#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,167 INFO L290 TraceCheckUtils]: 69: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret17#1, isMethaneAlarm_~retValue_acc~3#1;havoc isMethaneAlarm_~retValue_acc~3#1; {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,167 INFO L272 TraceCheckUtils]: 70: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} call isMethaneAlarm_#t~ret17#1 := isMethaneLevelCritical(); {39837#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:52,167 INFO L290 TraceCheckUtils]: 71: Hoare triple {39837#(<= 1 ~methaneLevelCritical~0)} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39994#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} is VALID [2022-02-20 18:07:52,168 INFO L290 TraceCheckUtils]: 72: Hoare triple {39994#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} assume true; {39994#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} is VALID [2022-02-20 18:07:52,169 INFO L284 TraceCheckUtils]: 73: Hoare quadruple {39994#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} {39837#(<= 1 ~methaneLevelCritical~0)} #244#return; {40001#(<= 1 |timeShift_isMethaneAlarm_#t~ret17#1|)} is VALID [2022-02-20 18:07:52,169 INFO L290 TraceCheckUtils]: 74: Hoare triple {40001#(<= 1 |timeShift_isMethaneAlarm_#t~ret17#1|)} assume -2147483648 <= isMethaneAlarm_#t~ret17#1 && isMethaneAlarm_#t~ret17#1 <= 2147483647;isMethaneAlarm_~retValue_acc~3#1 := isMethaneAlarm_#t~ret17#1;havoc isMethaneAlarm_#t~ret17#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~3#1; {40005#(<= 1 |timeShift_isMethaneAlarm_#res#1|)} is VALID [2022-02-20 18:07:52,169 INFO L290 TraceCheckUtils]: 75: Hoare triple {40005#(<= 1 |timeShift_isMethaneAlarm_#res#1|)} processEnvironment_#t~ret16#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= processEnvironment_#t~ret16#1 && processEnvironment_#t~ret16#1 <= 2147483647;processEnvironment_~tmp~3#1 := processEnvironment_#t~ret16#1;havoc processEnvironment_#t~ret16#1; {40009#(<= 1 |timeShift_processEnvironment_~tmp~3#1|)} is VALID [2022-02-20 18:07:52,170 INFO L290 TraceCheckUtils]: 76: Hoare triple {40009#(<= 1 |timeShift_processEnvironment_~tmp~3#1|)} assume !(0 != processEnvironment_~tmp~3#1); {39703#false} is VALID [2022-02-20 18:07:52,170 INFO L272 TraceCheckUtils]: 77: Hoare triple {39703#false} call processEnvironment__wrappee__highWaterSensor(); {39703#false} is VALID [2022-02-20 18:07:52,170 INFO L290 TraceCheckUtils]: 78: Hoare triple {39703#false} havoc ~tmp~2#1; {39703#false} is VALID [2022-02-20 18:07:52,170 INFO L290 TraceCheckUtils]: 79: Hoare triple {39703#false} assume !(0 == ~pumpRunning~0); {39703#false} is VALID [2022-02-20 18:07:52,170 INFO L272 TraceCheckUtils]: 80: Hoare triple {39703#false} call processEnvironment__wrappee__base(); {39703#false} is VALID [2022-02-20 18:07:52,170 INFO L290 TraceCheckUtils]: 81: Hoare triple {39703#false} assume true; {39703#false} is VALID [2022-02-20 18:07:52,170 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {39703#false} {39703#false} #266#return; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L290 TraceCheckUtils]: 83: Hoare triple {39703#false} assume true; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L284 TraceCheckUtils]: 84: Hoare quadruple {39703#false} {39703#false} #248#return; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L290 TraceCheckUtils]: 85: Hoare triple {39703#false} assume { :end_inline_processEnvironment } true; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L290 TraceCheckUtils]: 86: Hoare triple {39703#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret4#1, __utac_acc__Specification2_spec__2_#t~ret5#1, __utac_acc__Specification2_spec__2_~tmp~0#1, __utac_acc__Specification2_spec__2_~tmp___0~0#1;havoc __utac_acc__Specification2_spec__2_~tmp~0#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L272 TraceCheckUtils]: 87: Hoare triple {39703#false} call __utac_acc__Specification2_spec__2_#t~ret4#1 := isMethaneLevelCritical(); {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L290 TraceCheckUtils]: 88: Hoare triple {39703#false} havoc ~retValue_acc~0;~retValue_acc~0 := ~methaneLevelCritical~0;#res := ~retValue_acc~0; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L290 TraceCheckUtils]: 89: Hoare triple {39703#false} assume true; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {39703#false} {39703#false} #252#return; {39703#false} is VALID [2022-02-20 18:07:52,171 INFO L290 TraceCheckUtils]: 91: Hoare triple {39703#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret4#1 && __utac_acc__Specification2_spec__2_#t~ret4#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~0#1 := __utac_acc__Specification2_spec__2_#t~ret4#1;havoc __utac_acc__Specification2_spec__2_#t~ret4#1; {39703#false} is VALID [2022-02-20 18:07:52,172 INFO L290 TraceCheckUtils]: 92: Hoare triple {39703#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~0#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~4#1;havoc isPumpRunning_~retValue_acc~4#1;isPumpRunning_~retValue_acc~4#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~4#1; {39703#false} is VALID [2022-02-20 18:07:52,172 INFO L290 TraceCheckUtils]: 93: Hoare triple {39703#false} __utac_acc__Specification2_spec__2_#t~ret5#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret5#1 && __utac_acc__Specification2_spec__2_#t~ret5#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~0#1 := __utac_acc__Specification2_spec__2_#t~ret5#1;havoc __utac_acc__Specification2_spec__2_#t~ret5#1; {39703#false} is VALID [2022-02-20 18:07:52,172 INFO L290 TraceCheckUtils]: 94: Hoare triple {39703#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~0#1; {39703#false} is VALID [2022-02-20 18:07:52,172 INFO L290 TraceCheckUtils]: 95: Hoare triple {39703#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {39703#false} is VALID [2022-02-20 18:07:52,172 INFO L290 TraceCheckUtils]: 96: Hoare triple {39703#false} assume !false; {39703#false} is VALID [2022-02-20 18:07:52,172 INFO L134 CoverageAnalysis]: Checked inductivity of 34 backedges. 26 proven. 0 refuted. 0 times theorem prover too weak. 8 trivial. 0 not checked. [2022-02-20 18:07:52,172 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:52,173 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1268403748] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:52,173 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:07:52,173 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [11] total 16 [2022-02-20 18:07:52,173 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [315635803] [2022-02-20 18:07:52,173 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:52,174 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.571428571428571) internal successors, (74), 6 states have internal predecessors, (74), 3 states have call successors, (9), 3 states have call predecessors, (9), 4 states have return successors, (9), 4 states have call predecessors, (9), 3 states have call successors, (9) Word has length 97 [2022-02-20 18:07:52,174 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:52,174 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 10.571428571428571) internal successors, (74), 6 states have internal predecessors, (74), 3 states have call successors, (9), 3 states have call predecessors, (9), 4 states have return successors, (9), 4 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 18:07:52,233 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 92 edges. 