./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 471ad46a1662a2ee36763023473e29e175f1086d40bbf36d792af661871bf09e --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:07:37,799 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:07:37,801 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:07:37,825 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:07:37,827 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:07:37,830 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:07:37,831 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:07:37,836 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:07:37,838 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:07:37,842 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:07:37,842 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:07:37,843 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:07:37,843 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:07:37,845 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:07:37,846 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:07:37,848 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:07:37,848 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:07:37,849 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:07:37,852 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:07:37,856 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:07:37,857 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:07:37,857 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:07:37,858 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:07:37,859 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:07:37,862 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:07:37,862 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:07:37,862 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:07:37,863 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:07:37,864 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:07:37,864 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:07:37,864 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:07:37,865 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:07:37,866 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:07:37,867 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:07:37,868 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:07:37,868 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:07:37,868 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:07:37,868 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:07:37,868 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:07:37,869 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:07:37,869 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:07:37,870 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:07:37,895 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:07:37,896 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:07:37,896 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:07:37,896 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:07:37,897 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:07:37,897 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:07:37,897 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:07:37,897 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:07:37,898 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:07:37,898 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:07:37,898 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:07:37,898 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:07:37,899 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:07:37,899 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:07:37,899 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:07:37,899 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:07:37,899 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:07:37,899 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:07:37,899 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:07:37,900 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:07:37,900 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:07:37,900 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:07:37,900 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:07:37,900 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:07:37,900 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:37,900 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:07:37,901 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:07:37,901 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:07:37,901 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:07:37,901 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:07:37,901 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:07:37,901 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:07:37,902 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:07:37,902 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 471ad46a1662a2ee36763023473e29e175f1086d40bbf36d792af661871bf09e [2022-02-20 18:07:38,101 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:07:38,123 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:07:38,125 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:07:38,126 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:07:38,126 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:07:38,127 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c [2022-02-20 18:07:38,179 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6ea049e17/50e132f84e5047379a3499ace39a3aa7/FLAG66755ef49 [2022-02-20 18:07:38,520 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:07:38,521 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c [2022-02-20 18:07:38,551 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6ea049e17/50e132f84e5047379a3499ace39a3aa7/FLAG66755ef49 [2022-02-20 18:07:38,905 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6ea049e17/50e132f84e5047379a3499ace39a3aa7 [2022-02-20 18:07:38,907 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:07:38,908 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:07:38,909 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:38,909 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:07:38,912 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:07:38,912 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:38" (1/1) ... [2022-02-20 18:07:38,913 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@11c9698f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:38, skipping insertion in model container [2022-02-20 18:07:38,913 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:38" (1/1) ... [2022-02-20 18:07:38,923 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:07:38,961 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:07:39,108 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c[1605,1618] [2022-02-20 18:07:39,244 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:39,258 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:07:39,269 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c[1605,1618] [2022-02-20 18:07:39,326 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:39,344 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:07:39,345 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39 WrapperNode [2022-02-20 18:07:39,346 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:39,347 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:39,347 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:07:39,347 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:07:39,352 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,374 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,407 INFO L137 Inliner]: procedures = 56, calls = 155, calls flagged for inlining = 25, calls inlined = 22, statements flattened = 252 [2022-02-20 18:07:39,408 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:39,409 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:07:39,409 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:07:39,409 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:07:39,414 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,415 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,420 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,420 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,433 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,439 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,440 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,444 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:07:39,445 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:07:39,446 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:07:39,446 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:07:39,447 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (1/1) ... [2022-02-20 18:07:39,452 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:39,459 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:39,469 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:07:39,490 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:07:39,511 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:07:39,511 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:07:39,511 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:07:39,512 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:07:39,512 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:07:39,512 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:07:39,512 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:07:39,512 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:07:39,512 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:07:39,513 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:07:39,513 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:07:39,513 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:07:39,513 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:07:39,513 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:07:39,514 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:07:39,514 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:07:39,581 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:07:39,583 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:07:39,817 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:07:39,823 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:07:39,824 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:07:39,825 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:39 BoogieIcfgContainer [2022-02-20 18:07:39,825 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:07:39,826 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:07:39,826 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:07:39,839 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:07:39,839 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:07:38" (1/3) ... [2022-02-20 18:07:39,839 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7e366f9b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:39, skipping insertion in model container [2022-02-20 18:07:39,840 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:39" (2/3) ... [2022-02-20 18:07:39,840 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7e366f9b and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:39, skipping insertion in model container [2022-02-20 18:07:39,840 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:39" (3/3) ... [2022-02-20 18:07:39,841 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec2_product44.cil.c [2022-02-20 18:07:39,844 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:07:39,844 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:07:39,881 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:07:39,886 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:07:39,886 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:07:39,900 INFO L276 IsEmpty]: Start isEmpty. Operand has 86 states, 68 states have (on average 1.3823529411764706) internal successors, (94), 74 states have internal predecessors, (94), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:07:39,905 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:07:39,906 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:39,907 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:39,907 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:39,911 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:39,911 INFO L85 PathProgramCache]: Analyzing trace with hash -276262322, now seen corresponding path program 1 times [2022-02-20 18:07:39,917 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:39,918 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1767411723] [2022-02-20 18:07:39,919 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:39,919 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:40,008 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,054 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 15 [2022-02-20 18:07:40,056 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,073 INFO L290 TraceCheckUtils]: 0: Hoare triple {89#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {89#true} is VALID [2022-02-20 18:07:40,074 INFO L290 TraceCheckUtils]: 1: Hoare triple {89#true} assume true; {89#true} is VALID [2022-02-20 18:07:40,074 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {89#true} {90#false} #240#return; {90#false} is VALID [2022-02-20 18:07:40,075 INFO L290 TraceCheckUtils]: 0: Hoare triple {89#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {89#true} is VALID [2022-02-20 18:07:40,075 INFO L290 TraceCheckUtils]: 1: Hoare triple {89#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {89#true} is VALID [2022-02-20 18:07:40,076 INFO L290 TraceCheckUtils]: 2: Hoare triple {89#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {89#true} is VALID [2022-02-20 18:07:40,076 INFO L290 TraceCheckUtils]: 3: Hoare triple {89#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {89#true} is VALID [2022-02-20 18:07:40,076 INFO L290 TraceCheckUtils]: 4: Hoare triple {89#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {89#true} is VALID [2022-02-20 18:07:40,076 INFO L290 TraceCheckUtils]: 5: Hoare triple {89#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {89#true} is VALID [2022-02-20 18:07:40,076 INFO L290 TraceCheckUtils]: 6: Hoare triple {89#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {89#true} is VALID [2022-02-20 18:07:40,077 INFO L290 TraceCheckUtils]: 7: Hoare triple {89#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {89#true} is VALID [2022-02-20 18:07:40,078 INFO L290 TraceCheckUtils]: 8: Hoare triple {89#true} assume !true; {90#false} is VALID [2022-02-20 18:07:40,078 INFO L272 TraceCheckUtils]: 9: Hoare triple {90#false} call cleanup(); {90#false} is VALID [2022-02-20 18:07:40,078 INFO L290 TraceCheckUtils]: 10: Hoare triple {90#false} havoc ~i~0;havoc ~__cil_tmp2~0; {90#false} is VALID [2022-02-20 18:07:40,078 INFO L272 TraceCheckUtils]: 11: Hoare triple {90#false} call timeShift(); {90#false} is VALID [2022-02-20 18:07:40,078 INFO L290 TraceCheckUtils]: 12: Hoare triple {90#false} assume !(0 != ~pumpRunning~0); {90#false} is VALID [2022-02-20 18:07:40,079 INFO L290 TraceCheckUtils]: 13: Hoare triple {90#false} assume !(0 != ~systemActive~0); {90#false} is VALID [2022-02-20 18:07:40,079 INFO L290 TraceCheckUtils]: 14: Hoare triple {90#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {90#false} is VALID [2022-02-20 18:07:40,079 INFO L272 TraceCheckUtils]: 15: Hoare triple {90#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {89#true} is VALID [2022-02-20 18:07:40,079 INFO L290 TraceCheckUtils]: 16: Hoare triple {89#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {89#true} is VALID [2022-02-20 18:07:40,079 INFO L290 TraceCheckUtils]: 17: Hoare triple {89#true} assume true; {89#true} is VALID [2022-02-20 18:07:40,080 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {89#true} {90#false} #240#return; {90#false} is VALID [2022-02-20 18:07:40,080 INFO L290 TraceCheckUtils]: 19: Hoare triple {90#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {90#false} is VALID [2022-02-20 18:07:40,080 INFO L290 TraceCheckUtils]: 20: Hoare triple {90#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {90#false} is VALID [2022-02-20 18:07:40,080 INFO L290 TraceCheckUtils]: 21: Hoare triple {90#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {90#false} is VALID [2022-02-20 18:07:40,081 INFO L290 TraceCheckUtils]: 22: Hoare triple {90#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {90#false} is VALID [2022-02-20 18:07:40,081 INFO L290 TraceCheckUtils]: 23: Hoare triple {90#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {90#false} is VALID [2022-02-20 18:07:40,081 INFO L290 TraceCheckUtils]: 24: Hoare triple {90#false} assume !false; {90#false} is VALID [2022-02-20 18:07:40,081 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:40,082 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:40,082 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1767411723] [2022-02-20 18:07:40,082 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1767411723] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:40,083 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:40,083 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:07:40,084 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1310623315] [2022-02-20 18:07:40,084 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:40,088 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:40,089 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:40,091 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,113 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:40,113 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:07:40,114 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:40,126 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:07:40,127 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:40,129 INFO L87 Difference]: Start difference. First operand has 86 states, 68 states have (on average 1.3823529411764706) internal successors, (94), 74 states have internal predecessors, (94), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,241 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,242 INFO L93 Difference]: Finished difference Result 163 states and 222 transitions. [2022-02-20 18:07:40,242 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:07:40,243 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:40,244 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:40,245 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,265 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 222 transitions. [2022-02-20 18:07:40,268 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,274 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 222 transitions. [2022-02-20 18:07:40,277 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 222 transitions. [2022-02-20 18:07:40,493 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 222 edges. 222 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:40,504 INFO L225 Difference]: With dead ends: 163 [2022-02-20 18:07:40,504 INFO L226 Difference]: Without dead ends: 77 [2022-02-20 18:07:40,507 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 4 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:40,511 INFO L933 BasicCegarLoop]: 108 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 108 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:40,512 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 108 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:40,524 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2022-02-20 18:07:40,535 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 77. [2022-02-20 18:07:40,535 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:40,539 INFO L82 GeneralOperation]: Start isEquivalent. First operand 77 states. Second operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:40,542 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:40,543 INFO L87 Difference]: Start difference. First operand 77 states. Second operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:40,549 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,559 INFO L93 Difference]: Finished difference Result 77 states and 99 transitions. [2022-02-20 18:07:40,559 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:40,560 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:40,560 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:40,571 INFO L74 IsIncluded]: Start isIncluded. First operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 77 states. [2022-02-20 18:07:40,572 INFO L87 Difference]: Start difference. First operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 77 states. [2022-02-20 18:07:40,576 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,576 INFO L93 Difference]: Finished difference Result 77 states and 99 transitions. [2022-02-20 18:07:40,576 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:40,577 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:40,577 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:40,577 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:40,577 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:40,578 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:40,580 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 99 transitions. [2022-02-20 18:07:40,581 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 99 transitions. Word has length 25 [2022-02-20 18:07:40,581 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:40,582 INFO L470 AbstractCegarLoop]: Abstraction has 77 states and 99 transitions. [2022-02-20 18:07:40,582 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,582 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:40,583 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-02-20 18:07:40,583 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:40,584 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:40,584 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:07:40,584 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:40,584 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:40,585 INFO L85 PathProgramCache]: Analyzing trace with hash 174267448, now seen corresponding path program 1 times [2022-02-20 18:07:40,585 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:40,585 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1136166687] [2022-02-20 18:07:40,585 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:40,585 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:40,642 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,692 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 16 [2022-02-20 18:07:40,695 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:40,698 INFO L290 TraceCheckUtils]: 0: Hoare triple {599#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {599#true} is VALID [2022-02-20 18:07:40,698 INFO L290 TraceCheckUtils]: 1: Hoare triple {599#true} assume true; {599#true} is VALID [2022-02-20 18:07:40,699 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {599#true} {600#false} #240#return; {600#false} is VALID [2022-02-20 18:07:40,699 INFO L290 TraceCheckUtils]: 0: Hoare triple {599#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {599#true} is VALID [2022-02-20 18:07:40,699 INFO L290 TraceCheckUtils]: 1: Hoare triple {599#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {599#true} is VALID [2022-02-20 18:07:40,699 INFO L290 TraceCheckUtils]: 2: Hoare triple {599#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {599#true} is VALID [2022-02-20 18:07:40,699 INFO L290 TraceCheckUtils]: 3: Hoare triple {599#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {599#true} is VALID [2022-02-20 18:07:40,700 INFO L290 TraceCheckUtils]: 4: Hoare triple {599#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {599#true} is VALID [2022-02-20 18:07:40,700 INFO L290 TraceCheckUtils]: 5: Hoare triple {599#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {599#true} is VALID [2022-02-20 18:07:40,700 INFO L290 TraceCheckUtils]: 6: Hoare triple {599#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {599#true} is VALID [2022-02-20 18:07:40,700 INFO L290 TraceCheckUtils]: 7: Hoare triple {599#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {601#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:40,701 INFO L290 TraceCheckUtils]: 8: Hoare triple {601#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {601#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:07:40,701 INFO L290 TraceCheckUtils]: 9: Hoare triple {601#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {600#false} is VALID [2022-02-20 18:07:40,702 INFO L272 TraceCheckUtils]: 10: Hoare triple {600#false} call cleanup(); {600#false} is VALID [2022-02-20 18:07:40,702 INFO L290 TraceCheckUtils]: 11: Hoare triple {600#false} havoc ~i~0;havoc ~__cil_tmp2~0; {600#false} is VALID [2022-02-20 18:07:40,702 INFO L272 TraceCheckUtils]: 12: Hoare triple {600#false} call timeShift(); {600#false} is VALID [2022-02-20 18:07:40,702 INFO L290 TraceCheckUtils]: 13: Hoare triple {600#false} assume !