92 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:52,233 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:07:52,234 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:52,234 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:07:52,234 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=36, Invalid=204, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:07:52,234 INFO L87 Difference]: Start difference. First operand 870 states and 1051 transitions. Second operand has 7 states, 7 states have (on average 10.571428571428571) internal successors, (74), 6 states have internal predecessors, (74), 3 states have call successors, (9), 3 states have call predecessors, (9), 4 states have return successors, (9), 4 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 18:07:53,091 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,091 INFO L93 Difference]: Finished difference Result 1622 states and 1952 transitions. [2022-02-20 18:07:53,091 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:07:53,091 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 10.571428571428571) internal successors, (74), 6 states have internal predecessors, (74), 3 states have call successors, (9), 3 states have call predecessors, (9), 4 states have return successors, (9), 4 states have call predecessors, (9), 3 states have call successors, (9) Word has length 97 [2022-02-20 18:07:53,091 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:53,092 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.571428571428571) internal successors, (74), 6 states have internal predecessors, (74), 3 states have call successors, (9), 3 states have call predecessors, (9), 4 states have return successors, (9), 4 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 18:07:53,094 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 280 transitions. [2022-02-20 18:07:53,094 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 10.571428571428571) internal successors, (74), 6 states have internal predecessors, (74), 3 states have call successors, (9), 3 states have call predecessors, (9), 4 states have return successors, (9), 4 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 18:07:53,096 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 280 transitions. [2022-02-20 18:07:53,096 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 280 transitions. [2022-02-20 18:07:53,277 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 280 edges. 280 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:53,278 INFO L225 Difference]: With dead ends: 1622 [2022-02-20 18:07:53,278 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:07:53,280 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 123 GetRequests, 105 SyntacticMatches, 1 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 28 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=50, Invalid=292, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:07:53,281 INFO L933 BasicCegarLoop]: 177 mSDtfsCounter, 53 mSDsluCounter, 742 mSDsCounter, 0 mSdLazyCounter, 62 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 54 SdHoareTripleChecker+Valid, 919 SdHoareTripleChecker+Invalid, 69 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 62 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:53,281 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [54 Valid, 919 Invalid, 69 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 62 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:07:53,282 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:07:53,282 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:07:53,282 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:53,282 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:53,282 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:53,282 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:53,282 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,283 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:07:53,283 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:53,283 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:53,283 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:53,283 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:07:53,283 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:07:53,283 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,284 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:07:53,284 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:53,284 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:53,284 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:53,284 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:53,284 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:53,284 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:07:53,285 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:07:53,285 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 97 [2022-02-20 18:07:53,285 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:53,285 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:07:53,285 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 10.571428571428571) internal successors, (74), 6 states have internal predecessors, (74), 3 states have call successors, (9), 3 states have call predecessors, (9), 4 states have return successors, (9), 4 states have call predecessors, (9), 3 states have call successors, (9) [2022-02-20 18:07:53,286 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:07:53,286 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:53,288 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:07:53,314 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Ended with exit code 0 [2022-02-20 18:07:53,504 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable11 [2022-02-20 18:07:53,506 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:07:59,391 INFO L854 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 362 369) the Hoare annotation is: (let ((.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (<= 1 ~methaneLevelCritical~0))) (.cse0 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse5 (not (<= 2 ~waterLevel~0))) (.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse6 (= 0 ~systemActive~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse1 .cse2 .cse4) (or .cse0 .cse2 .cse5 .cse4 .cse6) (or .cse0 .cse2 .cse5 .cse3 .cse6))) [2022-02-20 18:07:59,392 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 362 369) no Hoare annotation was computed. [2022-02-20 18:07:59,392 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 362 369) no Hoare annotation was computed. [2022-02-20 18:07:59,393 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 295 301) no Hoare annotation was computed. [2022-02-20 18:07:59,393 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 295 301) the Hoare annotation is: true [2022-02-20 18:07:59,393 INFO L858 garLoopResultBuilder]: For program point L128-1(lines 124 135) no Hoare annotation was computed. [2022-02-20 18:07:59,393 INFO L854 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 124 135) the Hoare annotation is: (let ((.cse7 (not (= 0 ~systemActive~0))) (.cse0 (not (= |old(~methaneLevelCritical~0)| 0))) (.cse5 (not (= ~pumpRunning~0 0))) (.cse4 (not (= ~methAndRunningLastTime~0 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)) (.cse3 (not (<= 1 ~pumpRunning~0))) (.cse6 (not (<= 1 |old(~methaneLevelCritical~0)|)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse1 .cse2 .cse6 .cse4) (or .cse5 .cse2 .cse6 .cse4 .cse7) (or .cse0 .cse5 .cse2 .cse4 .cse7) (or .cse0 .cse5 .cse1 .cse2 .cse4) (or .cse1 .cse2 (not (<= 2 ~waterLevel~0)) .cse3 .cse6))) [2022-02-20 18:07:59,393 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 124 135) no Hoare annotation was computed. [2022-02-20 18:07:59,393 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 845 874) no Hoare annotation was computed. [2022-02-20 18:07:59,394 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 845 874) the Hoare annotation is: true [2022-02-20 18:07:59,394 INFO L858 garLoopResultBuilder]: For program point L859(lines 859 863) no Hoare annotation was computed. [2022-02-20 18:07:59,394 INFO L861 garLoopResultBuilder]: At program point L859-1(lines 859 863) the Hoare annotation is: true [2022-02-20 18:07:59,394 INFO L858 garLoopResultBuilder]: For program point L856(line 856) no Hoare annotation was computed. [2022-02-20 18:07:59,395 INFO L861 garLoopResultBuilder]: At program point L855-2(lines 855 869) the Hoare annotation is: true [2022-02-20 18:07:59,395 INFO L861 garLoopResultBuilder]: At program point L851(line 851) the Hoare annotation is: true [2022-02-20 18:07:59,395 INFO L858 garLoopResultBuilder]: For program point L851-1(line 851) no Hoare annotation was computed. [2022-02-20 18:07:59,395 INFO L861 garLoopResultBuilder]: At program point L870(lines 845 874) the Hoare annotation is: true [2022-02-20 18:07:59,395 INFO L858 garLoopResultBuilder]: For program point L866(line 866) no Hoare annotation was computed. [2022-02-20 18:07:59,395 INFO L858 garLoopResultBuilder]: For program point L275-1(lines 274 293) no Hoare annotation was computed. [2022-02-20 18:07:59,396 INFO L858 garLoopResultBuilder]: For program point L337(lines 337 345) no Hoare annotation was computed. [2022-02-20 18:07:59,396 INFO L858 garLoopResultBuilder]: For program point L333(lines 333 350) no Hoare annotation was computed. [2022-02-20 18:07:59,396 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 271 294) no Hoare annotation was computed. [2022-02-20 18:07:59,396 INFO L854 garLoopResultBuilder]: At program point L375(line 375) the Hoare annotation is: (let ((.