(0 != ~pumpRunning~0); {600#false} is VALID [2022-02-20 18:07:40,702 INFO L290 TraceCheckUtils]: 14: Hoare triple {600#false} assume !(0 != ~systemActive~0); {600#false} is VALID [2022-02-20 18:07:40,702 INFO L290 TraceCheckUtils]: 15: Hoare triple {600#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {600#false} is VALID [2022-02-20 18:07:40,703 INFO L272 TraceCheckUtils]: 16: Hoare triple {600#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {599#true} is VALID [2022-02-20 18:07:40,703 INFO L290 TraceCheckUtils]: 17: Hoare triple {599#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {599#true} is VALID [2022-02-20 18:07:40,703 INFO L290 TraceCheckUtils]: 18: Hoare triple {599#true} assume true; {599#true} is VALID [2022-02-20 18:07:40,706 INFO L284 TraceCheckUtils]: 19: Hoare quadruple {599#true} {600#false} #240#return; {600#false} is VALID [2022-02-20 18:07:40,706 INFO L290 TraceCheckUtils]: 20: Hoare triple {600#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {600#false} is VALID [2022-02-20 18:07:40,706 INFO L290 TraceCheckUtils]: 21: Hoare triple {600#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {600#false} is VALID [2022-02-20 18:07:40,706 INFO L290 TraceCheckUtils]: 22: Hoare triple {600#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {600#false} is VALID [2022-02-20 18:07:40,706 INFO L290 TraceCheckUtils]: 23: Hoare triple {600#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {600#false} is VALID [2022-02-20 18:07:40,706 INFO L290 TraceCheckUtils]: 24: Hoare triple {600#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {600#false} is VALID [2022-02-20 18:07:40,707 INFO L290 TraceCheckUtils]: 25: Hoare triple {600#false} assume !false; {600#false} is VALID [2022-02-20 18:07:40,707 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:40,707 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:40,707 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1136166687] [2022-02-20 18:07:40,707 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1136166687] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:40,708 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:40,708 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:40,708 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [593050936] [2022-02-20 18:07:40,708 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:40,710 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:40,710 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:40,711 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,735 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:40,735 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:40,736 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:40,736 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:40,736 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:40,736 INFO L87 Difference]: Start difference. First operand 77 states and 99 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,802 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,802 INFO L93 Difference]: Finished difference Result 114 states and 147 transitions. [2022-02-20 18:07:40,802 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:40,802 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:40,803 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:40,803 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,809 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 147 transitions. [2022-02-20 18:07:40,809 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,811 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 147 transitions. [2022-02-20 18:07:40,811 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 147 transitions. [2022-02-20 18:07:40,911 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 147 edges. 147 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:40,915 INFO L225 Difference]: With dead ends: 114 [2022-02-20 18:07:40,915 INFO L226 Difference]: Without dead ends: 68 [2022-02-20 18:07:40,920 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:40,922 INFO L933 BasicCegarLoop]: 86 mSDtfsCounter, 18 mSDsluCounter, 64 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 150 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:40,923 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 150 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:40,924 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 68 states. [2022-02-20 18:07:40,932 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 68 to 68. [2022-02-20 18:07:40,932 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:40,933 INFO L82 GeneralOperation]: Start isEquivalent. First operand 68 states. Second operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:40,933 INFO L74 IsIncluded]: Start isIncluded. First operand 68 states. Second operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:40,933 INFO L87 Difference]: Start difference. First operand 68 states. Second operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:40,936 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,936 INFO L93 Difference]: Finished difference Result 68 states and 87 transitions. [2022-02-20 18:07:40,937 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 87 transitions. [2022-02-20 18:07:40,938 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:40,939 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:40,941 INFO L74 IsIncluded]: Start isIncluded. First operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 68 states. [2022-02-20 18:07:40,941 INFO L87 Difference]: Start difference. First operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 68 states. [2022-02-20 18:07:40,944 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:40,944 INFO L93 Difference]: Finished difference Result 68 states and 87 transitions. [2022-02-20 18:07:40,945 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 87 transitions. [2022-02-20 18:07:40,945 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:40,946 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:40,946 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:40,946 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:40,947 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:40,948 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 68 states to 68 states and 87 transitions. [2022-02-20 18:07:40,949 INFO L78 Accepts]: Start accepts. Automaton has 68 states and 87 transitions. Word has length 26 [2022-02-20 18:07:40,949 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:40,950 INFO L470 AbstractCegarLoop]: Abstraction has 68 states and 87 transitions. [2022-02-20 18:07:40,950 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:40,950 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 87 transitions. [2022-02-20 18:07:40,951 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2022-02-20 18:07:40,952 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:40,953 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:40,953 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:07:40,954 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:40,955 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:40,955 INFO L85 PathProgramCache]: Analyzing trace with hash -2461694, now seen corresponding path program 1 times [2022-02-20 18:07:40,955 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:40,956 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1092237134] [2022-02-20 18:07:40,956 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:40,956 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:40,982 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:41,023 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-02-20 18:07:41,025 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:41,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {1006#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {1006#true} is VALID [2022-02-20 18:07:41,027 INFO L290 TraceCheckUtils]: 1: Hoare triple {1006#true} assume true; {1006#true} is VALID [2022-02-20 18:07:41,027 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1006#true} {1007#false} #240#return; {1007#false} is VALID [2022-02-20 18:07:41,027 INFO L290 TraceCheckUtils]: 0: Hoare triple {1006#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {1006#true} is VALID [2022-02-20 18:07:41,028 INFO L290 TraceCheckUtils]: 1: Hoare triple {1006#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1006#true} is VALID [2022-02-20 18:07:41,028 INFO L290 TraceCheckUtils]: 2: Hoare triple {1006#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1006#true} is VALID [2022-02-20 18:07:41,028 INFO L290 TraceCheckUtils]: 3: Hoare triple {1006#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1008#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:07:41,029 INFO L290 TraceCheckUtils]: 4: Hoare triple {1008#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {1009#(= |ULTIMATE.start_main_~tmp~4#1| 1)} is VALID [2022-02-20 18:07:41,029 INFO L290 TraceCheckUtils]: 5: Hoare triple {1009#(= |ULTIMATE.start_main_~tmp~4#1| 1)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1006#true} is VALID [2022-02-20 18:07:41,029 INFO L290 TraceCheckUtils]: 6: Hoare triple {1006#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {1006#true} is VALID [2022-02-20 18:07:41,029 INFO L290 TraceCheckUtils]: 7: Hoare triple {1006#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1006#true} is VALID [2022-02-20 18:07:41,029 INFO L290 TraceCheckUtils]: 8: Hoare triple {1006#true} assume !false; {1006#true} is VALID [2022-02-20 18:07:41,030 INFO L290 TraceCheckUtils]: 9: Hoare triple {1006#true} assume test_~splverifierCounter~0#1 < 4; {1006#true} is VALID [2022-02-20 18:07:41,030 INFO L290 TraceCheckUtils]: 10: Hoare triple {1006#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1006#true} is VALID [2022-02-20 18:07:41,030 INFO L290 TraceCheckUtils]: 11: Hoare triple {1006#true} assume !(0 != test_~tmp~0#1); {1006#true} is VALID [2022-02-20 18:07:41,030 INFO L290 TraceCheckUtils]: 12: Hoare triple {1006#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1006#true} is VALID [2022-02-20 18:07:41,030 INFO L290 TraceCheckUtils]: 13: Hoare triple {1006#true} assume !(0 != test_~tmp___0~0#1); {1006#true} is VALID [2022-02-20 18:07:41,030 INFO L290 TraceCheckUtils]: 14: Hoare triple {1006#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1006#true} is VALID [2022-02-20 18:07:41,031 INFO L290 TraceCheckUtils]: 15: Hoare triple {1006#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {1010#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:41,031 INFO L290 TraceCheckUtils]: 16: Hoare triple {1010#(not (= 0 ~systemActive~0))} assume { :end_inline_startSystem } true; {1010#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:41,032 INFO L272 TraceCheckUtils]: 17: Hoare triple {1010#(not (= 0 ~systemActive~0))} call timeShift(); {1010#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:41,032 INFO L290 TraceCheckUtils]: 18: Hoare triple {1010#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {1010#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:07:41,033 INFO L290 TraceCheckUtils]: 19: Hoare triple {1010#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {1007#false} is VALID [2022-02-20 18:07:41,033 INFO L290 TraceCheckUtils]: 20: Hoare triple {1007#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1007#false} is VALID [2022-02-20 18:07:41,033 INFO L272 TraceCheckUtils]: 21: Hoare triple {1007#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {1006#true} is VALID [2022-02-20 18:07:41,033 INFO L290 TraceCheckUtils]: 22: Hoare triple {1006#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {1006#true} is VALID [2022-02-20 18:07:41,033 INFO L290 TraceCheckUtils]: 23: Hoare triple {1006#true} assume true; {1006#true} is VALID [2022-02-20 18:07:41,033 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {1006#true} {1007#false} #240#return; {1007#false} is VALID [2022-02-20 18:07:41,034 INFO L290 TraceCheckUtils]: 25: Hoare triple {1007#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {1007#false} is VALID [2022-02-20 18:07:41,034 INFO L290 TraceCheckUtils]: 26: Hoare triple {1007#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1007#false} is VALID [2022-02-20 18:07:41,034 INFO L290 TraceCheckUtils]: 27: Hoare triple {1007#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {1007#false} is VALID [2022-02-20 18:07:41,034 INFO L290 TraceCheckUtils]: 28: Hoare triple {1007#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1007#false} is VALID [2022-02-20 18:07:41,034 INFO L290 TraceCheckUtils]: 29: Hoare triple {1007#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1007#false} is VALID [2022-02-20 18:07:41,034 INFO L290 TraceCheckUtils]: 30: Hoare triple {1007#false} assume !false; {1007#false} is VALID [2022-02-20 18:07:41,035 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:41,035 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:41,035 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1092237134] [2022-02-20 18:07:41,035 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1092237134] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:41,035 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:41,035 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:07:41,036 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1459354044] [2022-02-20 18:07:41,036 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:41,036 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:41,036 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:41,037 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,056 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:41,056 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:07:41,056 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:41,057 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:07:41,057 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:41,057 INFO L87 Difference]: Start difference. First operand 68 states and 87 transitions. Second operand has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,245 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:41,246 INFO L93 Difference]: Finished difference Result 168 states and 220 transitions. [2022-02-20 18:07:41,246 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:41,246 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:41,246 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:41,246 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,249 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 220 transitions. [2022-02-20 18:07:41,249 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,252 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 220 transitions. [2022-02-20 18:07:41,252 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 220 transitions. [2022-02-20 18:07:41,420 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 220 edges. 220 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:41,422 INFO L225 Difference]: With dead ends: 168 [2022-02-20 18:07:41,423 INFO L226 Difference]: Without dead ends: 108 [2022-02-20 18:07:41,423 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 13 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 2 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:07:41,424 INFO L933 BasicCegarLoop]: 101 mSDtfsCounter, 157 mSDsluCounter, 199 mSDsCounter, 0 mSdLazyCounter, 11 mSolverCounterSat, 16 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 157 SdHoareTripleChecker+Valid, 300 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 16 IncrementalHoareTripleChecker+Valid, 11 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:41,424 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [157 Valid, 300 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [16 Valid, 11 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:41,425 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 108 states. [2022-02-20 18:07:41,431 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 108 to 103. [2022-02-20 18:07:41,431 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:41,431 INFO L82 GeneralOperation]: Start isEquivalent. First operand 108 states. Second operand has 103 states, 82 states have (on average 1.353658536585366) internal successors, (111), 89 states have internal predecessors, (111), 11 states have call successors, (11), 9 states have call predecessors, (11), 9 states have return successors, (12), 10 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:07:41,432 INFO L74 IsIncluded]: Start isIncluded. First operand 108 states. Second operand has 103 states, 82 states have (on average 1.353658536585366) internal successors, (111), 89 states have internal predecessors, (111), 11 states have call successors, (11), 9 states have call predecessors, (11), 9 states have return successors, (12), 10 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:07:41,432 INFO L87 Difference]: Start difference. First operand 108 states. Second operand has 103 states, 82 states have (on average 1.353658536585366) internal successors, (111), 89 states have internal predecessors, (111), 11 states have call successors, (11), 9 states have call predecessors, (11), 9 states have return successors, (12), 10 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:07:41,435 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:41,435 INFO L93 Difference]: Finished difference Result 108 states and 139 transitions. [2022-02-20 18:07:41,435 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 139 transitions. [2022-02-20 18:07:41,435 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:41,436 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:41,436 INFO L74 IsIncluded]: Start isIncluded. First operand has 103 states, 82 states have (on average 1.353658536585366) internal successors, (111), 89 states have internal predecessors, (111), 11 states have call successors, (11), 9 states have call predecessors, (11), 9 states have return successors, (12), 10 states have call predecessors, (12), 11 states have call successors, (12) Second operand 108 states. [2022-02-20 18:07:41,436 INFO L87 Difference]: Start difference. First operand has 103 states, 82 states have (on average 1.353658536585366) internal successors, (111), 89 states have internal predecessors, (111), 11 states have call successors, (11), 9 states have call predecessors, (11), 9 states have return successors, (12), 10 states have call predecessors, (12), 11 states have call successors, (12) Second operand 108 states. [2022-02-20 18:07:41,439 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:41,439 INFO L93 Difference]: Finished difference Result 108 states and 139 transitions. [2022-02-20 18:07:41,439 INFO L276 IsEmpty]: Start isEmpty. Operand 108 states and 139 transitions. [2022-02-20 18:07:41,440 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:41,440 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:41,463 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:41,463 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:41,464 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 103 states, 82 states have (on average 1.353658536585366) internal successors, (111), 89 states have internal predecessors, (111), 11 states have call successors, (11), 9 states have call predecessors, (11), 9 states have return successors, (12), 10 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:07:41,466 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 103 states to 103 states and 134 transitions. [2022-02-20 18:07:41,467 INFO L78 Accepts]: Start accepts. Automaton has 103 states and 134 transitions. Word has length 31 [2022-02-20 18:07:41,467 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:41,467 INFO L470 AbstractCegarLoop]: Abstraction has 103 states and 134 transitions. [2022-02-20 18:07:41,467 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 5.6) internal successors, (28), 5 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,467 INFO L276 IsEmpty]: Start isEmpty. Operand 103 states and 134 transitions. [2022-02-20 18:07:41,468 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-20 18:07:41,468 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:41,468 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:41,468 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:07:41,468 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:41,468 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:41,468 INFO L85 PathProgramCache]: Analyzing trace with hash -1429569393, now seen corresponding path program 1 times [2022-02-20 18:07:41,469 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:41,469 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [285275301] [2022-02-20 18:07:41,469 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:41,469 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:41,490 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:41,523 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 24 [2022-02-20 18:07:41,524 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:41,527 INFO L290 TraceCheckUtils]: 0: Hoare triple {1621#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {1621#true} is VALID [2022-02-20 18:07:41,527 INFO L290 TraceCheckUtils]: 1: Hoare triple {1621#true} assume true; {1621#true} is VALID [2022-02-20 18:07:41,528 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {1621#true} {1623#(= ~pumpRunning~0 0)} #240#return; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,528 INFO L290 TraceCheckUtils]: 0: Hoare triple {1621#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,529 INFO L290 TraceCheckUtils]: 1: Hoare triple {1623#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,529 INFO L290 TraceCheckUtils]: 2: Hoare triple {1623#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,529 INFO L290 TraceCheckUtils]: 3: Hoare triple {1623#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,530 INFO L290 TraceCheckUtils]: 4: Hoare triple {1623#(= ~pumpRunning~0 0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,530 INFO L290 TraceCheckUtils]: 5: Hoare triple {1623#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,531 INFO L290 TraceCheckUtils]: 6: Hoare triple {1623#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,531 INFO L290 TraceCheckUtils]: 7: Hoare triple {1623#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,531 INFO L290 TraceCheckUtils]: 8: Hoare triple {1623#(= ~pumpRunning~0 0)} assume !false; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,532 INFO L290 TraceCheckUtils]: 9: Hoare triple {1623#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,532 INFO L290 TraceCheckUtils]: 10: Hoare triple {1623#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,532 INFO L290 TraceCheckUtils]: 11: Hoare triple {1623#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~0#1); {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,533 INFO L290 TraceCheckUtils]: 12: Hoare triple {1623#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,533 INFO L290 TraceCheckUtils]: 13: Hoare triple {1623#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,534 INFO L290 TraceCheckUtils]: 14: Hoare triple {1623#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,534 INFO L290 TraceCheckUtils]: 15: Hoare triple {1623#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,534 INFO L290 TraceCheckUtils]: 16: Hoare triple {1623#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,535 INFO L290 TraceCheckUtils]: 17: Hoare triple {1623#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,535 INFO L290 TraceCheckUtils]: 18: Hoare triple {1623#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,536 INFO L290 TraceCheckUtils]: 19: Hoare triple {1623#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,536 INFO L272 TraceCheckUtils]: 20: Hoare triple {1623#(= ~pumpRunning~0 0)} call timeShift(); {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,536 INFO L290 TraceCheckUtils]: 21: Hoare triple {1623#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,537 INFO L290 TraceCheckUtils]: 22: Hoare triple {1623#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,537 INFO L290 TraceCheckUtils]: 23: Hoare triple {1623#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,537 INFO L272 TraceCheckUtils]: 24: Hoare triple {1623#(= ~pumpRunning~0 0)} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {1621#true} is VALID [2022-02-20 18:07:41,538 INFO L290 TraceCheckUtils]: 25: Hoare triple {1621#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {1621#true} is VALID [2022-02-20 18:07:41,538 INFO L290 TraceCheckUtils]: 26: Hoare triple {1621#true} assume true; {1621#true} is VALID [2022-02-20 18:07:41,538 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {1621#true} {1623#(= ~pumpRunning~0 0)} #240#return; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,539 INFO L290 TraceCheckUtils]: 28: Hoare triple {1623#(= ~pumpRunning~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {1623#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:07:41,539 INFO L290 TraceCheckUtils]: 29: Hoare triple {1623#(= ~pumpRunning~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1627#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:07:41,540 INFO L290 TraceCheckUtils]: 30: Hoare triple {1627#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {1628#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:07:41,540 INFO L290 TraceCheckUtils]: 31: Hoare triple {1628#(= |timeShift___utac_acc__Specification2_spec__2_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1622#false} is VALID [2022-02-20 18:07:41,540 INFO L290 TraceCheckUtils]: 32: Hoare triple {1622#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1622#false} is VALID [2022-02-20 18:07:41,541 INFO L290 TraceCheckUtils]: 33: Hoare triple {1622#false} assume !false; {1622#false} is VALID [2022-02-20 18:07:41,541 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:41,541 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:41,541 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [285275301] [2022-02-20 18:07:41,541 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [285275301] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:41,542 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:41,542 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:07:41,542 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1726574934] [2022-02-20 18:07:41,542 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:41,543 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:41,543 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:41,543 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,564 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:41,565 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:07:41,565 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:41,565 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:07:41,565 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:41,566 INFO L87 Difference]: Start difference. First operand 103 states and 134 transitions. Second operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,748 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:41,748 INFO L93 Difference]: Finished difference Result 243 states and 324 transitions. [2022-02-20 18:07:41,749 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:41,749 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:41,749 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:41,749 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,752 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 227 transitions. [2022-02-20 18:07:41,752 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,754 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 227 transitions. [2022-02-20 18:07:41,755 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 227 transitions. [2022-02-20 18:07:41,908 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 227 edges. 227 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:41,911 INFO L225 Difference]: With dead ends: 243 [2022-02-20 18:07:41,911 INFO L226 Difference]: Without dead ends: 148 [2022-02-20 18:07:41,912 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:07:41,912 INFO L933 BasicCegarLoop]: 91 mSDtfsCounter, 57 mSDsluCounter, 235 mSDsCounter, 0 mSdLazyCounter, 22 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 326 SdHoareTripleChecker+Invalid, 30 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 22 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:41,913 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [57 Valid, 326 Invalid, 30 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 22 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:41,913 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 148 states. [2022-02-20 18:07:41,920 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 148 to 139. [2022-02-20 18:07:41,920 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:41,921 INFO L82 GeneralOperation]: Start isEquivalent. First operand 148 states. Second operand has 139 states, 109 states have (on average 1.2935779816513762) internal successors, (141), 118 states have internal predecessors, (141), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:41,921 INFO L74 IsIncluded]: Start isIncluded. First operand 148 states. Second operand has 139 states, 109 states have (on average 1.2935779816513762) internal successors, (141), 118 states have internal predecessors, (141), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:41,922 INFO L87 Difference]: Start difference. First operand 148 states. Second operand has 139 states, 109 states have (on average 1.2935779816513762) internal successors, (141), 118 states have internal predecessors, (141), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:41,925 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:41,926 INFO L93 Difference]: Finished difference Result 148 states and 188 transitions. [2022-02-20 18:07:41,926 INFO L276 IsEmpty]: Start isEmpty. Operand 148 states and 188 transitions. [2022-02-20 18:07:41,926 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:41,926 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:41,927 INFO L74 IsIncluded]: Start isIncluded. First operand has 139 states, 109 states have (on average 1.2935779816513762) internal successors, (141), 118 states have internal predecessors, (141), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) Second operand 148 states. [2022-02-20 18:07:41,927 INFO L87 Difference]: Start difference. First operand has 139 states, 109 states have (on average 1.2935779816513762) internal successors, (141), 118 states have internal predecessors, (141), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) Second operand 148 states. [2022-02-20 18:07:41,931 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:41,931 INFO L93 Difference]: Finished difference Result 148 states and 188 transitions. [2022-02-20 18:07:41,931 INFO L276 IsEmpty]: Start isEmpty. Operand 148 states and 188 transitions. [2022-02-20 18:07:41,931 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:41,932 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:41,932 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:41,932 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:41,932 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 139 states, 109 states have (on average 1.2935779816513762) internal successors, (141), 118 states have internal predecessors, (141), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:41,935 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 139 states to 139 states and 175 transitions. [2022-02-20 18:07:41,936 INFO L78 Accepts]: Start accepts. Automaton has 139 states and 175 transitions. Word has length 34 [2022-02-20 18:07:41,936 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:41,936 INFO L470 AbstractCegarLoop]: Abstraction has 139 states and 175 transitions. [2022-02-20 18:07:41,936 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.2) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:41,936 INFO L276 IsEmpty]: Start isEmpty. Operand 139 states and 175 transitions. [2022-02-20 18:07:41,937 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-02-20 18:07:41,937 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:41,937 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:41,937 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:07:41,938 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:41,938 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:41,938 INFO L85 PathProgramCache]: Analyzing trace with hash -925495430, now seen corresponding path program 1 times [2022-02-20 18:07:41,938 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:41,938 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1813286327] [2022-02-20 18:07:41,939 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:41,939 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:41,957 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:41,984 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:07:41,985 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:41,987 INFO L290 TraceCheckUtils]: 0: Hoare triple {2465#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {2465#true} is VALID [2022-02-20 18:07:41,987 INFO L290 TraceCheckUtils]: 1: Hoare triple {2465#true} assume true; {2465#true} is VALID [2022-02-20 18:07:41,987 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2465#true} {2466#false} #234#return; {2466#false} is VALID [2022-02-20 18:07:41,987 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:07:41,988 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:41,990 INFO L290 TraceCheckUtils]: 0: Hoare triple {2465#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {2465#true} is VALID [2022-02-20 18:07:41,990 INFO L290 TraceCheckUtils]: 1: Hoare triple {2465#true} assume true; {2465#true} is VALID [2022-02-20 18:07:41,990 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2465#true} {2466#false} #240#return; {2466#false} is VALID [2022-02-20 18:07:41,991 INFO L290 TraceCheckUtils]: 0: Hoare triple {2465#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {2465#true} is VALID [2022-02-20 18:07:41,991 INFO L290 TraceCheckUtils]: 1: Hoare triple {2465#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {2465#true} is VALID [2022-02-20 18:07:41,991 INFO L290 TraceCheckUtils]: 2: Hoare triple {2465#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2465#true} is VALID [2022-02-20 18:07:41,991 INFO L290 TraceCheckUtils]: 3: Hoare triple {2465#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {2465#true} is VALID [2022-02-20 18:07:41,991 INFO L290 TraceCheckUtils]: 4: Hoare triple {2465#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {2465#true} is VALID [2022-02-20 18:07:41,991 INFO L290 TraceCheckUtils]: 5: Hoare triple {2465#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {2465#true} is VALID [2022-02-20 18:07:41,992 INFO L290 TraceCheckUtils]: 6: Hoare triple {2465#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {2465#true} is VALID [2022-02-20 18:07:41,992 INFO L290 TraceCheckUtils]: 7: Hoare triple {2465#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2465#true} is VALID [2022-02-20 18:07:41,992 INFO L290 TraceCheckUtils]: 8: Hoare triple {2465#true} assume !false; {2465#true} is VALID [2022-02-20 18:07:41,992 INFO L290 TraceCheckUtils]: 9: Hoare triple {2465#true} assume test_~splverifierCounter~0#1 < 4; {2465#true} is VALID [2022-02-20 18:07:41,992 INFO L290 TraceCheckUtils]: 10: Hoare triple {2465#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2465#true} is VALID [2022-02-20 18:07:41,992 INFO L290 TraceCheckUtils]: 11: Hoare triple {2465#true} assume !(0 != test_~tmp~0#1); {2465#true} is VALID [2022-02-20 18:07:41,992 INFO L290 TraceCheckUtils]: 12: Hoare triple {2465#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2465#true} is VALID [2022-02-20 18:07:41,993 INFO L290 TraceCheckUtils]: 13: Hoare triple {2465#true} assume !(0 != test_~tmp___0~0#1); {2465#true} is VALID [2022-02-20 18:07:41,993 INFO L290 TraceCheckUtils]: 14: Hoare triple {2465#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2465#true} is VALID [2022-02-20 18:07:41,993 INFO L290 TraceCheckUtils]: 15: Hoare triple {2465#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {2465#true} is VALID [2022-02-20 18:07:41,993 INFO L290 TraceCheckUtils]: 16: Hoare triple {2465#true} assume { :end_inline_startSystem } true; {2465#true} is VALID [2022-02-20 18:07:41,993 INFO L272 TraceCheckUtils]: 17: Hoare triple {2465#true} call timeShift(); {2465#true} is VALID [2022-02-20 18:07:41,993 INFO L290 TraceCheckUtils]: 18: Hoare triple {2465#true} assume !(0 != ~pumpRunning~0); {2465#true} is VALID [2022-02-20 18:07:41,994 INFO L290 TraceCheckUtils]: 19: Hoare triple {2465#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2465#true} is VALID [2022-02-20 18:07:41,994 INFO L290 TraceCheckUtils]: 20: Hoare triple {2465#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {2465#true} is VALID [2022-02-20 18:07:41,994 INFO L290 TraceCheckUtils]: 21: Hoare triple {2465#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~8#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {2465#true} is VALID [2022-02-20 18:07:41,994 INFO L290 TraceCheckUtils]: 22: Hoare triple {2465#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {2465#true} is VALID [2022-02-20 18:07:41,994 INFO L290 TraceCheckUtils]: 23: Hoare triple {2465#true} assume 0 != isHighWaterLevel_~tmp~3#1;isHighWaterLevel_~tmp___0~1#1 := 0; {2467#(= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0)} is VALID [2022-02-20 18:07:41,995 INFO L290 TraceCheckUtils]: 24: Hoare triple {2467#(= |timeShift_isHighWaterLevel_~tmp___0~1#1| 0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {2468#(= |timeShift_isHighWaterLevel_#res#1| 0)} is VALID [2022-02-20 18:07:41,995 INFO L290 TraceCheckUtils]: 25: Hoare triple {2468#(= |timeShift_isHighWaterLevel_#res#1| 0)} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {2469#(= |timeShift_processEnvironment_~tmp~1#1| 0)} is VALID [2022-02-20 18:07:41,996 INFO L290 TraceCheckUtils]: 26: Hoare triple {2469#(= |timeShift_processEnvironment_~tmp~1#1| 0)} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {2466#false} is VALID [2022-02-20 18:07:41,996 INFO L272 TraceCheckUtils]: 27: Hoare triple {2466#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {2465#true} is VALID [2022-02-20 18:07:41,996 INFO L290 TraceCheckUtils]: 28: Hoare triple {2465#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {2465#true} is VALID [2022-02-20 18:07:41,996 INFO L290 TraceCheckUtils]: 29: Hoare triple {2465#true} assume true; {2465#true} is VALID [2022-02-20 18:07:41,996 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {2465#true} {2466#false} #234#return; {2466#false} is VALID [2022-02-20 18:07:41,996 INFO L290 TraceCheckUtils]: 31: Hoare triple {2466#false} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {2466#false} is VALID [2022-02-20 18:07:41,997 INFO L290 TraceCheckUtils]: 32: Hoare triple {2466#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {2466#false} is VALID [2022-02-20 18:07:41,997 INFO L290 TraceCheckUtils]: 33: Hoare triple {2466#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {2466#false} is VALID [2022-02-20 18:07:41,997 INFO L290 TraceCheckUtils]: 34: Hoare triple {2466#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {2466#false} is VALID [2022-02-20 18:07:41,997 INFO L290 TraceCheckUtils]: 35: Hoare triple {2466#false} assume { :end_inline_activatePump } true; {2466#false} is VALID [2022-02-20 18:07:41,997 INFO L290 TraceCheckUtils]: 36: Hoare triple {2466#false} assume { :end_inline_processEnvironment } true; {2466#false} is VALID [2022-02-20 18:07:41,997 INFO L290 TraceCheckUtils]: 37: Hoare triple {2466#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {2466#false} is VALID [2022-02-20 18:07:41,998 INFO L272 TraceCheckUtils]: 38: Hoare triple {2466#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {2465#true} is VALID [2022-02-20 18:07:41,998 INFO L290 TraceCheckUtils]: 39: Hoare triple {2465#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {2465#true} is VALID [2022-02-20 18:07:41,998 INFO L290 TraceCheckUtils]: 40: Hoare triple {2465#true} assume true; {2465#true} is VALID [2022-02-20 18:07:41,998 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {2465#true} {2466#false} #240#return; {2466#false} is VALID [2022-02-20 18:07:41,998 INFO L290 TraceCheckUtils]: 42: Hoare triple {2466#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {2466#false} is VALID [2022-02-20 18:07:41,998 INFO L290 TraceCheckUtils]: 43: Hoare triple {2466#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {2466#false} is VALID [2022-02-20 18:07:41,998 INFO L290 TraceCheckUtils]: 44: Hoare triple {2466#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {2466#false} is VALID [2022-02-20 18:07:41,999 INFO L290 TraceCheckUtils]: 45: Hoare triple {2466#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {2466#false} is VALID [2022-02-20 18:07:41,999 INFO L290 TraceCheckUtils]: 46: Hoare triple {2466#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {2466#false} is VALID [2022-02-20 18:07:41,999 INFO L290 TraceCheckUtils]: 47: Hoare triple {2466#false} assume !false; {2466#false} is VALID [2022-02-20 18:07:41,999 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:41,999 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:42,000 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1813286327] [2022-02-20 18:07:42,000 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1813286327] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:42,000 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:42,000 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:07:42,000 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1658619981] [2022-02-20 18:07:42,000 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:42,001 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 48 [2022-02-20 18:07:42,001 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:42,001 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,026 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 46 edges. 46 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:42,027 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:07:42,027 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:42,027 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:07:42,028 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:42,028 INFO L87 Difference]: Start difference. First operand 139 states and 175 transitions. Second operand has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,227 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,228 INFO L93 Difference]: Finished difference Result 294 states and 382 transitions. [2022-02-20 18:07:42,228 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:42,228 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 48 [2022-02-20 18:07:42,228 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:42,228 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,230 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 197 transitions. [2022-02-20 18:07:42,231 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,232 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 197 transitions. [2022-02-20 18:07:42,232 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 197 transitions. [2022-02-20 18:07:42,360 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 197 edges. 