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (= 0 ~systemActive~0))) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (not (<= 1 ~methaneLevelCritical~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse2 .cse5 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 .cse2 .cse5 .cse6) (or .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse6) (or .cse0 .cse3 .cse7) (or .cse1 .cse2 .cse5 (and .cse4 (= ~methAndRunningLastTime~0 0)) .cse3))) [2022-02-20 18:07:59,396 INFO L858 garLoopResultBuilder]: For program point L375-1(line 375) no Hoare annotation was computed. [2022-02-20 18:07:59,396 INFO L858 garLoopResultBuilder]: For program point L74(lines 74 84) no Hoare annotation was computed. [2022-02-20 18:07:59,396 INFO L858 garLoopResultBuilder]: For program point L70(lines 70 87) no Hoare annotation was computed. [2022-02-20 18:07:59,396 INFO L854 garLoopResultBuilder]: At program point L70-1(lines 62 90) the Hoare annotation is: (let ((.cse15 (= |timeShift___utac_acc__Specification2_spec__2_~tmp~0#1| 0)) (.cse8 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse10 (= ~pumpRunning~0 0)) (.cse11 (= ~methAndRunningLastTime~0 0)) (.cse12 (= 1 ~systemActive~0))) (let ((.cse13 (and .cse10 .cse11 (<= 1 |timeShift_isMethaneAlarm_#res#1|) (<= 1 |timeShift_processEnvironment_~tmp~3#1|) .cse12)) (.cse14 (not (<= 1 |old(~pumpRunning~0)|))) (.cse9 (not (<= 1 ~methaneLevelCritical~0))) (.cse3 (not (= 0 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse5 (not .cse12)) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (and .cse10 .cse11 .cse15 .cse8)) (.cse6 (<= 1 ~pumpRunning~0)) (.cse7 (<= 2 ~waterLevel~0))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse0 .cse4 .cse5 (and .cse6 .cse7 .cse8) .cse9 (and .cse10 .cse11 .cse12 .cse8)) (or .cse13 .cse5 .cse14 .cse9 (not (<= 2 |old(~waterLevel~0)|))) (or .cse13 .cse4 .cse5 .cse14 .cse9) (or .cse5 .cse14 .cse1 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse11 .cse15) (and .cse10 .cse11 .cse15)) (or .cse0 (and .cse10 .cse11 .cse8) .cse9 .cse3) (or .cse0 .cse4 .cse5 .cse1 .cse2 (and .cse6 .cse11 .cse7 .cse15 .cse8))))) [2022-02-20 18:07:59,396 INFO L854 garLoopResultBuilder]: At program point L343(line 343) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse6 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse2 .cse4 .cse3) (or .cse2 .cse4 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse2 .cse4 .cse5) (or .cse0 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse5) (or .cse0 .cse3 .cse6))) [2022-02-20 18:07:59,397 INFO L854 garLoopResultBuilder]: At program point L339(line 339) the Hoare annotation is: (let ((.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse9 (<= 1 ~methaneLevelCritical~0)) (.cse10 (= 1 ~systemActive~0))) (let ((.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (= 0 ~systemActive~0))) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (not .cse10)) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not .cse9)) (.cse8 (and (<= 1 ~pumpRunning~0) .cse4 .cse9 (<= 1 |timeShift_isMethaneAlarm_#res#1|) (<= 1 |timeShift_processEnvironment_~tmp~3#1|) .cse10))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse2 .cse5 .cse6) (or .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse6) (or .cse0 .cse3 .cse7) (or .cse1 .cse2 .cse5 .cse3 .cse8) (or .cse2 .cse5 .cse3 .cse8 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-02-20 18:07:59,397 INFO L858 garLoopResultBuilder]: For program point L75(lines 75 81) no Hoare annotation was computed. [2022-02-20 18:07:59,397 INFO L858 garLoopResultBuilder]: For program point L104(lines 104 108) no Hoare annotation was computed. [2022-02-20 18:07:59,397 INFO L858 garLoopResultBuilder]: For program point L839(line 839) no Hoare annotation was computed. [2022-02-20 18:07:59,397 INFO L854 garLoopResultBuilder]: At program point L104-2(lines 100 111) the Hoare annotation is: (let ((.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (= 0 ~systemActive~0))) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse3 (not (<= 1 ~methaneLevelCritical~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse2 .cse5 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse4 .cse2 .cse5 .cse6) (or .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse6) (or .cse0 .cse3 .cse7) (or .cse1 .cse2 .cse5 (and .cse4 (= ~methAndRunningLastTime~0 0)) .cse3))) [2022-02-20 18:07:59,398 INFO L854 garLoopResultBuilder]: At program point L348(line 348) the Hoare annotation is: (let ((.cse2 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse7 (not (= 0 ~systemActive~0))) (.cse5 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse6 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse2 .cse4) (or .cse1 .cse2 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse5 .cse0 .cse1 .cse3 .cse6) (or .cse5 .cse4 .cse7) (or .cse5 .cse3 .cse7) (or .cse5 .cse0 .cse1 .cse4 .cse6))) [2022-02-20 18:07:59,398 INFO L854 garLoopResultBuilder]: At program point L348-1(lines 329 353) the Hoare annotation is: (let ((.cse13 (= 1 ~systemActive~0)) (.cse14 (<= 1 ~methaneLevelCritical~0)) (.cse12 (= ~pumpRunning~0 0)) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse4 (<= 2 ~waterLevel~0)) (.cse7 (and .cse12 .cse5 (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse11 (not (= 0 ~systemActive~0))) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse9 (not .cse14)) (.cse10 (and .cse12 .cse14 (<= 1 |timeShift_isMethaneAlarm_#res#1|) (<= 1 |timeShift_processEnvironment_~tmp~3#1|) .cse13)) (.cse2 (not .cse13)) (.cse8 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6 .cse7) (or .cse2 .cse8 .cse9 .cse10 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (and .cse3 (= ~methAndRunningLastTime~0 0) .cse4 .cse5) .cse9 .cse7) (or .cse0 .cse6 .cse11) (or .cse0 .cse9 .cse11) (or .cse1 .cse2 .cse8 .cse9 .cse10) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse12 .cse2 .cse8 .cse6)))) [2022-02-20 18:07:59,398 INFO L854 garLoopResultBuilder]: At program point L377(lines 370 380) the Hoare annotation is: (let ((.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse7 (not (= 0 ~systemActive~0))) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (not (<= 1 |old(~pumpRunning~0)|))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse4 (= ~pumpRunning~0 |old(~pumpRunning~0)|)) (.cse8 (<= 1 |timeShift_isMethaneAlarm_#res#1|))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse2 .cse5 .cse6) (or .cse0 .cse6 .cse7) (or .cse0 .cse1 .cse2 .cse6) (or .cse0 .cse3 .cse7) (or .cse1 .cse2 .cse5 .cse3 (and .cse4 (= ~methAndRunningLastTime~0 0) .cse8)) (or .cse2 .cse5 .cse3 (and .cse4 .cse8) (not (<= 2 |old(~waterLevel~0)|))))) [2022-02-20 18:07:59,398 INFO L858 garLoopResultBuilder]: For program point L282-1(lines 282 288) no Hoare annotation was computed. [2022-02-20 18:07:59,398 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 271 294) the Hoare annotation is: (let ((.cse9 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse10 (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))) (let ((.cse3 (not (= 0 ~systemActive~0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (and (= ~pumpRunning~0 0) .cse9 .cse10)) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse5 (not (= 1 ~systemActive~0))) (.cse6 (not (<= 1 |old(~pumpRunning~0)|))) (.cse7 (not (<= 1 ~methaneLevelCritical~0))) (.cse8 (and (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse9 .cse10))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse4 .cse5 .cse6 .cse7 .cse8) (or .cse0 .cse4 .cse5 .cse7 .cse2) (or .cse0 .cse7 .cse2 .cse3) (or .cse0 .cse4 .cse5 .cse1 .cse2) (or .cse5 .cse6 .cse8 .cse1) (or .cse5 .cse6 .cse7 .cse8 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-02-20 18:07:59,399 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 271 294) no Hoare annotation was computed. [2022-02-20 18:07:59,399 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 839) no Hoare annotation was computed. [2022-02-20 18:07:59,399 INFO L854 garLoopResultBuilder]: At program point L840(lines 835 842) the Hoare annotation is: (let ((.cse4 (not (<= 1 |old(~pumpRunning~0)|))) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse5 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (not (<= 1 ~methaneLevelCritical~0))) (.cse6 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3) (or .cse1 .cse2 .cse4 .cse3) (or .cse2 .cse4 .cse5) (or .cse2 .cse4 .cse3 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse5 .cse6) (or .cse0 .cse1 .cse2 .cse5) (or .cse0 .cse3 .cse6))) [2022-02-20 18:07:59,399 INFO L854 garLoopResultBuilder]: At program point L68(line 68) the Hoare annotation is: (let ((.cse5 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse12 (= ~pumpRunning~0 0)) (.cse13 (<= 1 ~methaneLevelCritical~0)) (.cse14 (= 1 ~systemActive~0))) (let ((.cse3 (<= 1 ~pumpRunning~0)) (.cse4 (<= 2 ~waterLevel~0)) (.cse1 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse11 (and .cse12 .cse13 (<= 1 |timeShift_isMethaneAlarm_#res#1|) (<= 1 |timeShift_processEnvironment_~tmp~3#1|) .cse14)) (.cse2 (not .cse14)) (.cse9 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse10 (not .cse13)) (.cse7 (and .cse12 .cse5 (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))) (.cse8 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 (and .cse3 .cse4 .cse5) .cse6 .cse7) (or .cse0 .cse6 .cse7 .cse8) (or .cse2 .cse9 .cse10 .cse11 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse1 .cse2 (and .cse3 (= ~methAndRunningLastTime~0 0) .cse4 .cse5) .cse10 .cse7) (or .cse1 .cse2 .cse9 .cse10 .cse11) (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse12 .cse2 .cse9 .cse6) (or .cse0 .cse10 .cse7 .cse8)))) [2022-02-20 18:07:59,400 INFO L858 garLoopResultBuilder]: For program point L68-1(line 68) no Hoare annotation was computed. [2022-02-20 18:07:59,400 INFO L854 garLoopResultBuilder]: At program point L386(lines 381 389) the Hoare annotation is: (let ((.cse10 (= ~pumpRunning~0 0)) (.cse11 (= |timeShift_isPumpRunning_#res#1| 0)) (.cse5 (= |old(~waterLevel~0)| ~waterLevel~0))) (let ((.cse7 (and .cse10 .cse11 .cse5 (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))) (.cse9 (not (= 0 ~systemActive~0))) (.cse3 (not (= |old(~pumpRunning~0)| 0))) (.cse4 (not (= |old(~methAndRunningLastTime~0)| 0))) (.cse2 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse8 (and .cse10 (<= 1 |timeShift_isMethaneAlarm_#res#1|) .cse11 (<= 1 |timeShift_processEnvironment_~tmp~3#1|))) (.cse1 (not (<= 1 |old(~pumpRunning~0)|))) (.cse6 (not (<= 1 ~methaneLevelCritical~0)))) (and (or .cse0 .cse1 .cse2) (or .cse3 .cse4 .cse0 (and (<= 1 ~pumpRunning~0) (= ~methAndRunningLastTime~0 0) (<= 2 ~waterLevel~0) .cse5) .cse6 .cse7) (or .cse4 .cse0 .cse8 .cse1 .cse6) (or .cse3 .cse6 .cse7 .cse9) (or .cse3 .cse2 .cse9) (or .cse3 .cse4 .cse0 .cse2) (or .cse0 .cse8 .cse1 .cse6 (not (<= 2 |old(~waterLevel~0)|)))))) [2022-02-20 18:07:59,400 INFO L861 garLoopResultBuilder]: At program point isMethaneLevelCriticalENTRY(lines 136 144) the Hoare annotation is: true [2022-02-20 18:07:59,400 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalFINAL(lines 136 144) no Hoare annotation was computed. [2022-02-20 18:07:59,400 INFO L858 garLoopResultBuilder]: For program point isMethaneLevelCriticalEXIT(lines 136 144) no Hoare annotation was computed. [2022-02-20 18:07:59,400 INFO L854 garLoopResultBuilder]: At program point L465(lines 460 467) the Hoare annotation is: (let ((.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse5 (= ~pumpRunning~0 0)) (.cse4 (= ~methAndRunningLastTime~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse6 (= ~methaneLevelCritical~0 0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3) (and .cse0 .cse4 .cse1 .cse2 .cse3) (and .cse5 .cse4 .cse1 .cse2 .cse3) (and .cse5 .cse4 .cse6 .cse2 .cse3) (and .cse0 .cse6 .cse2 .cse3))) [2022-02-20 18:07:59,400 INFO L854 garLoopResultBuilder]: At program point L457(lines 445 459) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse2 (= 0 ~systemActive~0))) (or (and .cse0 (<= 1 ~methaneLevelCritical~0) .cse1 .cse2) (and .cse0 (= ~methaneLevelCritical~0 0) .cse1 .cse2))) [2022-02-20 18:07:59,401 INFO L854 garLoopResultBuilder]: At program point L903(lines 899 905) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methAndRunningLastTime~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:07:59,401 INFO L861 garLoopResultBuilder]: At program point L259(lines 196 263) the Hoare annotation is: true [2022-02-20 18:07:59,401 INFO L858 garLoopResultBuilder]: For program point L226(lines 226 232) no Hoare annotation was computed. [2022-02-20 18:07:59,401 INFO L858 garLoopResultBuilder]: For program point L226-1(lines 226 232) no Hoare annotation was computed. [2022-02-20 18:07:59,401 INFO L858 garLoopResultBuilder]: For program point L449(lines 449 455) no Hoare annotation was computed. [2022-02-20 18:07:59,401 INFO L858 garLoopResultBuilder]: For program point L449-1(lines 449 455) no Hoare annotation was computed. [2022-02-20 18:07:59,401 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:07:59,402 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:07:59,402 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:07:59,402 INFO L854 garLoopResultBuilder]: At program point L218(line 218) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse2 (= 1 ~systemActive~0)) (.cse5 (= ~methaneLevelCritical~0 0)) (.cse6 (= ~pumpRunning~0 0)) (.cse4 (= ~methAndRunningLastTime~0 0)) (.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= 0 ~systemActive~0))) (or (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3) (and .cse0 .cse4 .cse5 .cse2 .cse3) (and .cse6 .cse4 .cse1 .cse2 .cse3) (and .cse6 .cse4 .cse5 .cse2 .cse3) (and .cse6 .cse4 .cse5 .cse3 .cse7) (and .cse6 .cse4 .cse1 .cse3 .cse7))) [2022-02-20 18:07:59,402 INFO L854 garLoopResultBuilder]: At program point L974(lines 969 977) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methAndRunningLastTime~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:07:59,402 INFO L854 garLoopResultBuilder]: At program point L966(lines 962 968) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methAndRunningLastTime~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:07:59,403 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:07:59,403 INFO L854 garLoopResultBuilder]: At program point L256(lines 205 257) the Hoare annotation is: false [2022-02-20 18:07:59,403 INFO L858 garLoopResultBuilder]: For program point L244(lines 244 250) no Hoare annotation was computed. [2022-02-20 18:07:59,403 INFO L854 garLoopResultBuilder]: At program point L244-2(lines 236 251) the Hoare annotation is: (let ((.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse4 (= ~methAndRunningLastTime~0 0)) (.cse5 (= ~pumpRunning~0 0)) (.cse6 (= 0 ~systemActive~0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse7 (= ~methaneLevelCritical~0 0)) (.cse2 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3) (and .cse0 .cse4 .cse1 .cse2 .cse3) (and .cse5 .cse1 .cse3 .cse6) (and .cse5 .cse4 .cse1 .cse2 .cse3) (and .cse5 .cse4 .cse7 .cse2 .cse3) (and .cse5 .cse7 .cse3 .cse6) (and .cse0 .cse7 .cse2 .cse3))) [2022-02-20 18:07:59,403 INFO L858 garLoopResultBuilder]: For program point L207(lines 206 255) no Hoare annotation was computed. [2022-02-20 18:07:59,403 INFO L858 garLoopResultBuilder]: For program point L236(lines 236 251) no Hoare annotation was computed. [2022-02-20 18:07:59,404 INFO L854 garLoopResultBuilder]: At program point L228(line 228) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse2 (= 1 ~systemActive~0)) (.cse5 (= ~methaneLevelCritical~0 0)) (.cse6 (= ~pumpRunning~0 0)) (.cse4 (= ~methAndRunningLastTime~0 0)) (.