197 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:42,363 INFO L225 Difference]: With dead ends: 294 [2022-02-20 18:07:42,363 INFO L226 Difference]: Without dead ends: 163 [2022-02-20 18:07:42,364 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:07:42,364 INFO L933 BasicCegarLoop]: 108 mSDtfsCounter, 33 mSDsluCounter, 278 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 35 SdHoareTripleChecker+Valid, 386 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:42,365 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [35 Valid, 386 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:42,365 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 163 states. [2022-02-20 18:07:42,372 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 163 to 142. [2022-02-20 18:07:42,372 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:42,373 INFO L82 GeneralOperation]: Start isEquivalent. First operand 163 states. Second operand has 142 states, 112 states have (on average 1.2857142857142858) internal successors, (144), 121 states have internal predecessors, (144), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,373 INFO L74 IsIncluded]: Start isIncluded. First operand 163 states. Second operand has 142 states, 112 states have (on average 1.2857142857142858) internal successors, (144), 121 states have internal predecessors, (144), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,374 INFO L87 Difference]: Start difference. First operand 163 states. Second operand has 142 states, 112 states have (on average 1.2857142857142858) internal successors, (144), 121 states have internal predecessors, (144), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,378 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,378 INFO L93 Difference]: Finished difference Result 163 states and 208 transitions. [2022-02-20 18:07:42,378 INFO L276 IsEmpty]: Start isEmpty. Operand 163 states and 208 transitions. [2022-02-20 18:07:42,378 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:42,379 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:42,379 INFO L74 IsIncluded]: Start isIncluded. First operand has 142 states, 112 states have (on average 1.2857142857142858) internal successors, (144), 121 states have internal predecessors, (144), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) Second operand 163 states. [2022-02-20 18:07:42,379 INFO L87 Difference]: Start difference. First operand has 142 states, 112 states have (on average 1.2857142857142858) internal successors, (144), 121 states have internal predecessors, (144), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) Second operand 163 states. [2022-02-20 18:07:42,383 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,383 INFO L93 Difference]: Finished difference Result 163 states and 208 transitions. [2022-02-20 18:07:42,384 INFO L276 IsEmpty]: Start isEmpty. Operand 163 states and 208 transitions. [2022-02-20 18:07:42,384 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:42,384 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:42,384 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:42,384 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:42,385 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 142 states, 112 states have (on average 1.2857142857142858) internal successors, (144), 121 states have internal predecessors, (144), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,388 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 142 states to 142 states and 178 transitions. [2022-02-20 18:07:42,388 INFO L78 Accepts]: Start accepts. Automaton has 142 states and 178 transitions. Word has length 48 [2022-02-20 18:07:42,388 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:42,389 INFO L470 AbstractCegarLoop]: Abstraction has 142 states and 178 transitions. [2022-02-20 18:07:42,389 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.2) internal successors, (41), 5 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,389 INFO L276 IsEmpty]: Start isEmpty. Operand 142 states and 178 transitions. [2022-02-20 18:07:42,389 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-02-20 18:07:42,389 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:42,390 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:42,390 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:07:42,390 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:42,390 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:42,390 INFO L85 PathProgramCache]: Analyzing trace with hash -784946820, now seen corresponding path program 1 times [2022-02-20 18:07:42,391 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:42,391 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1016284248] [2022-02-20 18:07:42,391 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:42,391 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:42,407 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,426 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:07:42,427 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,429 INFO L290 TraceCheckUtils]: 0: Hoare triple {3418#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {3418#true} is VALID [2022-02-20 18:07:42,429 INFO L290 TraceCheckUtils]: 1: Hoare triple {3418#true} assume true; {3418#true} is VALID [2022-02-20 18:07:42,429 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3418#true} {3419#false} #234#return; {3419#false} is VALID [2022-02-20 18:07:42,430 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:07:42,430 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,432 INFO L290 TraceCheckUtils]: 0: Hoare triple {3418#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {3418#true} is VALID [2022-02-20 18:07:42,432 INFO L290 TraceCheckUtils]: 1: Hoare triple {3418#true} assume true; {3418#true} is VALID [2022-02-20 18:07:42,432 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3418#true} {3419#false} #240#return; {3419#false} is VALID [2022-02-20 18:07:42,432 INFO L290 TraceCheckUtils]: 0: Hoare triple {3418#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {3418#true} is VALID [2022-02-20 18:07:42,432 INFO L290 TraceCheckUtils]: 1: Hoare triple {3418#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {3418#true} is VALID [2022-02-20 18:07:42,433 INFO L290 TraceCheckUtils]: 2: Hoare triple {3418#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3418#true} is VALID [2022-02-20 18:07:42,433 INFO L290 TraceCheckUtils]: 3: Hoare triple {3418#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {3418#true} is VALID [2022-02-20 18:07:42,433 INFO L290 TraceCheckUtils]: 4: Hoare triple {3418#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {3418#true} is VALID [2022-02-20 18:07:42,433 INFO L290 TraceCheckUtils]: 5: Hoare triple {3418#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {3418#true} is VALID [2022-02-20 18:07:42,433 INFO L290 TraceCheckUtils]: 6: Hoare triple {3418#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {3418#true} is VALID [2022-02-20 18:07:42,433 INFO L290 TraceCheckUtils]: 7: Hoare triple {3418#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3418#true} is VALID [2022-02-20 18:07:42,434 INFO L290 TraceCheckUtils]: 8: Hoare triple {3418#true} assume !false; {3418#true} is VALID [2022-02-20 18:07:42,434 INFO L290 TraceCheckUtils]: 9: Hoare triple {3418#true} assume test_~splverifierCounter~0#1 < 4; {3418#true} is VALID [2022-02-20 18:07:42,434 INFO L290 TraceCheckUtils]: 10: Hoare triple {3418#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {3418#true} is VALID [2022-02-20 18:07:42,434 INFO L290 TraceCheckUtils]: 11: Hoare triple {3418#true} assume !(0 != test_~tmp~0#1); {3418#true} is VALID [2022-02-20 18:07:42,434 INFO L290 TraceCheckUtils]: 12: Hoare triple {3418#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {3418#true} is VALID [2022-02-20 18:07:42,434 INFO L290 TraceCheckUtils]: 13: Hoare triple {3418#true} assume !(0 != test_~tmp___0~0#1); {3418#true} is VALID [2022-02-20 18:07:42,434 INFO L290 TraceCheckUtils]: 14: Hoare triple {3418#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {3418#true} is VALID [2022-02-20 18:07:42,435 INFO L290 TraceCheckUtils]: 15: Hoare triple {3418#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {3418#true} is VALID [2022-02-20 18:07:42,435 INFO L290 TraceCheckUtils]: 16: Hoare triple {3418#true} assume { :end_inline_startSystem } true; {3418#true} is VALID [2022-02-20 18:07:42,435 INFO L272 TraceCheckUtils]: 17: Hoare triple {3418#true} call timeShift(); {3418#true} is VALID [2022-02-20 18:07:42,435 INFO L290 TraceCheckUtils]: 18: Hoare triple {3418#true} assume !(0 != ~pumpRunning~0); {3418#true} is VALID [2022-02-20 18:07:42,435 INFO L290 TraceCheckUtils]: 19: Hoare triple {3418#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {3418#true} is VALID [2022-02-20 18:07:42,435 INFO L290 TraceCheckUtils]: 20: Hoare triple {3418#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {3418#true} is VALID [2022-02-20 18:07:42,436 INFO L290 TraceCheckUtils]: 21: Hoare triple {3418#true} assume ~waterLevel~0 < 2;isHighWaterSensorDry_~retValue_acc~8#1 := 1;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {3420#(= |timeShift_isHighWaterSensorDry_#res#1| 1)} is VALID [2022-02-20 18:07:42,436 INFO L290 TraceCheckUtils]: 22: Hoare triple {3420#(= |timeShift_isHighWaterSensorDry_#res#1| 1)} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {3421#(= (+ |timeShift_isHighWaterLevel_~tmp~3#1| (- 1)) 0)} is VALID [2022-02-20 18:07:42,437 INFO L290 TraceCheckUtils]: 23: Hoare triple {3421#(= (+ |timeShift_isHighWaterLevel_~tmp~3#1| (- 1)) 0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {3419#false} is VALID [2022-02-20 18:07:42,437 INFO L290 TraceCheckUtils]: 24: Hoare triple {3419#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {3419#false} is VALID [2022-02-20 18:07:42,437 INFO L290 TraceCheckUtils]: 25: Hoare triple {3419#false} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {3419#false} is VALID [2022-02-20 18:07:42,437 INFO L290 TraceCheckUtils]: 26: Hoare triple {3419#false} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {3419#false} is VALID [2022-02-20 18:07:42,437 INFO L272 TraceCheckUtils]: 27: Hoare triple {3419#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {3418#true} is VALID [2022-02-20 18:07:42,437 INFO L290 TraceCheckUtils]: 28: Hoare triple {3418#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {3418#true} is VALID [2022-02-20 18:07:42,438 INFO L290 TraceCheckUtils]: 29: Hoare triple {3418#true} assume true; {3418#true} is VALID [2022-02-20 18:07:42,438 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {3418#true} {3419#false} #234#return; {3419#false} is VALID [2022-02-20 18:07:42,438 INFO L290 TraceCheckUtils]: 31: Hoare triple {3419#false} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {3419#false} is VALID [2022-02-20 18:07:42,438 INFO L290 TraceCheckUtils]: 32: Hoare triple {3419#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {3419#false} is VALID [2022-02-20 18:07:42,438 INFO L290 TraceCheckUtils]: 33: Hoare triple {3419#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {3419#false} is VALID [2022-02-20 18:07:42,438 INFO L290 TraceCheckUtils]: 34: Hoare triple {3419#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {3419#false} is VALID [2022-02-20 18:07:42,438 INFO L290 TraceCheckUtils]: 35: Hoare triple {3419#false} assume { :end_inline_activatePump } true; {3419#false} is VALID [2022-02-20 18:07:42,439 INFO L290 TraceCheckUtils]: 36: Hoare triple {3419#false} assume { :end_inline_processEnvironment } true; {3419#false} is VALID [2022-02-20 18:07:42,439 INFO L290 TraceCheckUtils]: 37: Hoare triple {3419#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {3419#false} is VALID [2022-02-20 18:07:42,439 INFO L272 TraceCheckUtils]: 38: Hoare triple {3419#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {3418#true} is VALID [2022-02-20 18:07:42,439 INFO L290 TraceCheckUtils]: 39: Hoare triple {3418#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {3418#true} is VALID [2022-02-20 18:07:42,439 INFO L290 TraceCheckUtils]: 40: Hoare triple {3418#true} assume true; {3418#true} is VALID [2022-02-20 18:07:42,439 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {3418#true} {3419#false} #240#return; {3419#false} is VALID [2022-02-20 18:07:42,440 INFO L290 TraceCheckUtils]: 42: Hoare triple {3419#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {3419#false} is VALID [2022-02-20 18:07:42,440 INFO L290 TraceCheckUtils]: 43: Hoare triple {3419#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {3419#false} is VALID [2022-02-20 18:07:42,440 INFO L290 TraceCheckUtils]: 44: Hoare triple {3419#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {3419#false} is VALID [2022-02-20 18:07:42,440 INFO L290 TraceCheckUtils]: 45: Hoare triple {3419#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {3419#false} is VALID [2022-02-20 18:07:42,440 INFO L290 TraceCheckUtils]: 46: Hoare triple {3419#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {3419#false} is VALID [2022-02-20 18:07:42,440 INFO L290 TraceCheckUtils]: 47: Hoare triple {3419#false} assume !false; {3419#false} is VALID [2022-02-20 18:07:42,441 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:42,441 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:42,441 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1016284248] [2022-02-20 18:07:42,441 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1016284248] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:42,441 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:42,441 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:07:42,441 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2134833264] [2022-02-20 18:07:42,442 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:42,442 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.25) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 48 [2022-02-20 18:07:42,442 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:42,442 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 10.25) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,470 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 46 edges. 46 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:42,470 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:07:42,471 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:42,471 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:07:42,471 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:07:42,472 INFO L87 Difference]: Start difference. First operand 142 states and 178 transitions. Second operand has 4 states, 4 states have (on average 10.25) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,599 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,600 INFO L93 Difference]: Finished difference Result 292 states and 376 transitions. [2022-02-20 18:07:42,600 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:07:42,600 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.25) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 48 [2022-02-20 18:07:42,600 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:42,600 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 10.25) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,602 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 187 transitions. [2022-02-20 18:07:42,602 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 10.25) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,604 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 187 transitions. [2022-02-20 18:07:42,604 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 187 transitions. [2022-02-20 18:07:42,721 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 187 edges. 187 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:42,724 INFO L225 Difference]: With dead ends: 292 [2022-02-20 18:07:42,724 INFO L226 Difference]: Without dead ends: 158 [2022-02-20 18:07:42,725 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 9 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:42,726 INFO L933 BasicCegarLoop]: 97 mSDtfsCounter, 27 mSDsluCounter, 170 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 27 SdHoareTripleChecker+Valid, 267 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:42,726 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [27 Valid, 267 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:42,727 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 158 states. [2022-02-20 18:07:42,734 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 158 to 144. [2022-02-20 18:07:42,734 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:42,734 INFO L82 GeneralOperation]: Start isEquivalent. First operand 158 states. Second operand has 144 states, 114 states have (on average 1.280701754385965) internal successors, (146), 123 states have internal predecessors, (146), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,735 INFO L74 IsIncluded]: Start isIncluded. First operand 158 states. Second operand has 144 states, 114 states have (on average 1.280701754385965) internal successors, (146), 123 states have internal predecessors, (146), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,735 INFO L87 Difference]: Start difference. First operand 158 states. Second operand has 144 states, 114 states have (on average 1.280701754385965) internal successors, (146), 123 states have internal predecessors, (146), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,739 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,739 INFO L93 Difference]: Finished difference Result 158 states and 199 transitions. [2022-02-20 18:07:42,739 INFO L276 IsEmpty]: Start isEmpty. Operand 158 states and 199 transitions. [2022-02-20 18:07:42,740 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:42,740 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:42,740 INFO L74 IsIncluded]: Start isIncluded. First operand has 144 states, 114 states have (on average 1.280701754385965) internal successors, (146), 123 states have internal predecessors, (146), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) Second operand 158 states. [2022-02-20 18:07:42,741 INFO L87 Difference]: Start difference. First operand has 144 states, 114 states have (on average 1.280701754385965) internal successors, (146), 123 states have internal predecessors, (146), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) Second operand 158 states. [2022-02-20 18:07:42,746 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,746 INFO L93 Difference]: Finished difference Result 158 states and 199 transitions. [2022-02-20 18:07:42,746 INFO L276 IsEmpty]: Start isEmpty. Operand 158 states and 199 transitions. [2022-02-20 18:07:42,746 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:42,747 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:42,747 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:42,747 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:42,747 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 144 states, 114 states have (on average 1.280701754385965) internal successors, (146), 123 states have internal predecessors, (146), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (19), 15 states have call predecessors, (19), 15 states have call successors, (19) [2022-02-20 18:07:42,750 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 144 states to 144 states and 180 transitions. [2022-02-20 18:07:42,751 INFO L78 Accepts]: Start accepts. Automaton has 144 states and 180 transitions. Word has length 48 [2022-02-20 18:07:42,751 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:42,751 INFO L470 AbstractCegarLoop]: Abstraction has 144 states and 180 transitions. [2022-02-20 18:07:42,751 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.25) internal successors, (41), 4 states have internal predecessors, (41), 2 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,751 INFO L276 IsEmpty]: Start isEmpty. Operand 144 states and 180 transitions. [2022-02-20 18:07:42,752 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-02-20 18:07:42,752 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:42,752 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:42,752 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:07:42,752 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:42,753 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:42,753 INFO L85 PathProgramCache]: Analyzing trace with hash 962872849, now seen corresponding path program 1 times [2022-02-20 18:07:42,753 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:42,753 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1337511123] [2022-02-20 18:07:42,753 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:42,753 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:42,775 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,789 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 30 [2022-02-20 18:07:42,790 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,791 INFO L290 TraceCheckUtils]: 0: Hoare triple {4358#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {4358#true} is VALID [2022-02-20 18:07:42,791 INFO L290 TraceCheckUtils]: 1: Hoare triple {4358#true} assume true; {4358#true} is VALID [2022-02-20 18:07:42,792 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4358#true} {4359#false} #234#return; {4359#false} is VALID [2022-02-20 18:07:42,792 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 41 [2022-02-20 18:07:42,792 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:42,794 INFO L290 TraceCheckUtils]: 0: Hoare triple {4358#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {4358#true} is VALID [2022-02-20 18:07:42,794 INFO L290 TraceCheckUtils]: 1: Hoare triple {4358#true} assume true; {4358#true} is VALID [2022-02-20 18:07:42,794 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {4358#true} {4359#false} #240#return; {4359#false} is VALID [2022-02-20 18:07:42,794 INFO L290 TraceCheckUtils]: 0: Hoare triple {4358#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {4358#true} is VALID [2022-02-20 18:07:42,794 INFO L290 TraceCheckUtils]: 1: Hoare triple {4358#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {4358#true} is VALID [2022-02-20 18:07:42,795 INFO L290 TraceCheckUtils]: 2: Hoare triple {4358#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4358#true} is VALID [2022-02-20 18:07:42,795 INFO L290 TraceCheckUtils]: 3: Hoare triple {4358#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {4358#true} is VALID [2022-02-20 18:07:42,795 INFO L290 TraceCheckUtils]: 4: Hoare triple {4358#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {4358#true} is VALID [2022-02-20 18:07:42,795 INFO L290 TraceCheckUtils]: 5: Hoare triple {4358#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {4358#true} is VALID [2022-02-20 18:07:42,795 INFO L290 TraceCheckUtils]: 6: Hoare triple {4358#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {4358#true} is VALID [2022-02-20 18:07:42,795 INFO L290 TraceCheckUtils]: 7: Hoare triple {4358#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {4358#true} is VALID [2022-02-20 18:07:42,796 INFO L290 TraceCheckUtils]: 8: Hoare triple {4358#true} assume !false; {4358#true} is VALID [2022-02-20 18:07:42,796 INFO L290 TraceCheckUtils]: 9: Hoare triple {4358#true} assume test_~splverifierCounter~0#1 < 4; {4358#true} is VALID [2022-02-20 18:07:42,796 INFO L290 TraceCheckUtils]: 10: Hoare triple {4358#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {4358#true} is VALID [2022-02-20 18:07:42,796 INFO L290 TraceCheckUtils]: 11: Hoare triple {4358#true} assume !(0 != test_~tmp~0#1); {4358#true} is VALID [2022-02-20 18:07:42,796 INFO L290 TraceCheckUtils]: 12: Hoare triple {4358#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {4358#true} is VALID [2022-02-20 18:07:42,796 INFO L290 TraceCheckUtils]: 13: Hoare triple {4358#true} assume !(0 != test_~tmp___0~0#1); {4358#true} is VALID [2022-02-20 18:07:42,796 INFO L290 TraceCheckUtils]: 14: Hoare triple {4358#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {4358#true} is VALID [2022-02-20 18:07:42,797 INFO L290 TraceCheckUtils]: 15: Hoare triple {4358#true} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet7#1 && test_#t~nondet7#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {4358#true} is VALID [2022-02-20 18:07:42,797 INFO L290 TraceCheckUtils]: 16: Hoare triple {4358#true} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {4358#true} is VALID [2022-02-20 18:07:42,797 INFO L290 TraceCheckUtils]: 17: Hoare triple {4358#true} assume !(0 != ~pumpRunning~0); {4358#true} is VALID [2022-02-20 18:07:42,797 INFO L290 TraceCheckUtils]: 18: Hoare triple {4358#true} ~systemActive~0 := 0; {4360#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:07:42,798 INFO L290 TraceCheckUtils]: 19: Hoare triple {4360#(= 0 ~systemActive~0)} assume { :end_inline_stopSystem } true; {4360#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:07:42,798 INFO L272 TraceCheckUtils]: 20: Hoare triple {4360#(= 0 ~systemActive~0)} call timeShift(); {4360#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:07:42,798 INFO L290 TraceCheckUtils]: 21: Hoare triple {4360#(= 0 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {4360#(= 0 ~systemActive~0)} is VALID [2022-02-20 18:07:42,799 INFO L290 TraceCheckUtils]: 22: Hoare triple {4360#(= 0 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {4359#false} is VALID [2022-02-20 18:07:42,799 INFO L290 TraceCheckUtils]: 23: Hoare triple {4359#false} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {4359#false} is VALID [2022-02-20 18:07:42,799 INFO L290 TraceCheckUtils]: 24: Hoare triple {4359#false} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {4359#false} is VALID [2022-02-20 18:07:42,799 INFO L290 TraceCheckUtils]: 25: Hoare triple {4359#false} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {4359#false} is VALID [2022-02-20 18:07:42,799 INFO L290 TraceCheckUtils]: 26: Hoare triple {4359#false} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {4359#false} is VALID [2022-02-20 18:07:42,799 INFO L290 TraceCheckUtils]: 27: Hoare triple {4359#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {4359#false} is VALID [2022-02-20 18:07:42,799 INFO L290 TraceCheckUtils]: 28: Hoare triple {4359#false} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {4359#false} is VALID [2022-02-20 18:07:42,800 INFO L290 TraceCheckUtils]: 29: Hoare triple {4359#false} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {4359#false} is VALID [2022-02-20 18:07:42,800 INFO L272 TraceCheckUtils]: 30: Hoare triple {4359#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {4358#true} is VALID [2022-02-20 18:07:42,800 INFO L290 TraceCheckUtils]: 31: Hoare triple {4358#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {4358#true} is VALID [2022-02-20 18:07:42,800 INFO L290 TraceCheckUtils]: 32: Hoare triple {4358#true} assume true; {4358#true} is VALID [2022-02-20 18:07:42,800 INFO L284 TraceCheckUtils]: 33: Hoare quadruple {4358#true} {4359#false} #234#return; {4359#false} is VALID [2022-02-20 18:07:42,800 INFO L290 TraceCheckUtils]: 34: Hoare triple {4359#false} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {4359#false} is VALID [2022-02-20 18:07:42,800 INFO L290 TraceCheckUtils]: 35: Hoare triple {4359#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {4359#false} is VALID [2022-02-20 18:07:42,801 INFO L290 TraceCheckUtils]: 36: Hoare triple {4359#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {4359#false} is VALID [2022-02-20 18:07:42,801 INFO L290 TraceCheckUtils]: 37: Hoare triple {4359#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {4359#false} is VALID [2022-02-20 18:07:42,801 INFO L290 TraceCheckUtils]: 38: Hoare triple {4359#false} assume { :end_inline_activatePump } true; {4359#false} is VALID [2022-02-20 18:07:42,801 INFO L290 TraceCheckUtils]: 39: Hoare triple {4359#false} assume { :end_inline_processEnvironment } true; {4359#false} is VALID [2022-02-20 18:07:42,801 INFO L290 TraceCheckUtils]: 40: Hoare triple {4359#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {4359#false} is VALID [2022-02-20 18:07:42,801 INFO L272 TraceCheckUtils]: 41: Hoare triple {4359#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {4358#true} is VALID [2022-02-20 18:07:42,801 INFO L290 TraceCheckUtils]: 42: Hoare triple {4358#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {4358#true} is VALID [2022-02-20 18:07:42,802 INFO L290 TraceCheckUtils]: 43: Hoare triple {4358#true} assume true; {4358#true} is VALID [2022-02-20 18:07:42,802 INFO L284 TraceCheckUtils]: 44: Hoare quadruple {4358#true} {4359#false} #240#return; {4359#false} is VALID [2022-02-20 18:07:42,802 INFO L290 TraceCheckUtils]: 45: Hoare triple {4359#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {4359#false} is VALID [2022-02-20 18:07:42,802 INFO L290 TraceCheckUtils]: 46: Hoare triple {4359#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {4359#false} is VALID [2022-02-20 18:07:42,802 INFO L290 TraceCheckUtils]: 47: Hoare triple {4359#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {4359#false} is VALID [2022-02-20 18:07:42,802 INFO L290 TraceCheckUtils]: 48: Hoare triple {4359#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {4359#false} is VALID [2022-02-20 18:07:42,802 INFO L290 TraceCheckUtils]: 49: Hoare triple {4359#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {4359#false} is VALID [2022-02-20 18:07:42,803 INFO L290 TraceCheckUtils]: 50: Hoare triple {4359#false} assume !false; {4359#false} is VALID [2022-02-20 18:07:42,803 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:42,803 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:42,803 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1337511123] [2022-02-20 18:07:42,803 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1337511123] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:42,803 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:42,804 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:42,804 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1882609718] [2022-02-20 18:07:42,804 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:42,804 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 51 [2022-02-20 18:07:42,804 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:42,805 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,831 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 49 edges. 49 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:42,831 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:42,831 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:42,832 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:42,832 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:42,832 INFO L87 Difference]: Start difference. First operand 144 states and 180 transitions. Second operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,969 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:42,969 INFO L93 Difference]: Finished difference Result 282 states and 354 transitions. [2022-02-20 18:07:42,969 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:42,970 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 51 [2022-02-20 18:07:42,970 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:42,970 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,972 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 208 transitions. [2022-02-20 18:07:42,972 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:42,974 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 208 transitions. [2022-02-20 18:07:42,987 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 208 transitions. [2022-02-20 18:07:43,089 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 208 edges. 208 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:43,091 INFO L225 Difference]: With dead ends: 282 [2022-02-20 18:07:43,091 INFO L226 Difference]: Without dead ends: 146 [2022-02-20 18:07:43,092 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:43,092 INFO L933 BasicCegarLoop]: 115 mSDtfsCounter, 37 mSDsluCounter, 81 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 196 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:43,092 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [37 Valid, 196 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:43,093 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 146 states. [2022-02-20 18:07:43,098 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 146 to 144. [2022-02-20 18:07:43,099 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:43,099 INFO L82 GeneralOperation]: Start isEquivalent. First operand 146 states. Second operand has 144 states, 114 states have (on average 1.2719298245614035) internal successors, (145), 123 states have internal predecessors, (145), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (17), 15 states have call predecessors, (17), 15 states have call successors, (17) [2022-02-20 18:07:43,100 INFO L74 IsIncluded]: Start isIncluded. First operand 146 states. Second operand has 144 states, 114 states have (on average 1.2719298245614035) internal successors, (145), 123 states have internal predecessors, (145), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (17), 15 states have call predecessors, (17), 15 states have call successors, (17) [2022-02-20 18:07:43,100 INFO L87 Difference]: Start difference. First operand 146 states. Second operand has 144 states, 114 states have (on average 1.2719298245614035) internal successors, (145), 123 states have internal predecessors, (145), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (17), 15 states have call predecessors, (17), 15 states have call successors, (17) [2022-02-20 18:07:43,103 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,108 INFO L93 Difference]: Finished difference Result 146 states and 179 transitions. [2022-02-20 18:07:43,108 INFO L276 IsEmpty]: Start isEmpty. Operand 146 states and 179 transitions. [2022-02-20 18:07:43,109 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:43,109 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:43,110 INFO L74 IsIncluded]: Start isIncluded. First operand has 144 states, 114 states have (on average 1.2719298245614035) internal successors, (145), 123 states have internal predecessors, (145), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (17), 15 states have call predecessors, (17), 15 states have call successors, (17) Second operand 146 states. [2022-02-20 18:07:43,110 INFO L87 Difference]: Start difference. First operand has 144 states, 114 states have (on average 1.2719298245614035) internal successors, (145), 123 states have internal predecessors, (145), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (17), 15 states have call predecessors, (17), 15 states have call successors, (17) Second operand 146 states. [2022-02-20 18:07:43,112 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,127 INFO L93 Difference]: Finished difference Result 146 states and 179 transitions. [2022-02-20 18:07:43,127 INFO L276 IsEmpty]: Start isEmpty. Operand 146 states and 179 transitions. [2022-02-20 18:07:43,128 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:43,128 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:43,128 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:43,128 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:43,129 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 144 states, 114 states have (on average 1.2719298245614035) internal successors, (145), 123 states have internal predecessors, (145), 15 states have call successors, (15), 14 states have call predecessors, (15), 14 states have return successors, (17), 15 states have call predecessors, (17), 15 states have call successors, (17) [2022-02-20 18:07:43,131 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 144 states to 144 states and 177 transitions. [2022-02-20 18:07:43,131 INFO L78 Accepts]: Start accepts. Automaton has 144 states and 177 transitions. Word has length 51 [2022-02-20 18:07:43,131 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:43,131 INFO L470 AbstractCegarLoop]: Abstraction has 144 states and 177 transitions. [2022-02-20 18:07:43,132 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.666666666666666) internal successors, (44), 3 states have internal predecessors, (44), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:43,132 INFO L276 IsEmpty]: Start isEmpty. Operand 144 states and 177 transitions. [2022-02-20 18:07:43,132 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 49 [2022-02-20 18:07:43,132 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:43,132 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:43,132 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6 [2022-02-20 18:07:43,133 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:43,133 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:43,133 INFO L85 PathProgramCache]: Analyzing trace with hash 1138281214, now seen corresponding path program 1 times [2022-02-20 18:07:43,133 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:43,133 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1651390828] [2022-02-20 18:07:43,133 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:43,134 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:43,152 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:43,170 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 27 [2022-02-20 18:07:43,171 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:43,173 INFO L290 TraceCheckUtils]: 0: Hoare triple {5256#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {5256#true} is VALID [2022-02-20 18:07:43,174 INFO L290 TraceCheckUtils]: 1: Hoare triple {5256#true} assume true; {5256#true} is VALID [2022-02-20 18:07:43,174 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5256#true} {5257#false} #234#return; {5257#false} is VALID [2022-02-20 18:07:43,174 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 38 [2022-02-20 18:07:43,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:43,178 INFO L290 TraceCheckUtils]: 0: Hoare triple {5256#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {5256#true} is VALID [2022-02-20 18:07:43,178 INFO L290 TraceCheckUtils]: 1: Hoare triple {5256#true} assume true; {5256#true} is VALID [2022-02-20 18:07:43,178 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5256#true} {5257#false} #240#return; {5257#false} is VALID [2022-02-20 18:07:43,179 INFO L290 TraceCheckUtils]: 0: Hoare triple {5256#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,179 INFO L290 TraceCheckUtils]: 1: Hoare triple {5258#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,179 INFO L290 TraceCheckUtils]: 2: Hoare triple {5258#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,180 INFO L290 TraceCheckUtils]: 3: Hoare triple {5258#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,180 INFO L290 TraceCheckUtils]: 4: Hoare triple {5258#(= ~waterLevel~0 1)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,180 INFO L290 TraceCheckUtils]: 5: Hoare triple {5258#(= ~waterLevel~0 1)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,181 INFO L290 TraceCheckUtils]: 6: Hoare triple {5258#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,182 INFO L290 TraceCheckUtils]: 7: Hoare triple {5258#(= ~waterLevel~0 1)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,182 INFO L290 TraceCheckUtils]: 8: Hoare triple {5258#(= ~waterLevel~0 1)} assume !false; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,182 INFO L290 TraceCheckUtils]: 9: Hoare triple {5258#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,183 INFO L290 TraceCheckUtils]: 10: Hoare triple {5258#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,183 INFO L290 TraceCheckUtils]: 11: Hoare triple {5258#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~0#1); {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,183 INFO L290 TraceCheckUtils]: 12: Hoare triple {5258#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,184 INFO L290 TraceCheckUtils]: 13: Hoare triple {5258#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~0#1); {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,184 INFO L290 TraceCheckUtils]: 14: Hoare triple {5258#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,184 INFO L290 TraceCheckUtils]: 15: Hoare triple {5258#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,184 INFO L290 TraceCheckUtils]: 16: Hoare triple {5258#(= ~waterLevel~0 1)} assume { :end_inline_startSystem } true; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,185 INFO L272 TraceCheckUtils]: 17: Hoare triple {5258#(= ~waterLevel~0 1)} call timeShift(); {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,185 INFO L290 TraceCheckUtils]: 18: Hoare triple {5258#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,185 INFO L290 TraceCheckUtils]: 19: Hoare triple {5258#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,186 INFO L290 TraceCheckUtils]: 20: Hoare triple {5258#(= ~waterLevel~0 1)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {5258#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:07:43,186 INFO L290 TraceCheckUtils]: 21: Hoare triple {5258#(= ~waterLevel~0 1)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {5257#false} is VALID [2022-02-20 18:07:43,186 INFO L290 TraceCheckUtils]: 22: Hoare triple {5257#false} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {5257#false} is VALID [2022-02-20 18:07:43,186 INFO L290 TraceCheckUtils]: 23: Hoare triple {5257#false} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {5257#false} is VALID [2022-02-20 18:07:43,187 INFO L290 TraceCheckUtils]: 24: Hoare triple {5257#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {5257#false} is VALID [2022-02-20 18:07:43,187 INFO L290 TraceCheckUtils]: 25: Hoare triple {5257#false} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {5257#false} is VALID [2022-02-20 18:07:43,187 INFO L290 TraceCheckUtils]: 26: Hoare triple {5257#false} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {5257#false} is VALID [2022-02-20 18:07:43,187 INFO L272 TraceCheckUtils]: 27: Hoare triple {5257#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {5256#true} is VALID [2022-02-20 18:07:43,187 INFO L290 TraceCheckUtils]: 28: Hoare triple {5256#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {5256#true} is VALID [2022-02-20 18:07:43,187 INFO L290 TraceCheckUtils]: 29: Hoare triple {5256#true} assume true; {5256#true} is VALID [2022-02-20 18:07:43,187 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {5256#true} {5257#false} #234#return; {5257#false} is VALID [2022-02-20 18:07:43,188 INFO L290 TraceCheckUtils]: 31: Hoare triple {5257#false} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {5257#false} is VALID [2022-02-20 18:07:43,188 INFO L290 TraceCheckUtils]: 32: Hoare triple {5257#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {5257#false} is VALID [2022-02-20 18:07:43,188 INFO L290 TraceCheckUtils]: 33: Hoare triple {5257#false} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {5257#false} is VALID [2022-02-20 18:07:43,188 INFO L290 TraceCheckUtils]: 34: Hoare triple {5257#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {5257#false} is VALID [2022-02-20 18:07:43,188 INFO L290 TraceCheckUtils]: 35: Hoare triple {5257#false} assume { :end_inline_activatePump } true; {5257#false} is VALID [2022-02-20 18:07:43,188 INFO L290 TraceCheckUtils]: 36: Hoare triple {5257#false} assume { :end_inline_processEnvironment } true; {5257#false} is VALID [2022-02-20 18:07:43,188 INFO L290 TraceCheckUtils]: 37: Hoare triple {5257#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {5257#false} is VALID [2022-02-20 18:07:43,189 INFO L272 TraceCheckUtils]: 38: Hoare triple {5257#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {5256#true} is VALID [2022-02-20 18:07:43,189 INFO L290 TraceCheckUtils]: 39: Hoare triple {5256#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {5256#true} is VALID [2022-02-20 18:07:43,189 INFO L290 TraceCheckUtils]: 40: Hoare triple {5256#true} assume true; {5256#true} is VALID [2022-02-20 18:07:43,189 INFO L284 TraceCheckUtils]: 41: Hoare quadruple {5256#true} {5257#false} #240#return; {5257#false} is VALID [2022-02-20 18:07:43,189 INFO L290 TraceCheckUtils]: 42: Hoare triple {5257#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {5257#false} is VALID [2022-02-20 18:07:43,189 INFO L290 TraceCheckUtils]: 43: Hoare triple {5257#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {5257#false} is VALID [2022-02-20 18:07:43,189 INFO L290 TraceCheckUtils]: 44: Hoare triple {5257#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {5257#false} is VALID [2022-02-20 18:07:43,190 INFO L290 TraceCheckUtils]: 45: Hoare triple {5257#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {5257#false} is VALID [2022-02-20 18:07:43,190 INFO L290 TraceCheckUtils]: 46: Hoare triple {5257#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {5257#false} is VALID [2022-02-20 18:07:43,190 INFO L290 TraceCheckUtils]: 47: Hoare triple {5257#false} assume !false; {5257#false} is VALID [2022-02-20 18:07:43,190 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:43,190 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:43,190 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1651390828] [2022-02-20 18:07:43,190 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1651390828] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:43,191 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:43,191 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:43,191 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [749661575] [2022-02-20 18:07:43,191 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:43,191 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 13.666666666666666) internal successors, (41), 3 states have internal predecessors, (41), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 48 [2022-02-20 18:07:43,192 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:43,192 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 13.666666666666666) internal successors, (41), 3 states have internal predecessors, (41), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:43,218 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 46 edges. 46 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:43,218 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:43,218 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:43,218 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:43,218 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:43,219 INFO L87 Difference]: Start difference. First operand 144 states and 177 transitions. Second operand has 3 states, 3 states have (on average 13.666666666666666) internal successors, (41), 3 states have internal predecessors, (41), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:43,300 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,301 INFO L93 Difference]: Finished difference Result 355 states and 442 transitions. [2022-02-20 18:07:43,301 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:43,301 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 13.666666666666666) internal successors, (41), 3 states have internal predecessors, (41), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 48 [2022-02-20 18:07:43,301 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:43,301 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 13.666666666666666) internal successors, (41), 3 states have internal predecessors, (41), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:43,303 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 223 transitions. [2022-02-20 18:07:43,303 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 13.666666666666666) internal successors, (41), 3 states have internal predecessors, (41), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:43,304 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 223 transitions. [2022-02-20 18:07:43,305 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 223 transitions. [2022-02-20 18:07:43,444 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 223 edges. 