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= 0 ~systemActive~0))) (or (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3) (and .cse0 .cse4 .cse5 .cse2 .cse3) (and .cse6 .cse4 .cse1 .cse2 .cse3) (and .cse6 .cse4 .cse5 .cse2 .cse3) (and .cse6 .cse4 .cse5 .cse3 .cse7) (and .cse6 .cse4 .cse1 .cse3 .cse7))) [2022-02-20 18:07:59,404 INFO L854 garLoopResultBuilder]: At program point L451(line 451) the Hoare annotation is: (let ((.cse2 (<= 2 ~waterLevel~0)) (.cse4 (not (= 0 ~systemActive~0))) (.cse1 (= ~methaneLevelCritical~0 0)) (.cse0 (<= 1 ~pumpRunning~0)) (.cse5 (<= 1 ~methaneLevelCritical~0)) (.cse6 (= 1 ~systemActive~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 .cse2 .cse3 .cse4) (and .cse0 .cse5 .cse2 .cse3 .cse4) (and .cse0 .cse1 .cse6 .cse3) (and .cse0 .cse5 .cse6 .cse3))) [2022-02-20 18:07:59,404 INFO L858 garLoopResultBuilder]: For program point L930(lines 930 937) no Hoare annotation was computed. [2022-02-20 18:07:59,404 INFO L858 garLoopResultBuilder]: For program point L930-2(lines 930 937) no Hoare annotation was computed. [2022-02-20 18:07:59,404 INFO L854 garLoopResultBuilder]: At program point L959(lines 955 961) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methAndRunningLastTime~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:07:59,405 INFO L854 garLoopResultBuilder]: At program point L253(lines 206 255) the Hoare annotation is: (let ((.cse0 (<= 1 ~pumpRunning~0)) (.cse2 (= 1 ~systemActive~0)) (.cse5 (= ~methaneLevelCritical~0 0)) (.cse6 (= ~pumpRunning~0 0)) (.cse4 (= ~methAndRunningLastTime~0 0)) (.cse1 (<= 1 ~methaneLevelCritical~0)) (.cse3 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse7 (= 0 ~systemActive~0))) (or (and .cse0 .cse1 (<= 2 ~waterLevel~0) .cse2 .cse3) (and .cse0 .cse4 .cse5 .cse2 .cse3) (and .cse6 .cse4 .cse1 .cse2 .cse3) (and .cse6 .cse4 .cse5 .cse2 .cse3) (and .cse6 .cse4 .cse5 .cse3 .cse7) (and .cse6 .cse4 .cse1 .cse3 .cse7))) [2022-02-20 18:07:59,405 INFO L854 garLoopResultBuilder]: At program point L59(lines 54 61) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~methAndRunningLastTime~0 0) (= ~methaneLevelCritical~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:07:59,405 INFO L858 garLoopResultBuilder]: For program point L216(lines 216 222) no Hoare annotation was computed. [2022-02-20 18:07:59,406 INFO L858 garLoopResultBuilder]: For program point L216-1(lines 216 222) no Hoare annotation was computed. [2022-02-20 18:07:59,406 INFO L861 garLoopResultBuilder]: At program point L914(lines 906 916) the Hoare annotation is: true [2022-02-20 18:07:59,406 INFO L858 garLoopResultBuilder]: For program point L208(lines 208 212) no Hoare annotation was computed. [2022-02-20 18:07:59,406 INFO L861 garLoopResultBuilder]: At program point L939(lines 920 942) the Hoare annotation is: true [2022-02-20 18:07:59,406 INFO L858 garLoopResultBuilder]: For program point L322-1(lines 303 327) no Hoare annotation was computed. [2022-02-20 18:07:59,406 INFO L854 garLoopResultBuilder]: At program point processEnvironment__wrappee__highWaterSensorENTRY(lines 303 327) the Hoare annotation is: (let ((.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (= ~pumpRunning~0 0)) (.cse0 (not (= 1 ~systemActive~0)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1) (or .cse2 .cse3 .cse0 .cse1) (or .cse2 .cse3 .cse0 (not (<= 1 ~methaneLevelCritical~0)) (not (= ~methAndRunningLastTime~0 0))))) [2022-02-20 18:07:59,406 INFO L854 garLoopResultBuilder]: At program point L186(lines 177 190) the Hoare annotation is: (let ((.cse5 (= ~pumpRunning~0 0))) (let ((.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse3 (and .cse5 (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterSensorDry_#res#1| 0)))) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse4 (and .cse5 (<= 2 ~waterLevel~0)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1) (or .cse2 .cse0 .cse3 (not (<= 1 ~methaneLevelCritical~0)) .cse4 (not (= ~methAndRunningLastTime~0 0))) (or .cse2 .cse0 .cse3 .cse1 .cse4)))) [2022-02-20 18:07:59,407 INFO L854 garLoopResultBuilder]: At program point L317(line 317) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse3 (not (= ~methaneLevelCritical~0 0))) (.cse2 (and (= ~pumpRunning~0 0) (= |processEnvironment__wrappee__highWaterSensor_~tmp~2#1| 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) (not (= ~methAndRunningLastTime~0 0)) .cse2) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse3) (or .cse0 .cse1 .cse3 .cse2))) [2022-02-20 18:07:59,407 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__highWaterSensorEXIT(lines 303 327) no Hoare annotation was computed. [2022-02-20 18:07:59,407 INFO L854 garLoopResultBuilder]: At program point L441(lines 426 444) the Hoare annotation is: (let ((.cse5 (= ~pumpRunning~0 0))) (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse4 (not (= ~methaneLevelCritical~0 0))) (.cse2 (and .cse5 (<= 2 ~waterLevel~0))) (.cse3 (and .cse5 (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp___0~2#1| 0) (not (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_~tmp~4#1| 0)) (= |processEnvironment__wrappee__highWaterSensor_isHighWaterLevel_#res#1| 0)))) (and (or .cse0 .cse1 (not (<= 1 ~methaneLevelCritical~0)) .cse2 (not (= ~methAndRunningLastTime~0 0)) .cse3) (or .cse1 (not (<= 1 |old(~pumpRunning~0)|)) .cse4) (or .cse0 .cse1 .cse4 .cse2 .cse3)))) [2022-02-20 18:07:59,407 INFO L858 garLoopResultBuilder]: For program point L311(lines 311 319) no Hoare annotation was computed. [2022-02-20 18:07:59,407 INFO L858 garLoopResultBuilder]: For program point L181(lines 181 187) no Hoare annotation was computed. [2022-02-20 18:07:59,407 INFO L858 garLoopResultBuilder]: For program point L307(lines 307 324) no Hoare annotation was computed. [2022-02-20 18:07:59,407 INFO L858 garLoopResultBuilder]: For program point L435(lines 435 439) no Hoare annotation was computed. [2022-02-20 18:07:59,407 INFO L858 garLoopResultBuilder]: For program point L435-2(lines 435 439) no Hoare annotation was computed. [2022-02-20 18:07:59,408 INFO L854 garLoopResultBuilder]: At program point L359(lines 354 361) the Hoare annotation is: (let ((.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse3 (and (<= 1 ~pumpRunning~0) (<= 2 ~waterLevel~0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (= ~methaneLevelCritical~0 0)))) (and (or .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1) (or .cse2 .cse3 .cse0 (not (<= 1 ~methaneLevelCritical~0)) (not (= ~methAndRunningLastTime~0 0))) (or .cse2 .cse3 .cse0 .cse1))) [2022-02-20 18:07:59,408 INFO L854 garLoopResultBuilder]: At program point L322(line 322) the Hoare annotation is: (let ((.cse2 (not (= |old(~pumpRunning~0)| 0))) (.cse0 (not (= 1 ~systemActive~0))) (.cse1 (not (= ~methaneLevelCritical~0 0)))) (and (or (= ~pumpRunning~0 |old(~pumpRunning~0)|) .cse0 (not (<= 1 |old(~pumpRunning~0)|)) .cse1) (or .cse2 .cse0 (not (<= 1 ~methaneLevelCritical~0)) (not (= ~methAndRunningLastTime~0 0))) (or .cse2 .cse0 .cse1))) [2022-02-20 18:07:59,408 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 112 123) no Hoare annotation was computed. [2022-02-20 18:07:59,409 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 112 123) the Hoare annotation is: (let ((.cse7 (not (<= 1 ~pumpRunning~0))) (.cse5 (not (= 1 ~systemActive~0))) (.cse1 (not (= ~methaneLevelCritical~0 0))) (.cse0 (not (= ~pumpRunning~0 0))) (.cse6 (not (<= 1 ~methaneLevelCritical~0))) (.cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (.cse3 (not (= ~methAndRunningLastTime~0 0))) (.cse4 (not (= 0 ~systemActive~0)))) (and (or .cse0 .cse1 .cse2 .cse3 .cse4) (or .cse5 .cse6 .cse7 .