223 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:43,448 INFO L225 Difference]: With dead ends: 355 [2022-02-20 18:07:43,448 INFO L226 Difference]: Without dead ends: 219 [2022-02-20 18:07:43,449 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 5 SyntacticMatches, 1 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:43,449 INFO L933 BasicCegarLoop]: 90 mSDtfsCounter, 38 mSDsluCounter, 74 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 38 SdHoareTripleChecker+Valid, 164 SdHoareTripleChecker+Invalid, 9 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:43,449 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [38 Valid, 164 Invalid, 9 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:43,450 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 219 states. [2022-02-20 18:07:43,456 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 219 to 219. [2022-02-20 18:07:43,456 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:43,457 INFO L82 GeneralOperation]: Start isEquivalent. First operand 219 states. Second operand has 219 states, 173 states have (on average 1.2485549132947977) internal successors, (216), 184 states have internal predecessors, (216), 24 states have call successors, (24), 23 states have call predecessors, (24), 21 states have return successors, (26), 22 states have call predecessors, (26), 24 states have call successors, (26) [2022-02-20 18:07:43,457 INFO L74 IsIncluded]: Start isIncluded. First operand 219 states. Second operand has 219 states, 173 states have (on average 1.2485549132947977) internal successors, (216), 184 states have internal predecessors, (216), 24 states have call successors, (24), 23 states have call predecessors, (24), 21 states have return successors, (26), 22 states have call predecessors, (26), 24 states have call successors, (26) [2022-02-20 18:07:43,458 INFO L87 Difference]: Start difference. First operand 219 states. Second operand has 219 states, 173 states have (on average 1.2485549132947977) internal successors, (216), 184 states have internal predecessors, (216), 24 states have call successors, (24), 23 states have call predecessors, (24), 21 states have return successors, (26), 22 states have call predecessors, (26), 24 states have call successors, (26) [2022-02-20 18:07:43,461 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,462 INFO L93 Difference]: Finished difference Result 219 states and 266 transitions. [2022-02-20 18:07:43,462 INFO L276 IsEmpty]: Start isEmpty. Operand 219 states and 266 transitions. [2022-02-20 18:07:43,462 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:43,462 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:43,463 INFO L74 IsIncluded]: Start isIncluded. First operand has 219 states, 173 states have (on average 1.2485549132947977) internal successors, (216), 184 states have internal predecessors, (216), 24 states have call successors, (24), 23 states have call predecessors, (24), 21 states have return successors, (26), 22 states have call predecessors, (26), 24 states have call successors, (26) Second operand 219 states. [2022-02-20 18:07:43,464 INFO L87 Difference]: Start difference. First operand has 219 states, 173 states have (on average 1.2485549132947977) internal successors, (216), 184 states have internal predecessors, (216), 24 states have call successors, (24), 23 states have call predecessors, (24), 21 states have return successors, (26), 22 states have call predecessors, (26), 24 states have call successors, (26) Second operand 219 states. [2022-02-20 18:07:43,467 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:43,467 INFO L93 Difference]: Finished difference Result 219 states and 266 transitions. [2022-02-20 18:07:43,467 INFO L276 IsEmpty]: Start isEmpty. Operand 219 states and 266 transitions. [2022-02-20 18:07:43,468 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:43,468 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:43,468 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:43,468 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:43,468 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 219 states, 173 states have (on average 1.2485549132947977) internal successors, (216), 184 states have internal predecessors, (216), 24 states have call successors, (24), 23 states have call predecessors, (24), 21 states have return successors, (26), 22 states have call predecessors, (26), 24 states have call successors, (26) [2022-02-20 18:07:43,472 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 219 states to 219 states and 266 transitions. [2022-02-20 18:07:43,473 INFO L78 Accepts]: Start accepts. Automaton has 219 states and 266 transitions. Word has length 48 [2022-02-20 18:07:43,473 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:43,473 INFO L470 AbstractCegarLoop]: Abstraction has 219 states and 266 transitions. [2022-02-20 18:07:43,473 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 13.666666666666666) internal successors, (41), 3 states have internal predecessors, (41), 2 states have call successors, (3), 2 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:43,473 INFO L276 IsEmpty]: Start isEmpty. Operand 219 states and 266 transitions. [2022-02-20 18:07:43,474 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2022-02-20 18:07:43,474 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:43,474 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:43,474 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable7 [2022-02-20 18:07:43,474 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:43,474 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:43,475 INFO L85 PathProgramCache]: Analyzing trace with hash -1635788712, now seen corresponding path program 1 times [2022-02-20 18:07:43,475 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:43,475 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1172092760] [2022-02-20 18:07:43,475 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:43,475 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:43,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:43,547 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:07:43,549 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:43,551 INFO L290 TraceCheckUtils]: 0: Hoare triple {6523#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {6506#true} is VALID [2022-02-20 18:07:43,551 INFO L290 TraceCheckUtils]: 1: Hoare triple {6506#true} assume true; {6506#true} is VALID [2022-02-20 18:07:43,551 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {6506#true} {6506#true} #242#return; {6506#true} is VALID [2022-02-20 18:07:43,551 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 31 [2022-02-20 18:07:43,552 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:43,559 INFO L290 TraceCheckUtils]: 0: Hoare triple {6506#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,560 INFO L290 TraceCheckUtils]: 1: Hoare triple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,560 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {6506#true} #234#return; {6514#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,560 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 42 [2022-02-20 18:07:43,561 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:43,564 INFO L290 TraceCheckUtils]: 0: Hoare triple {6506#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,565 INFO L290 TraceCheckUtils]: 1: Hoare triple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,565 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {6517#(= ~methaneLevelCritical~0 0)} #240#return; {6521#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret22#1| 0)} is VALID [2022-02-20 18:07:43,565 INFO L290 TraceCheckUtils]: 0: Hoare triple {6506#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {6506#true} is VALID [2022-02-20 18:07:43,565 INFO L290 TraceCheckUtils]: 1: Hoare triple {6506#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {6506#true} is VALID [2022-02-20 18:07:43,566 INFO L290 TraceCheckUtils]: 2: Hoare triple {6506#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {6506#true} is VALID [2022-02-20 18:07:43,566 INFO L290 TraceCheckUtils]: 3: Hoare triple {6506#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {6506#true} is VALID [2022-02-20 18:07:43,566 INFO L290 TraceCheckUtils]: 4: Hoare triple {6506#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {6506#true} is VALID [2022-02-20 18:07:43,566 INFO L290 TraceCheckUtils]: 5: Hoare triple {6506#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {6506#true} is VALID [2022-02-20 18:07:43,566 INFO L290 TraceCheckUtils]: 6: Hoare triple {6506#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {6506#true} is VALID [2022-02-20 18:07:43,566 INFO L290 TraceCheckUtils]: 7: Hoare triple {6506#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {6506#true} is VALID [2022-02-20 18:07:43,566 INFO L290 TraceCheckUtils]: 8: Hoare triple {6506#true} assume !false; {6506#true} is VALID [2022-02-20 18:07:43,567 INFO L290 TraceCheckUtils]: 9: Hoare triple {6506#true} assume test_~splverifierCounter~0#1 < 4; {6506#true} is VALID [2022-02-20 18:07:43,567 INFO L290 TraceCheckUtils]: 10: Hoare triple {6506#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {6506#true} is VALID [2022-02-20 18:07:43,567 INFO L290 TraceCheckUtils]: 11: Hoare triple {6506#true} assume 0 != test_~tmp~0#1; {6506#true} is VALID [2022-02-20 18:07:43,567 INFO L272 TraceCheckUtils]: 12: Hoare triple {6506#true} call waterRise(); {6523#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:07:43,567 INFO L290 TraceCheckUtils]: 13: Hoare triple {6523#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {6506#true} is VALID [2022-02-20 18:07:43,568 INFO L290 TraceCheckUtils]: 14: Hoare triple {6506#true} assume true; {6506#true} is VALID [2022-02-20 18:07:43,568 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {6506#true} {6506#true} #242#return; {6506#true} is VALID [2022-02-20 18:07:43,568 INFO L290 TraceCheckUtils]: 16: Hoare triple {6506#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {6506#true} is VALID [2022-02-20 18:07:43,568 INFO L290 TraceCheckUtils]: 17: Hoare triple {6506#true} assume !(0 != test_~tmp___0~0#1); {6506#true} is VALID [2022-02-20 18:07:43,568 INFO L290 TraceCheckUtils]: 18: Hoare triple {6506#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {6506#true} is VALID [2022-02-20 18:07:43,568 INFO L290 TraceCheckUtils]: 19: Hoare triple {6506#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {6506#true} is VALID [2022-02-20 18:07:43,568 INFO L290 TraceCheckUtils]: 20: Hoare triple {6506#true} assume { :end_inline_startSystem } true; {6506#true} is VALID [2022-02-20 18:07:43,569 INFO L272 TraceCheckUtils]: 21: Hoare triple {6506#true} call timeShift(); {6506#true} is VALID [2022-02-20 18:07:43,569 INFO L290 TraceCheckUtils]: 22: Hoare triple {6506#true} assume !(0 != ~pumpRunning~0); {6506#true} is VALID [2022-02-20 18:07:43,569 INFO L290 TraceCheckUtils]: 23: Hoare triple {6506#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {6506#true} is VALID [2022-02-20 18:07:43,569 INFO L290 TraceCheckUtils]: 24: Hoare triple {6506#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {6506#true} is VALID [2022-02-20 18:07:43,569 INFO L290 TraceCheckUtils]: 25: Hoare triple {6506#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {6506#true} is VALID [2022-02-20 18:07:43,569 INFO L290 TraceCheckUtils]: 26: Hoare triple {6506#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {6506#true} is VALID [2022-02-20 18:07:43,569 INFO L290 TraceCheckUtils]: 27: Hoare triple {6506#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {6506#true} is VALID [2022-02-20 18:07:43,570 INFO L290 TraceCheckUtils]: 28: Hoare triple {6506#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {6506#true} is VALID [2022-02-20 18:07:43,570 INFO L290 TraceCheckUtils]: 29: Hoare triple {6506#true} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {6506#true} is VALID [2022-02-20 18:07:43,570 INFO L290 TraceCheckUtils]: 30: Hoare triple {6506#true} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {6506#true} is VALID [2022-02-20 18:07:43,570 INFO L272 TraceCheckUtils]: 31: Hoare triple {6506#true} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {6506#true} is VALID [2022-02-20 18:07:43,570 INFO L290 TraceCheckUtils]: 32: Hoare triple {6506#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,571 INFO L290 TraceCheckUtils]: 33: Hoare triple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,571 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {6506#true} #234#return; {6514#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,572 INFO L290 TraceCheckUtils]: 35: Hoare triple {6514#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {6515#(= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)} is VALID [2022-02-20 18:07:43,572 INFO L290 TraceCheckUtils]: 36: Hoare triple {6515#(= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {6516#(= |timeShift_activatePump_~tmp~2#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,572 INFO L290 TraceCheckUtils]: 37: Hoare triple {6516#(= |timeShift_activatePump_~tmp~2#1| ~methaneLevelCritical~0)} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {6517#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:43,573 INFO L290 TraceCheckUtils]: 38: Hoare triple {6517#(= ~methaneLevelCritical~0 0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {6517#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:43,573 INFO L290 TraceCheckUtils]: 39: Hoare triple {6517#(= ~methaneLevelCritical~0 0)} assume { :end_inline_activatePump } true; {6517#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:43,573 INFO L290 TraceCheckUtils]: 40: Hoare triple {6517#(= ~methaneLevelCritical~0 0)} assume { :end_inline_processEnvironment } true; {6517#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:43,574 INFO L290 TraceCheckUtils]: 41: Hoare triple {6517#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {6517#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:43,574 INFO L272 TraceCheckUtils]: 42: Hoare triple {6517#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {6506#true} is VALID [2022-02-20 18:07:43,574 INFO L290 TraceCheckUtils]: 43: Hoare triple {6506#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,574 INFO L290 TraceCheckUtils]: 44: Hoare triple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:43,575 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {6524#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {6517#(= ~methaneLevelCritical~0 0)} #240#return; {6521#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret22#1| 0)} is VALID [2022-02-20 18:07:43,575 INFO L290 TraceCheckUtils]: 46: Hoare triple {6521#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret22#1| 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {6522#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~5#1| 0)} is VALID [2022-02-20 18:07:43,576 INFO L290 TraceCheckUtils]: 47: Hoare triple {6522#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~5#1| 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {6507#false} is VALID [2022-02-20 18:07:43,576 INFO L290 TraceCheckUtils]: 48: Hoare triple {6507#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {6507#false} is VALID [2022-02-20 18:07:43,576 INFO L290 TraceCheckUtils]: 49: Hoare triple {6507#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {6507#false} is VALID [2022-02-20 18:07:43,576 INFO L290 TraceCheckUtils]: 50: Hoare triple {6507#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {6507#false} is VALID [2022-02-20 18:07:43,576 INFO L290 TraceCheckUtils]: 51: Hoare triple {6507#false} assume !false; {6507#false} is VALID [2022-02-20 18:07:43,576 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:43,577 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:43,577 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1172092760] [2022-02-20 18:07:43,577 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1172092760] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:43,577 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:43,577 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [10] imperfect sequences [] total 10 [2022-02-20 18:07:43,577 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [111153889] [2022-02-20 18:07:43,577 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:43,578 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.3) internal successors, (43), 7 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:43,578 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:43,578 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 10 states, 10 states have (on average 4.3) internal successors, (43), 7 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:43,607 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:43,607 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 10 states [2022-02-20 18:07:43,608 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:43,608 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 10 interpolants. [2022-02-20 18:07:43,608 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=17, Invalid=73, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:07:43,608 INFO L87 Difference]: Start difference. First operand 219 states and 266 transitions. Second operand has 10 states, 10 states have (on average 4.3) internal successors, (43), 7 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:44,682 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:44,682 INFO L93 Difference]: Finished difference Result 782 states and 979 transitions. [2022-02-20 18:07:44,682 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 31 states. [2022-02-20 18:07:44,682 INFO L78 Accepts]: Start accepts. Automaton has has 10 states, 10 states have (on average 4.3) internal successors, (43), 7 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:44,683 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:44,683 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 4.3) internal successors, (43), 7 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:44,687 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 31 states to 31 states and 379 transitions. [2022-02-20 18:07:44,687 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 10 states, 10 states have (on average 4.3) internal successors, (43), 7 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:44,690 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 31 states to 31 states and 379 transitions. [2022-02-20 18:07:44,690 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 31 states and 379 transitions. [2022-02-20 18:07:44,915 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 379 edges. 379 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:44,932 INFO L225 Difference]: With dead ends: 782 [2022-02-20 18:07:44,932 INFO L226 Difference]: Without dead ends: 571 [2022-02-20 18:07:44,933 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 7 SyntacticMatches, 0 SemanticMatches, 32 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 258 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=199, Invalid=923, Unknown=0, NotChecked=0, Total=1122 [2022-02-20 18:07:44,933 INFO L933 BasicCegarLoop]: 102 mSDtfsCounter, 244 mSDsluCounter, 574 mSDsCounter, 0 mSdLazyCounter, 388 mSolverCounterSat, 63 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.3s Time, 0 mProtectedPredicate, 0 mProtectedAction, 254 SdHoareTripleChecker+Valid, 676 SdHoareTripleChecker+Invalid, 451 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 63 IncrementalHoareTripleChecker+Valid, 388 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.3s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:44,933 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [254 Valid, 676 Invalid, 451 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [63 Valid, 388 Invalid, 0 Unknown, 0 Unchecked, 0.3s Time] [2022-02-20 18:07:44,934 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 571 states. [2022-02-20 18:07:44,948 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 571 to 497. [2022-02-20 18:07:44,948 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:44,949 INFO L82 GeneralOperation]: Start isEquivalent. First operand 571 states. Second operand has 497 states, 390 states have (on average 1.2128205128205127) internal successors, (473), 417 states have internal predecessors, (473), 56 states have call successors, (56), 46 states have call predecessors, (56), 50 states have return successors, (75), 52 states have call predecessors, (75), 56 states have call successors, (75) [2022-02-20 18:07:44,950 INFO L74 IsIncluded]: Start isIncluded. First operand 571 states. Second operand has 497 states, 390 states have (on average 1.2128205128205127) internal successors, (473), 417 states have internal predecessors, (473), 56 states have call successors, (56), 46 states have call predecessors, (56), 50 states have return successors, (75), 52 states have call predecessors, (75), 56 states have call successors, (75) [2022-02-20 18:07:44,950 INFO L87 Difference]: Start difference. First operand 571 states. Second operand has 497 states, 390 states have (on average 1.2128205128205127) internal successors, (473), 417 states have internal predecessors, (473), 56 states have call successors, (56), 46 states have call predecessors, (56), 50 states have return successors, (75), 52 states have call predecessors, (75), 56 states have call successors, (75) [2022-02-20 18:07:44,964 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:44,964 INFO L93 Difference]: Finished difference Result 571 states and 691 transitions. [2022-02-20 18:07:44,964 INFO L276 IsEmpty]: Start isEmpty. Operand 571 states and 691 transitions. [2022-02-20 18:07:44,965 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:44,965 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:44,966 INFO L74 IsIncluded]: Start isIncluded. First operand has 497 states, 390 states have (on average 1.2128205128205127) internal successors, (473), 417 states have internal predecessors, (473), 56 states have call successors, (56), 46 states have call predecessors, (56), 50 states have return successors, (75), 52 states have call predecessors, (75), 56 states have call successors, (75) Second operand 571 states. [2022-02-20 18:07:44,967 INFO L87 Difference]: Start difference. First operand has 497 states, 390 states have (on average 1.2128205128205127) internal successors, (473), 417 states have internal predecessors, (473), 56 states have call successors, (56), 46 states have call predecessors, (56), 50 states have return successors, (75), 52 states have call predecessors, (75), 56 states have call successors, (75) Second operand 571 states. [2022-02-20 18:07:44,981 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:44,981 INFO L93 Difference]: Finished difference Result 571 states and 691 transitions. [2022-02-20 18:07:44,981 INFO L276 IsEmpty]: Start isEmpty. Operand 571 states and 691 transitions. [2022-02-20 18:07:44,982 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:44,982 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:44,982 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:44,982 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:44,983 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 497 states, 390 states have (on average 1.2128205128205127) internal successors, (473), 417 states have internal predecessors, (473), 56 states have call successors, (56), 46 states have call predecessors, (56), 50 states have return successors, (75), 52 states have call predecessors, (75), 56 states have call successors, (75) [2022-02-20 18:07:44,995 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 497 states to 497 states and 604 transitions. [2022-02-20 18:07:44,996 INFO L78 Accepts]: Start accepts. Automaton has 497 states and 604 transitions. Word has length 52 [2022-02-20 18:07:44,996 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:44,996 INFO L470 AbstractCegarLoop]: Abstraction has 497 states and 604 transitions. [2022-02-20 18:07:44,996 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 10 states, 10 states have (on average 4.3) internal successors, (43), 7 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 3 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:44,996 INFO L276 IsEmpty]: Start isEmpty. Operand 497 states and 604 transitions. [2022-02-20 18:07:44,997 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-02-20 18:07:44,997 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:44,998 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:44,998 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable8 [2022-02-20 18:07:44,998 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:44,998 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:44,998 INFO L85 PathProgramCache]: Analyzing trace with hash -1365206167, now seen corresponding path program 1 times [2022-02-20 18:07:44,999 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:44,999 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1902918154] [2022-02-20 18:07:44,999 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:44,999 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:45,020 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,041 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:07:45,043 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,057 INFO L290 TraceCheckUtils]: 0: Hoare triple {9534#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {9491#true} is VALID [2022-02-20 18:07:45,057 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,057 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9491#true} {9491#true} #242#return; {9491#true} is VALID [2022-02-20 18:07:45,063 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-02-20 18:07:45,068 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,074 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-20 18:07:45,075 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,076 INFO L290 TraceCheckUtils]: 0: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,077 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,077 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9491#true} {9491#true} #234#return; {9491#true} is VALID [2022-02-20 18:07:45,077 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:07:45,077 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,079 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9491#true} {9491#true} #240#return; {9491#true} is VALID [2022-02-20 18:07:45,079 INFO L290 TraceCheckUtils]: 0: Hoare triple {9535#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {9491#true} is VALID [2022-02-20 18:07:45,079 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L290 TraceCheckUtils]: 2: Hoare triple {9491#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L290 TraceCheckUtils]: 3: Hoare triple {9491#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L290 TraceCheckUtils]: 4: Hoare triple {9491#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L290 TraceCheckUtils]: 5: Hoare triple {9491#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L290 TraceCheckUtils]: 6: Hoare triple {9491#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L290 TraceCheckUtils]: 7: Hoare triple {9491#true} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L290 TraceCheckUtils]: 8: Hoare triple {9491#true} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {9491#true} is VALID [2022-02-20 18:07:45,080 INFO L272 TraceCheckUtils]: 9: Hoare triple {9491#true} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {9491#true} is VALID [2022-02-20 18:07:45,081 INFO L290 TraceCheckUtils]: 10: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,081 INFO L290 TraceCheckUtils]: 11: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,081 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {9491#true} {9491#true} #234#return; {9491#true} is VALID [2022-02-20 18:07:45,081 INFO L290 TraceCheckUtils]: 13: Hoare triple {9491#true} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {9491#true} is VALID [2022-02-20 18:07:45,081 INFO L290 TraceCheckUtils]: 14: Hoare triple {9491#true} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {9491#true} is VALID [2022-02-20 18:07:45,081 INFO L290 TraceCheckUtils]: 15: Hoare triple {9491#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9491#true} is VALID [2022-02-20 18:07:45,081 INFO L290 TraceCheckUtils]: 16: Hoare triple {9491#true} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L290 TraceCheckUtils]: 17: Hoare triple {9491#true} assume { :end_inline_activatePump } true; {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L290 TraceCheckUtils]: 18: Hoare triple {9491#true} assume { :end_inline_processEnvironment } true; {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L290 TraceCheckUtils]: 19: Hoare triple {9491#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L272 TraceCheckUtils]: 20: Hoare triple {9491#true} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L290 TraceCheckUtils]: 21: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L290 TraceCheckUtils]: 22: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {9491#true} {9491#true} #240#return; {9491#true} is VALID [2022-02-20 18:07:45,082 INFO L290 TraceCheckUtils]: 24: Hoare triple {9491#true} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {9491#true} is VALID [2022-02-20 18:07:45,083 INFO L290 TraceCheckUtils]: 25: Hoare triple {9491#true} assume !