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 .cse5 .cse6 .cse2 .cse3) (or .cse5 .cse1 .cse7 .cse2 .cse3) (or .cse0 .cse5 .cse1 .cse2 .cse3) (or .cse0 .cse6 .cse2 .cse3 .cse4))) [2022-02-20 18:07:59,409 INFO L858 garLoopResultBuilder]: For program point L116-1(lines 112 123) no Hoare annotation was computed. [2022-02-20 18:07:59,411 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:59,412 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:07:59,414 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:07:59,414 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:59,414 WARN L170 areAnnotationChecker]: L128-1 has no Hoare annotation [2022-02-20 18:07:59,414 WARN L170 areAnnotationChecker]: L128-1 has no Hoare annotation [2022-02-20 18:07:59,414 WARN L170 areAnnotationChecker]: L104 has no Hoare annotation [2022-02-20 18:07:59,414 WARN L170 areAnnotationChecker]: L275-1 has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: L307 has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: L116-1 has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: L116-1 has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: L128-1 has no Hoare annotation [2022-02-20 18:07:59,415 WARN L170 areAnnotationChecker]: L851-1 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L104 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L104 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L275-1 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L275-1 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalFINAL has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L307 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L307 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L116-1 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L322-1 has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:07:59,416 WARN L170 areAnnotationChecker]: L851-1 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L275-1 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L333 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L333 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L282-1 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: isMethaneLevelCriticalEXIT has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L181 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L181 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L322-1 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L282-1 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: L449-1 has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__highWaterSensorEXIT has no Hoare annotation [2022-02-20 18:07:59,417 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__highWaterSensorEXIT has no Hoare annotation [2022-02-20 18:07:59,418 WARN L170 areAnnotationChecker]: L226-1 has no Hoare annotation [2022-02-20 18:07:59,418 WARN L170 areAnnotationChecker]: L856 has no Hoare annotation [2022-02-20 18:07:59,418 WARN L170 areAnnotationChecker]: L375-1 has no Hoare annotation [2022-02-20 18:07:59,418 WARN L170 areAnnotationChecker]: L68-1 has no Hoare annotation [2022-02-20 18:07:59,418 WARN L170 areAnnotationChecker]: L375-1 has no Hoare annotation [2022-02-20 18:07:59,419 WARN L170 areAnnotationChecker]: L68-1 has no Hoare annotation [2022-02-20 18:07:59,419 WARN L170 areAnnotationChecker]: L435 has no Hoare annotation [2022-02-20 18:07:59,419 WARN L170 areAnnotationChecker]: L216-1 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L236 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L236 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L856 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L337 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L70 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L70 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L930 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L435 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L435 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L226 has no Hoare annotation [2022-02-20 18:07:59,420 WARN L170 areAnnotationChecker]: L226 has no Hoare annotation [2022-02-20 18:07:59,422 WARN L170 areAnnotationChecker]: L244 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L244 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L859 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L859 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L337 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L337 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L930 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L930 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L435-2 has no Hoare annotation [2022-02-20 18:07:59,423 WARN L170 areAnnotationChecker]: L226-1 has no Hoare annotation [2022-02-20 18:07:59,426 WARN L170 areAnnotationChecker]: L207 has no Hoare annotation [2022-02-20 18:07:59,426 WARN L170 areAnnotationChecker]: L449 has no Hoare annotation [2022-02-20 18:07:59,426 WARN L170 areAnnotationChecker]: L449 has no Hoare annotation [2022-02-20 18:07:59,426 WARN L170 areAnnotationChecker]: L866 has no Hoare annotation [2022-02-20 18:07:59,428 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:07:59,428 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:07:59,428 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:07:59,429 WARN L170 areAnnotationChecker]: L930-2 has no Hoare annotation [2022-02-20 18:07:59,429 WARN L170 areAnnotationChecker]: L311 has no Hoare annotation [2022-02-20 18:07:59,429 WARN L170 areAnnotationChecker]: L207 has no Hoare annotation [2022-02-20 18:07:59,429 WARN L170 areAnnotationChecker]: L207 has no Hoare annotation [2022-02-20 18:07:59,429 WARN L170 areAnnotationChecker]: L449-1 has no Hoare annotation [2022-02-20 18:07:59,430 WARN L170 areAnnotationChecker]: L930-2 has no Hoare annotation [2022-02-20 18:07:59,430 WARN L170 areAnnotationChecker]: L866 has no Hoare annotation [2022-02-20 18:07:59,430 WARN L170 areAnnotationChecker]: L75 has no Hoare annotation [2022-02-20 18:07:59,430 WARN L170 areAnnotationChecker]: L75 has no Hoare annotation [2022-02-20 18:07:59,431 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:59,431 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:59,431 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:07:59,431 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L311 has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L311 has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L208 has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L839 has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L839 has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L322-1 has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L322-1 has no Hoare annotation [2022-02-20 18:07:59,432 WARN L170 areAnnotationChecker]: L216 has no Hoare annotation [2022-02-20 18:07:59,433 WARN L170 areAnnotationChecker]: L216 has no Hoare annotation [2022-02-20 18:07:59,434 WARN L170 areAnnotationChecker]: L216-1 has no Hoare annotation [2022-02-20 18:07:59,435 INFO L163 areAnnotationChecker]: CFG has 27 edges. 27 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:07:59,468 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:07:59 BoogieIcfgContainer [2022-02-20 18:07:59,468 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:07:59,468 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:07:59,469 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:07:59,469 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:07:59,469 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:34" (3/4) ... [2022-02-20 18:07:59,472 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:07:59,476 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:07:59,476 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:07:59,476 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:07:59,476 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:07:59,476 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:07:59,477 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure isMethaneLevelCritical [2022-02-20 18:07:59,477 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__highWaterSensor [2022-02-20 18:07:59,477 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:07:59,483 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 50 nodes and edges [2022-02-20 18:07:59,484 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:07:59,484 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:07:59,484 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:07:59,485 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:07:59,485 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:07:59,485 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:07:59,505 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) && ((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && (((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (pumpRunning == \old(pumpRunning) && methAndRunningLastTime == 0)) || !(1 <= methaneLevelCritical)) [2022-02-20 18:07:59,506 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && 1 <= \result) && 1 <= tmp) && 1 == systemActive)) || !(2 <= \old(waterLevel)))) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && methAndRunningLastTime == 0) && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && 1 <= \result) && 1 <= tmp) && 1 == systemActive))) && ((((pumpRunning == \old(pumpRunning) || pumpRunning == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) [2022-02-20 18:07:59,506 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && methAndRunningLastTime == 0) && tmp == 0) && \old(waterLevel) == waterLevel)) || !(0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 <= \result) && 1 <= tmp) && 1 == systemActive) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 <= \result) && 1 <= tmp) && 1 == systemActive) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((pumpRunning == \old(pumpRunning) && methAndRunningLastTime == 0) && tmp == 0)) || ((pumpRunning == 0 && methAndRunningLastTime == 0) && tmp == 0))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && methAndRunningLastTime == 0) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && methAndRunningLastTime == 0) && tmp == 0) && \old(waterLevel) == waterLevel)) || ((((1 <= pumpRunning && methAndRunningLastTime == 0) && 2 <= waterLevel) && tmp == 0) && \old(waterLevel) == waterLevel)) [2022-02-20 18:07:59,507 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) && (((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && methAndRunningLastTime == 0) && 1 <= \result))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (pumpRunning == \old(pumpRunning) && 1 <= \result)) || !(2 <= \old(waterLevel))) [2022-02-20 18:07:59,507 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && methAndRunningLastTime == 0) && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && 1 <= \result) && \result == 0) && 1 <= tmp)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical))) && (((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(1 == systemActive) || (((pumpRunning == 0 && 1 <= \result) && \result == 0) && 1 <= tmp)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel))) [2022-02-20 18:07:59,507 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || (pumpRunning == 0 && 2 <= waterLevel)) || !(methAndRunningLastTime == 0))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || (pumpRunning == 0 && 2 <= waterLevel)) [2022-02-20 18:07:59,508 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) && (((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical))) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive)) [2022-02-20 18:07:59,508 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (pumpRunning == 0 && 2 <= waterLevel)) || !(methAndRunningLastTime == 0)) || (((pumpRunning == 0 && tmp___0 == 0) && !(tmp == 0)) && \result == 0)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (pumpRunning == 0 && 2 <= waterLevel)) || (((pumpRunning == 0 && tmp___0 == 0) && !(tmp == 0)) && \result == 0)) [2022-02-20 18:07:59,508 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) && ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(methAndRunningLastTime == 0))) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) [2022-02-20 18:07:59,540 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:07:59,540 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:07:59,541 INFO L158 Benchmark]: Toolchain (without parser) took 25664.43ms. Allocated memory was 117.4MB in the beginning and 262.1MB in the end (delta: 144.7MB). Free memory was 84.3MB in the beginning and 178.7MB in the end (delta: -94.4MB). Peak memory consumption was 50.1MB. Max. memory is 16.1GB. [2022-02-20 18:07:59,542 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 81.8MB. Free memory was 37.4MB in the beginning and 37.4MB in the end (delta: 40.0kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:07:59,542 INFO L158 Benchmark]: CACSL2BoogieTranslator took 392.37ms. Allocated memory is still 117.4MB. Free memory was 84.1MB in the beginning and 81.6MB in the end (delta: 2.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:07:59,542 INFO L158 Benchmark]: Boogie Procedure Inliner took 80.61ms. Allocated memory is still 117.4MB. Free memory was 81.6MB in the beginning and 79.0MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:07:59,543 INFO L158 Benchmark]: Boogie Preprocessor took 23.60ms. Allocated memory is still 117.4MB. Free memory was 79.0MB in the beginning and 77.4MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:07:59,543 INFO L158 Benchmark]: RCFGBuilder took 588.78ms. Allocated memory is still 117.4MB. Free memory was 77.0MB in the beginning and 89.6MB in the end (delta: -12.5MB). Peak memory consumption was 21.4MB. Max. memory is 16.1GB. [2022-02-20 18:07:59,543 INFO L158 Benchmark]: TraceAbstraction took 24501.12ms. Allocated memory was 117.4MB in the beginning and 262.1MB in the end (delta: 144.7MB). Free memory was 89.0MB in the beginning and 185.0MB in the end (delta: -95.9MB). Peak memory consumption was 155.4MB. Max. memory is 16.1GB. [2022-02-20 18:07:59,544 INFO L158 Benchmark]: Witness Printer took 71.53ms. Allocated memory is still 262.1MB. Free memory was 185.0MB in the beginning and 178.7MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. [2022-02-20 18:07:59,545 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 81.8MB. Free memory was 37.4MB in the beginning and 37.4MB in the end (delta: 40.0kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 392.37ms. Allocated memory is still 117.4MB. Free memory was 84.1MB in the beginning and 81.6MB in the end (delta: 2.5MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 80.61ms. Allocated memory is still 117.4MB. Free memory was 81.6MB in the beginning and 79.0MB in the end (delta: 2.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 23.60ms. Allocated memory is still 117.4MB. Free memory was 79.0MB in the beginning and 77.4MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 588.78ms. Allocated memory is still 117.4MB. Free memory was 77.0MB in the beginning and 89.6MB in the end (delta: -12.5MB). Peak memory consumption was 21.4MB. Max. memory is 16.1GB. * TraceAbstraction took 24501.12ms. Allocated memory was 117.4MB in the beginning and 262.1MB in the end (delta: 144.7MB). Free memory was 89.0MB in the beginning and 185.0MB in the end (delta: -95.9MB). Peak memory consumption was 155.4MB. Max. memory is 16.1GB. * Witness Printer took 71.53ms. Allocated memory is still 262.1MB. Free memory was 185.0MB in the beginning and 178.7MB in the end (delta: 6.3MB). Peak memory consumption was 6.3MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 839]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 9 procedures, 95 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 24.4s, OverallIterations: 12, TraceHistogramMax: 3, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 12.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 5.9s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 1932 SdHoareTripleChecker+Valid, 2.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 1898 mSDsluCounter, 3506 SdHoareTripleChecker+Invalid, 2.