(0 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,083 INFO L290 TraceCheckUtils]: 26: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,084 INFO L290 TraceCheckUtils]: 27: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,084 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {9525#(= ~methAndRunningLastTime~0 0)} {9491#true} #246#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,087 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 57 [2022-02-20 18:07:45,088 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,090 INFO L290 TraceCheckUtils]: 0: Hoare triple {9542#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {9491#true} is VALID [2022-02-20 18:07:45,090 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,090 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9491#true} {9525#(= ~methAndRunningLastTime~0 0)} #244#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,090 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 70 [2022-02-20 18:07:45,091 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,092 INFO L290 TraceCheckUtils]: 0: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,093 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {9491#true} {9525#(= ~methAndRunningLastTime~0 0)} #238#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,093 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 75 [2022-02-20 18:07:45,094 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,095 INFO L290 TraceCheckUtils]: 0: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,095 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,096 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {9491#true} {9525#(= ~methAndRunningLastTime~0 0)} #240#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,096 INFO L290 TraceCheckUtils]: 0: Hoare triple {9491#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {9491#true} is VALID [2022-02-20 18:07:45,096 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {9491#true} is VALID [2022-02-20 18:07:45,096 INFO L290 TraceCheckUtils]: 2: Hoare triple {9491#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9491#true} is VALID [2022-02-20 18:07:45,096 INFO L290 TraceCheckUtils]: 3: Hoare triple {9491#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 4: Hoare triple {9491#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 5: Hoare triple {9491#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 6: Hoare triple {9491#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 7: Hoare triple {9491#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 8: Hoare triple {9491#true} assume !false; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 9: Hoare triple {9491#true} assume test_~splverifierCounter~0#1 < 4; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 10: Hoare triple {9491#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {9491#true} is VALID [2022-02-20 18:07:45,097 INFO L290 TraceCheckUtils]: 11: Hoare triple {9491#true} assume 0 != test_~tmp~0#1; {9491#true} is VALID [2022-02-20 18:07:45,098 INFO L272 TraceCheckUtils]: 12: Hoare triple {9491#true} call waterRise(); {9534#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:07:45,098 INFO L290 TraceCheckUtils]: 13: Hoare triple {9534#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {9491#true} is VALID [2022-02-20 18:07:45,098 INFO L290 TraceCheckUtils]: 14: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,098 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {9491#true} {9491#true} #242#return; {9491#true} is VALID [2022-02-20 18:07:45,098 INFO L290 TraceCheckUtils]: 16: Hoare triple {9491#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9491#true} is VALID [2022-02-20 18:07:45,098 INFO L290 TraceCheckUtils]: 17: Hoare triple {9491#true} assume !(0 != test_~tmp___0~0#1); {9491#true} is VALID [2022-02-20 18:07:45,099 INFO L290 TraceCheckUtils]: 18: Hoare triple {9491#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {9491#true} is VALID [2022-02-20 18:07:45,099 INFO L290 TraceCheckUtils]: 19: Hoare triple {9491#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {9491#true} is VALID [2022-02-20 18:07:45,099 INFO L290 TraceCheckUtils]: 20: Hoare triple {9491#true} assume { :end_inline_startSystem } true; {9491#true} is VALID [2022-02-20 18:07:45,099 INFO L272 TraceCheckUtils]: 21: Hoare triple {9491#true} call timeShift(); {9535#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} is VALID [2022-02-20 18:07:45,099 INFO L290 TraceCheckUtils]: 22: Hoare triple {9535#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 23: Hoare triple {9491#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 24: Hoare triple {9491#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 25: Hoare triple {9491#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 26: Hoare triple {9491#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 27: Hoare triple {9491#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 28: Hoare triple {9491#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 29: Hoare triple {9491#true} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {9491#true} is VALID [2022-02-20 18:07:45,100 INFO L290 TraceCheckUtils]: 30: Hoare triple {9491#true} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L272 TraceCheckUtils]: 31: Hoare triple {9491#true} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L290 TraceCheckUtils]: 32: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L290 TraceCheckUtils]: 33: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9491#true} {9491#true} #234#return; {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L290 TraceCheckUtils]: 35: Hoare triple {9491#true} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L290 TraceCheckUtils]: 36: Hoare triple {9491#true} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L290 TraceCheckUtils]: 37: Hoare triple {9491#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9491#true} is VALID [2022-02-20 18:07:45,101 INFO L290 TraceCheckUtils]: 38: Hoare triple {9491#true} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L290 TraceCheckUtils]: 39: Hoare triple {9491#true} assume { :end_inline_activatePump } true; {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L290 TraceCheckUtils]: 40: Hoare triple {9491#true} assume { :end_inline_processEnvironment } true; {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L290 TraceCheckUtils]: 41: Hoare triple {9491#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L272 TraceCheckUtils]: 42: Hoare triple {9491#true} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L290 TraceCheckUtils]: 43: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L290 TraceCheckUtils]: 44: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {9491#true} {9491#true} #240#return; {9491#true} is VALID [2022-02-20 18:07:45,102 INFO L290 TraceCheckUtils]: 46: Hoare triple {9491#true} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {9491#true} is VALID [2022-02-20 18:07:45,103 INFO L290 TraceCheckUtils]: 47: Hoare triple {9491#true} assume !(0 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,103 INFO L290 TraceCheckUtils]: 48: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,103 INFO L290 TraceCheckUtils]: 49: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,104 INFO L284 TraceCheckUtils]: 50: Hoare quadruple {9525#(= ~methAndRunningLastTime~0 0)} {9491#true} #246#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,104 INFO L290 TraceCheckUtils]: 51: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume !false; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,104 INFO L290 TraceCheckUtils]: 52: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume test_~splverifierCounter~0#1 < 4; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,105 INFO L290 TraceCheckUtils]: 53: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,135 INFO L290 TraceCheckUtils]: 54: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume !(0 != test_~tmp~0#1); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,136 INFO L290 TraceCheckUtils]: 55: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,136 INFO L290 TraceCheckUtils]: 56: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != test_~tmp___0~0#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,137 INFO L272 TraceCheckUtils]: 57: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call changeMethaneLevel(); {9542#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:45,137 INFO L290 TraceCheckUtils]: 58: Hoare triple {9542#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {9491#true} is VALID [2022-02-20 18:07:45,137 INFO L290 TraceCheckUtils]: 59: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,137 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9491#true} {9525#(= ~methAndRunningLastTime~0 0)} #244#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,137 INFO L290 TraceCheckUtils]: 61: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,138 INFO L290 TraceCheckUtils]: 62: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,138 INFO L290 TraceCheckUtils]: 63: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_startSystem } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,138 INFO L272 TraceCheckUtils]: 64: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call timeShift(); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,139 INFO L290 TraceCheckUtils]: 65: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,139 INFO L290 TraceCheckUtils]: 66: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,139 INFO L290 TraceCheckUtils]: 67: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_lowerWaterLevel } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,139 INFO L290 TraceCheckUtils]: 68: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,140 INFO L290 TraceCheckUtils]: 69: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume !(0 == ~pumpRunning~0); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,140 INFO L272 TraceCheckUtils]: 70: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call processEnvironment__wrappee__base(); {9491#true} is VALID [2022-02-20 18:07:45,140 INFO L290 TraceCheckUtils]: 71: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,140 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {9491#true} {9525#(= ~methAndRunningLastTime~0 0)} #238#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,141 INFO L290 TraceCheckUtils]: 73: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_processEnvironment } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,141 INFO L290 TraceCheckUtils]: 74: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,141 INFO L272 TraceCheckUtils]: 75: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {9491#true} is VALID [2022-02-20 18:07:45,141 INFO L290 TraceCheckUtils]: 76: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,141 INFO L290 TraceCheckUtils]: 77: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,141 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {9491#true} {9525#(= ~methAndRunningLastTime~0 0)} #240#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,142 INFO L290 TraceCheckUtils]: 79: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,142 INFO L290 TraceCheckUtils]: 80: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,142 INFO L290 TraceCheckUtils]: 81: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,143 INFO L290 TraceCheckUtils]: 82: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,143 INFO L290 TraceCheckUtils]: 83: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {9492#false} is VALID [2022-02-20 18:07:45,143 INFO L290 TraceCheckUtils]: 84: Hoare triple {9492#false} assume !false; {9492#false} is VALID [2022-02-20 18:07:45,143 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 17 proven. 1 refuted. 0 times theorem prover too weak. 9 trivial. 0 not checked. [2022-02-20 18:07:45,143 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:45,143 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1902918154] [2022-02-20 18:07:45,143 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1902918154] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:07:45,143 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [918505940] [2022-02-20 18:07:45,144 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:45,144 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:07:45,144 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:45,155 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:07:45,180 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:07:45,244 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,269 INFO L263 TraceCheckSpWp]: Trace formula consists of 447 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:07:45,280 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:45,285 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:45,485 INFO L290 TraceCheckUtils]: 0: Hoare triple {9491#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {9491#true} is VALID [2022-02-20 18:07:45,485 INFO L290 TraceCheckUtils]: 1: Hoare triple {9491#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {9491#true} is VALID [2022-02-20 18:07:45,485 INFO L290 TraceCheckUtils]: 2: Hoare triple {9491#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {9491#true} is VALID [2022-02-20 18:07:45,485 INFO L290 TraceCheckUtils]: 3: Hoare triple {9491#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {9491#true} is VALID [2022-02-20 18:07:45,485 INFO L290 TraceCheckUtils]: 4: Hoare triple {9491#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L290 TraceCheckUtils]: 5: Hoare triple {9491#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L290 TraceCheckUtils]: 6: Hoare triple {9491#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L290 TraceCheckUtils]: 7: Hoare triple {9491#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L290 TraceCheckUtils]: 8: Hoare triple {9491#true} assume !false; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L290 TraceCheckUtils]: 9: Hoare triple {9491#true} assume test_~splverifierCounter~0#1 < 4; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L290 TraceCheckUtils]: 10: Hoare triple {9491#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L290 TraceCheckUtils]: 11: Hoare triple {9491#true} assume 0 != test_~tmp~0#1; {9491#true} is VALID [2022-02-20 18:07:45,486 INFO L272 TraceCheckUtils]: 12: Hoare triple {9491#true} call waterRise(); {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L290 TraceCheckUtils]: 13: Hoare triple {9491#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L290 TraceCheckUtils]: 14: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {9491#true} {9491#true} #242#return; {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L290 TraceCheckUtils]: 16: Hoare triple {9491#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L290 TraceCheckUtils]: 17: Hoare triple {9491#true} assume !(0 != test_~tmp___0~0#1); {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L290 TraceCheckUtils]: 18: Hoare triple {9491#true} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L290 TraceCheckUtils]: 19: Hoare triple {9491#true} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L290 TraceCheckUtils]: 20: Hoare triple {9491#true} assume { :end_inline_startSystem } true; {9491#true} is VALID [2022-02-20 18:07:45,487 INFO L272 TraceCheckUtils]: 21: Hoare triple {9491#true} call timeShift(); {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 22: Hoare triple {9491#true} assume !(0 != ~pumpRunning~0); {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 23: Hoare triple {9491#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 24: Hoare triple {9491#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 25: Hoare triple {9491#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 26: Hoare triple {9491#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 27: Hoare triple {9491#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 28: Hoare triple {9491#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {9491#true} is VALID [2022-02-20 18:07:45,488 INFO L290 TraceCheckUtils]: 29: Hoare triple {9491#true} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L290 TraceCheckUtils]: 30: Hoare triple {9491#true} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L272 TraceCheckUtils]: 31: Hoare triple {9491#true} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L290 TraceCheckUtils]: 32: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L290 TraceCheckUtils]: 33: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {9491#true} {9491#true} #234#return; {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L290 TraceCheckUtils]: 35: Hoare triple {9491#true} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L290 TraceCheckUtils]: 36: Hoare triple {9491#true} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {9491#true} is VALID [2022-02-20 18:07:45,489 INFO L290 TraceCheckUtils]: 37: Hoare triple {9491#true} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L290 TraceCheckUtils]: 38: Hoare triple {9491#true} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L290 TraceCheckUtils]: 39: Hoare triple {9491#true} assume { :end_inline_activatePump } true; {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L290 TraceCheckUtils]: 40: Hoare triple {9491#true} assume { :end_inline_processEnvironment } true; {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L290 TraceCheckUtils]: 41: Hoare triple {9491#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L272 TraceCheckUtils]: 42: Hoare triple {9491#true} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L290 TraceCheckUtils]: 43: Hoare triple {9491#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L290 TraceCheckUtils]: 44: Hoare triple {9491#true} assume true; {9491#true} is VALID [2022-02-20 18:07:45,490 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {9491#true} {9491#true} #240#return; {9491#true} is VALID [2022-02-20 18:07:45,491 INFO L290 TraceCheckUtils]: 46: Hoare triple {9491#true} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {9491#true} is VALID [2022-02-20 18:07:45,491 INFO L290 TraceCheckUtils]: 47: Hoare triple {9491#true} assume !(0 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,491 INFO L290 TraceCheckUtils]: 48: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,492 INFO L290 TraceCheckUtils]: 49: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,492 INFO L284 TraceCheckUtils]: 50: Hoare quadruple {9525#(= ~methAndRunningLastTime~0 0)} {9491#true} #246#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,492 INFO L290 TraceCheckUtils]: 51: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume !false; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,493 INFO L290 TraceCheckUtils]: 52: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume test_~splverifierCounter~0#1 < 4; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,493 INFO L290 TraceCheckUtils]: 53: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,493 INFO L290 TraceCheckUtils]: 54: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume !(0 != test_~tmp~0#1); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,493 INFO L290 TraceCheckUtils]: 55: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,494 INFO L290 TraceCheckUtils]: 56: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != test_~tmp___0~0#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,494 INFO L272 TraceCheckUtils]: 57: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call changeMethaneLevel(); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,494 INFO L290 TraceCheckUtils]: 58: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,495 INFO L290 TraceCheckUtils]: 59: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,495 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {9525#(= ~methAndRunningLastTime~0 0)} {9525#(= ~methAndRunningLastTime~0 0)} #244#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,495 INFO L290 TraceCheckUtils]: 61: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,496 INFO L290 TraceCheckUtils]: 62: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,496 INFO L290 TraceCheckUtils]: 63: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_startSystem } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,496 INFO L272 TraceCheckUtils]: 64: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call timeShift(); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,497 INFO L290 TraceCheckUtils]: 65: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,498 INFO L290 TraceCheckUtils]: 66: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,498 INFO L290 TraceCheckUtils]: 67: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_lowerWaterLevel } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,498 INFO L290 TraceCheckUtils]: 68: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,499 INFO L290 TraceCheckUtils]: 69: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume !(0 == ~pumpRunning~0); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,499 INFO L272 TraceCheckUtils]: 70: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call processEnvironment__wrappee__base(); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,499 INFO L290 TraceCheckUtils]: 71: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,500 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {9525#(= ~methAndRunningLastTime~0 0)} {9525#(= ~methAndRunningLastTime~0 0)} #238#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,500 INFO L290 TraceCheckUtils]: 73: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :end_inline_processEnvironment } true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,500 INFO L290 TraceCheckUtils]: 74: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,501 INFO L272 TraceCheckUtils]: 75: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,501 INFO L290 TraceCheckUtils]: 76: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,501 INFO L290 TraceCheckUtils]: 77: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume true; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,502 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {9525#(= ~methAndRunningLastTime~0 0)} {9525#(= ~methAndRunningLastTime~0 0)} #240#return; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,502 INFO L290 TraceCheckUtils]: 79: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,502 INFO L290 TraceCheckUtils]: 80: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,502 INFO L290 TraceCheckUtils]: 81: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,503 INFO L290 TraceCheckUtils]: 82: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {9525#(= ~methAndRunningLastTime~0 0)} is VALID [2022-02-20 18:07:45,503 INFO L290 TraceCheckUtils]: 83: Hoare triple {9525#(= ~methAndRunningLastTime~0 0)} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {9492#false} is VALID [2022-02-20 18:07:45,503 INFO L290 TraceCheckUtils]: 84: Hoare triple {9492#false} assume !false; {9492#false} is VALID [2022-02-20 18:07:45,504 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 24 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:45,504 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:45,504 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [918505940] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:45,504 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:07:45,504 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [6] total 6 [2022-02-20 18:07:45,504 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [933917433] [2022-02-20 18:07:45,505 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:45,505 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 85 [2022-02-20 18:07:45,505 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:45,505 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:07:45,561 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:45,561 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:45,561 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:45,562 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:45,562 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:45,562 INFO L87 Difference]: Start difference. First operand 497 states and 604 transitions. Second operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:07:45,664 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:45,664 INFO L93 Difference]: Finished difference Result 717 states and 884 transitions. [2022-02-20 18:07:45,664 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:45,665 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 85 [2022-02-20 18:07:45,665 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:45,666 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:07:45,667 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 168 transitions. [2022-02-20 18:07:45,667 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:07:45,668 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 168 transitions. [2022-02-20 18:07:45,668 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 168 transitions. [2022-02-20 18:07:45,766 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 168 edges. 168 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:45,790 INFO L225 Difference]: With dead ends: 717 [2022-02-20 18:07:45,790 INFO L226 Difference]: Without dead ends: 715 [2022-02-20 18:07:45,790 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 103 GetRequests, 99 SyntacticMatches, 0 SemanticMatches, 4 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 1 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:45,791 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 45 mSDsluCounter, 76 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 169 SdHoareTripleChecker+Invalid, 7 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:45,791 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 169 Invalid, 7 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:45,792 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 715 states. [2022-02-20 18:07:45,822 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 715 to 543. [2022-02-20 18:07:45,822 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:45,824 INFO L82 GeneralOperation]: Start isEquivalent. First operand 715 states. Second operand has 543 states, 425 states have (on average 1.223529411764706) internal successors, (520), 455 states have internal predecessors, (520), 61 states have call successors, (61), 51 states have call predecessors, (61), 56 states have return successors, (87), 57 states have call predecessors, (87), 61 states have call successors, (87) [2022-02-20 18:07:45,824 INFO L74 IsIncluded]: Start isIncluded. First operand 715 states. Second operand has 543 states, 425 states have (on average 1.223529411764706) internal successors, (520), 455 states have internal predecessors, (520), 61 states have call successors, (61), 51 states have call predecessors, (61), 56 states have return successors, (87), 57 states have call predecessors, (87), 61 states have call successors, (87) [2022-02-20 18:07:45,825 INFO L87 Difference]: Start difference. First operand 715 states. Second operand has 543 states, 425 states have (on average 1.223529411764706) internal successors, (520), 455 states have internal predecessors, (520), 61 states have call successors, (61), 51 states have call predecessors, (61), 56 states have return successors, (87), 57 states have call predecessors, (87), 61 states have call successors, (87) [2022-02-20 18:07:45,868 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:45,869 INFO L93 Difference]: Finished difference Result 715 states and 882 transitions. [2022-02-20 18:07:45,869 INFO L276 IsEmpty]: Start isEmpty. Operand 715 states and 882 transitions. [2022-02-20 18:07:45,870 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:45,870 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:45,893 INFO L74 IsIncluded]: Start isIncluded. First operand has 543 states, 425 states have (on average 1.223529411764706) internal successors, (520), 455 states have internal predecessors, (520), 61 states have call successors, (61), 51 states have call predecessors, (61), 56 states have return successors, (87), 57 states have call predecessors, (87), 61 states have call successors, (87) Second operand 715 states. [2022-02-20 18:07:45,894 INFO L87 Difference]: Start difference. First operand has 543 states, 425 states have (on average 1.223529411764706) internal successors, (520), 455 states have internal predecessors, (520), 61 states have call successors, (61), 51 states have call predecessors, (61), 56 states have return successors, (87), 57 states have call predecessors, (87), 61 states have call successors, (87) Second operand 715 states. [2022-02-20 18:07:45,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:45,955 INFO L93 Difference]: Finished difference Result 715 states and 882 transitions. [2022-02-20 18:07:45,955 INFO L276 IsEmpty]: Start isEmpty. Operand 715 states and 882 transitions. [2022-02-20 18:07:45,957 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:45,957 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:45,958 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:45,958 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:45,959 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 543 states, 425 states have (on average 1.223529411764706) internal successors, (520), 455 states have internal predecessors, (520), 61 states have call successors, (61), 51 states have call predecessors, (61), 56 states have return successors, (87), 57 states have call predecessors, (87), 61 states have call successors, (87) [2022-02-20 18:07:45,976 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 543 states to 543 states and 668 transitions. [2022-02-20 18:07:45,977 INFO L78 Accepts]: Start accepts. Automaton has 543 states and 668 transitions. Word has length 85 [2022-02-20 18:07:45,977 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:45,977 INFO L470 AbstractCegarLoop]: Abstraction has 543 states and 668 transitions. [2022-02-20 18:07:45,977 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:07:45,977 INFO L276 IsEmpty]: Start isEmpty. Operand 543 states and 668 transitions. [2022-02-20 18:07:46,002 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 122 [2022-02-20 18:07:46,002 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:46,002 INFO L514 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:46,035 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:46,221 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable9 [2022-02-20 18:07:46,222 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:46,222 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:46,222 INFO L85 PathProgramCache]: Analyzing trace with hash 1466698598, now seen corresponding path program 1 times [2022-02-20 18:07:46,222 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:46,222 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [711096579] [2022-02-20 18:07:46,222 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:46,222 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:46,253 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,303 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 12 [2022-02-20 18:07:46,304 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,306 INFO L290 TraceCheckUtils]: 0: Hoare triple {13052#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {12982#true} is VALID [2022-02-20 18:07:46,306 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,306 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12982#true} {12982#true} #242#return; {12982#true} is VALID [2022-02-20 18:07:46,310 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 18 [2022-02-20 18:07:46,311 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,319 INFO L290 TraceCheckUtils]: 0: Hoare triple {13053#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,320 INFO L290 TraceCheckUtils]: 1: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume true; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,320 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13054#(<= 1 ~methaneLevelCritical~0)} {12982#true} #244#return; {12992#(not (= ~methaneLevelCritical~0 0))} is VALID [2022-02-20 18:07:46,327 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 25 [2022-02-20 18:07:46,333 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,366 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 9 [2022-02-20 18:07:46,367 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,376 INFO L290 TraceCheckUtils]: 1: Hoare triple {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,376 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {12982#true} #234#return; {13059#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,377 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 20 [2022-02-20 18:07:46,377 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,379 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,379 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,379 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12982#true} {13062#(= ~methaneLevelCritical~0 0)} #240#return; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 0: Hoare triple {13055#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {12982#true} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {12982#true} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 2: Hoare triple {12982#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {12982#true} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 3: Hoare triple {12982#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {12982#true} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 4: Hoare triple {12982#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {12982#true} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 5: Hoare triple {12982#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {12982#true} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 6: Hoare triple {12982#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {12982#true} is VALID [2022-02-20 18:07:46,380 INFO L290 TraceCheckUtils]: 7: Hoare triple {12982#true} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {12982#true} is VALID [2022-02-20 18:07:46,381 INFO L290 TraceCheckUtils]: 8: Hoare triple {12982#true} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {12982#true} is VALID [2022-02-20 18:07:46,381 INFO L272 TraceCheckUtils]: 9: Hoare triple {12982#true} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {12982#true} is VALID [2022-02-20 18:07:46,381 INFO L290 TraceCheckUtils]: 10: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,381 INFO L290 TraceCheckUtils]: 11: Hoare triple {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,382 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {12982#true} #234#return; {13059#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,382 INFO L290 TraceCheckUtils]: 13: Hoare triple {13059#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {13060#(= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)} is VALID [2022-02-20 18:07:46,382 INFO L290 TraceCheckUtils]: 14: Hoare triple {13060#(= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {13061#(= |timeShift_activatePump_~tmp~2#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,383 INFO L290 TraceCheckUtils]: 15: Hoare triple {13061#(= |timeShift_activatePump_~tmp~2#1| ~methaneLevelCritical~0)} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,383 INFO L290 TraceCheckUtils]: 16: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,383 INFO L290 TraceCheckUtils]: 17: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline_activatePump } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,384 INFO L290 TraceCheckUtils]: 18: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline_processEnvironment } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,384 INFO L290 TraceCheckUtils]: 19: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,384 INFO L272 TraceCheckUtils]: 20: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12982#true} is VALID [2022-02-20 18:07:46,384 INFO L290 TraceCheckUtils]: 21: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,384 INFO L290 TraceCheckUtils]: 22: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,385 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {12982#true} {13062#(= ~methaneLevelCritical~0 0)} #240#return; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,385 INFO L290 TraceCheckUtils]: 24: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,385 INFO L290 TraceCheckUtils]: 25: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume !(0 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,386 INFO L290 TraceCheckUtils]: 26: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,386 INFO L290 TraceCheckUtils]: 27: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,386 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {13062#(= ~methaneLevelCritical~0 0)} {12992#(not (= ~methaneLevelCritical~0 0))} #246#return; {12983#false} is VALID [2022-02-20 18:07:46,387 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 61 [2022-02-20 18:07:46,387 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,389 INFO L290 TraceCheckUtils]: 0: Hoare triple {13053#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {12982#true} is VALID [2022-02-20 18:07:46,389 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,391 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12982#true} {12983#false} #244#return; {12983#false} is VALID [2022-02-20 18:07:46,391 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 68 [2022-02-20 18:07:46,395 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,399 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 5 [2022-02-20 18:07:46,400 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,402 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,403 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {12982#true} {12982#true} #238#return; {12982#true} is VALID [2022-02-20 18:07:46,403 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 10 [2022-02-20 18:07:46,403 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,406 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12982#true} {12982#true} #240#return; {12982#true} is VALID [2022-02-20 18:07:46,406 INFO L290 TraceCheckUtils]: 0: Hoare triple {13055#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {12982#true} is VALID [2022-02-20 18:07:46,406 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {12982#true} is VALID [2022-02-20 18:07:46,406 INFO L290 TraceCheckUtils]: 2: Hoare triple {12982#true} assume { :end_inline_lowerWaterLevel } true; {12982#true} is VALID [2022-02-20 18:07:46,406 INFO L290 TraceCheckUtils]: 3: Hoare triple {12982#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L290 TraceCheckUtils]: 4: Hoare triple {12982#true} assume !(0 == ~pumpRunning~0); {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L272 TraceCheckUtils]: 5: Hoare triple {12982#true} call processEnvironment__wrappee__base(); {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L290 TraceCheckUtils]: 6: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L284 TraceCheckUtils]: 7: Hoare quadruple {12982#true} {12982#true} #238#return; {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L290 TraceCheckUtils]: 8: Hoare triple {12982#true} assume { :end_inline_processEnvironment } true; {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L290 TraceCheckUtils]: 9: Hoare triple {12982#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L272 TraceCheckUtils]: 10: Hoare triple {12982#true} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12982#true} is VALID [2022-02-20 18:07:46,407 INFO L290 TraceCheckUtils]: 11: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L290 TraceCheckUtils]: 12: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L284 TraceCheckUtils]: 13: Hoare quadruple {12982#true} {12982#true} #240#return; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L290 TraceCheckUtils]: 14: Hoare triple {12982#true} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L290 TraceCheckUtils]: 15: Hoare triple {12982#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L290 TraceCheckUtils]: 16: Hoare triple {12982#true} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L290 TraceCheckUtils]: 17: Hoare triple {12982#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L290 TraceCheckUtils]: 18: Hoare triple {12982#true} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {12982#true} is VALID [2022-02-20 18:07:46,408 INFO L290 TraceCheckUtils]: 19: Hoare triple {12982#true} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {12982#true} is VALID [2022-02-20 18:07:46,409 INFO L290 TraceCheckUtils]: 20: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,409 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {12982#true} {12983#false} #246#return; {12983#false} is VALID [2022-02-20 18:07:46,409 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 106 [2022-02-20 18:07:46,409 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,411 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,411 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {12982#true} {12983#false} #238#return; {12983#false} is VALID [2022-02-20 18:07:46,412 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 111 [2022-02-20 18:07:46,412 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,414 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,414 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,414 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {12982#true} {12983#false} #240#return; {12983#false} is VALID [2022-02-20 18:07:46,414 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {12982#true} is VALID [2022-02-20 18:07:46,414 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {12982#true} is VALID [2022-02-20 18:07:46,414 INFO L290 TraceCheckUtils]: 2: Hoare triple {12982#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12982#true} is VALID [2022-02-20 18:07:46,415 INFO L290 TraceCheckUtils]: 3: Hoare triple {12982#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {12984#(= |ULTIMATE.start_valid_product_#res#1| 1)} is VALID [2022-02-20 18:07:46,415 INFO L290 TraceCheckUtils]: 4: Hoare triple {12984#(= |ULTIMATE.start_valid_product_#res#1| 1)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {12985#(= |ULTIMATE.start_main_~tmp~4#1| 1)} is VALID [2022-02-20 18:07:46,415 INFO L290 TraceCheckUtils]: 5: Hoare triple {12985#(= |ULTIMATE.start_main_~tmp~4#1| 1)} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {12982#true} is VALID [2022-02-20 18:07:46,415 INFO L290 TraceCheckUtils]: 6: Hoare triple {12982#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {12982#true} is VALID [2022-02-20 18:07:46,415 INFO L290 TraceCheckUtils]: 7: Hoare triple {12982#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {12982#true} is VALID [2022-02-20 18:07:46,416 INFO L290 TraceCheckUtils]: 8: Hoare triple {12982#true} assume !false; {12982#true} is VALID [2022-02-20 18:07:46,416 INFO L290 TraceCheckUtils]: 9: Hoare triple {12982#true} assume test_~splverifierCounter~0#1 < 4; {12982#true} is VALID [2022-02-20 18:07:46,416 INFO L290 TraceCheckUtils]: 10: Hoare triple {12982#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12982#true} is VALID [2022-02-20 18:07:46,416 INFO L290 TraceCheckUtils]: 11: Hoare triple {12982#true} assume 0 != test_~tmp~0#1; {12982#true} is VALID [2022-02-20 18:07:46,416 INFO L272 TraceCheckUtils]: 12: Hoare triple {12982#true} call waterRise(); {13052#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:07:46,416 INFO L290 TraceCheckUtils]: 13: Hoare triple {13052#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {12982#true} is VALID [2022-02-20 18:07:46,416 INFO L290 TraceCheckUtils]: 14: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,417 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {12982#true} {12982#true} #242#return; {12982#true} is VALID [2022-02-20 18:07:46,417 INFO L290 TraceCheckUtils]: 16: Hoare triple {12982#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12982#true} is VALID [2022-02-20 18:07:46,417 INFO L290 TraceCheckUtils]: 17: Hoare triple {12982#true} assume 0 != test_~tmp___0~0#1; {12982#true} is VALID [2022-02-20 18:07:46,417 INFO L272 TraceCheckUtils]: 18: Hoare triple {12982#true} call changeMethaneLevel(); {13053#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,418 INFO L290 TraceCheckUtils]: 19: Hoare triple {13053#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,418 INFO L290 TraceCheckUtils]: 20: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume true; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,418 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {13054#(<= 1 ~methaneLevelCritical~0)} {12982#true} #244#return; {12992#(not (= ~methaneLevelCritical~0 0))} is VALID [2022-02-20 18:07:46,418 INFO L290 TraceCheckUtils]: 22: Hoare triple {12992#(not (= ~methaneLevelCritical~0 0))} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12992#(not (= ~methaneLevelCritical~0 0))} is VALID [2022-02-20 18:07