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 2097 mSDsCounter, 717 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 1925 IncrementalHoareTripleChecker+Invalid, 2642 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 717 mSolverCounterUnsat, 1409 mSDtfsCounter, 1925 mSolverCounterSat, 0.1s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 398 GetRequests, 291 SyntacticMatches, 2 SemanticMatches, 105 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 180 ImplicationChecksByTransitivity, 0.5s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=1545occurred in iteration=9, InterpolantAutomatonStates: 97, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 2.2s AutomataMinimizationTime, 12 MinimizatonAttempts, 592 StatesRemovedByMinimization, 8 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 44 LocationsWithAnnotation, 2624 PreInvPairs, 2872 NumberOfFragments, 3191 HoareAnnotationTreeSize, 2624 FomulaSimplifications, 1004 FormulaSimplificationTreeSizeReduction, 1.2s HoareSimplificationTime, 44 FomulaSimplificationsInter, 17657 FormulaSimplificationTreeSizeReductionInter, 4.3s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.1s SsaConstructionTime, 0.4s SatisfiabilityAnalysisTime, 2.1s InterpolantComputationTime, 815 NumberOfCodeBlocks, 815 NumberOfCodeBlocksAsserted, 14 NumberOfCheckSat, 801 ConstructedInterpolants, 0 QuantifiedInterpolants, 1468 SizeOfPredicates, 5 NumberOfNonLiveVariables, 947 ConjunctsInSsa, 12 ConjunctsInUnsatCore, 14 InterpolantComputations, 12 PerfectInterpolantSequences, 153/162 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 899]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 206]: Loop Invariant Derived loop invariant: ((((((((1 <= pumpRunning && 1 <= methaneLevelCritical) && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) || ((((1 <= pumpRunning && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 <= methaneLevelCritical) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && splverifierCounter == 0) && 0 == systemActive)) || ((((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 <= methaneLevelCritical) && splverifierCounter == 0) && 0 == systemActive) - InvariantResult [Line: 205]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 196]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 54]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 962]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 381]: Loop Invariant Derived loop invariant: (((((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && methAndRunningLastTime == 0) && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && 1 <= \result) && \result == 0) && 1 <= tmp)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical))) && (((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((((!(1 == systemActive) || (((pumpRunning == 0 && 1 <= \result) && \result == 0) && 1 <= tmp)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 845]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 177]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) && (((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(1 <= methaneLevelCritical)) || (pumpRunning == 0 && 2 <= waterLevel)) || !(methAndRunningLastTime == 0))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (pumpRunning == 0 && !(\result == 0))) || !(methaneLevelCritical == 0)) || (pumpRunning == 0 && 2 <= waterLevel)) - InvariantResult [Line: 329]: Loop Invariant Derived loop invariant: ((((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(methaneLevelCritical == 0)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime)) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && 1 <= \result) && 1 <= tmp) && 1 == systemActive)) || !(2 <= \old(waterLevel)))) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || (((1 <= pumpRunning && methAndRunningLastTime == 0) && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && \old(methAndRunningLastTime) == methAndRunningLastTime))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((((pumpRunning == 0 && 1 <= methaneLevelCritical) && 1 <= \result) && 1 <= tmp) && 1 == systemActive))) && ((((pumpRunning == \old(pumpRunning) || pumpRunning == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) - InvariantResult [Line: 969]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 370]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) && (((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || ((pumpRunning == \old(pumpRunning) && methAndRunningLastTime == 0) && 1 <= \result))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || (pumpRunning == \old(pumpRunning) && 1 <= \result)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 906]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 100]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) && ((((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && (((pumpRunning == \old(pumpRunning) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && ((((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || (pumpRunning == \old(pumpRunning) && methAndRunningLastTime == 0)) || !(1 <= methaneLevelCritical)) - InvariantResult [Line: 426]: Loop Invariant Derived loop invariant: ((((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || (pumpRunning == 0 && 2 <= waterLevel)) || !(methAndRunningLastTime == 0)) || (((pumpRunning == 0 && tmp___0 == 0) && !(tmp == 0)) && \result == 0)) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && ((((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (pumpRunning == 0 && 2 <= waterLevel)) || (((pumpRunning == 0 && tmp___0 == 0) && !(tmp == 0)) && \result == 0)) - InvariantResult [Line: 835]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) && (((!(\old(methAndRunningLastTime) == 0) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical))) && ((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0))) && (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || !(0 == systemActive))) && (((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0))) && ((!(\old(pumpRunning) == 0) || !(1 <= methaneLevelCritical)) || !(0 == systemActive)) - InvariantResult [Line: 460]: Loop Invariant Derived loop invariant: (((((((1 <= pumpRunning && 1 <= methaneLevelCritical) && 2 <= waterLevel) && 1 == systemActive) && splverifierCounter == 0) || ((((1 <= pumpRunning && methAndRunningLastTime == 0) && 1 <= methaneLevelCritical) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 <= methaneLevelCritical) && 1 == systemActive) && splverifierCounter == 0)) || ((((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0)) || (((1 <= pumpRunning && methaneLevelCritical == 0) && 1 == systemActive) && splverifierCounter == 0) - InvariantResult [Line: 855]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 62]: Loop Invariant Derived loop invariant: ((((((((!(\old(pumpRunning) == 0) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && methAndRunningLastTime == 0) && tmp == 0) && \old(waterLevel) == waterLevel)) || !(0 == systemActive)) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || ((1 <= pumpRunning && 2 <= waterLevel) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || (((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 == systemActive) && \old(waterLevel) == waterLevel))) && ((((((((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 <= \result) && 1 <= tmp) && 1 == systemActive) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical)) || !(2 <= \old(waterLevel)))) && ((((((((pumpRunning == 0 && methAndRunningLastTime == 0) && 1 <= \result) && 1 <= tmp) && 1 == systemActive) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(1 <= \old(pumpRunning))) || !(1 <= methaneLevelCritical))) && ((((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) || ((pumpRunning == \old(pumpRunning) && methAndRunningLastTime == 0) && tmp == 0)) || ((pumpRunning == 0 && methAndRunningLastTime == 0) && tmp == 0))) && (((!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && methAndRunningLastTime == 0) && \old(waterLevel) == waterLevel)) || !(1 <= methaneLevelCritical)) || !(0 == systemActive))) && (((((!(\old(pumpRunning) == 0) || !(\old(methAndRunningLastTime) == 0)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) || (((pumpRunning == 0 && methAndRunningLastTime == 0) && tmp == 0) && \old(waterLevel) == waterLevel)) || ((((1 <= pumpRunning && methAndRunningLastTime == 0) && 2 <= waterLevel) && tmp == 0) && \old(waterLevel) == waterLevel)) - InvariantResult [Line: 354]: Loop Invariant Derived loop invariant: (((!(1 == systemActive) || !(1 <= \old(pumpRunning))) || !(methaneLevelCritical == 0)) && ((((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(1 <= methaneLevelCritical)) || !(methAndRunningLastTime == 0))) && (((!(\old(pumpRunning) == 0) || (1 <= pumpRunning && 2 <= waterLevel)) || !(1 == systemActive)) || !(methaneLevelCritical == 0)) - InvariantResult [Line: 955]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && methAndRunningLastTime == 0) && methaneLevelCritical == 0) && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 920]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 445]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 <= methaneLevelCritical) && splverifierCounter == 0) && 0 == systemActive) || (((pumpRunning == 0 && methaneLevelCritical == 0) && splverifierCounter == 0) && 0 == systemActive) RESULT: Ultimate proved your program to be correct! [2022-02-20 18:07:59,614 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE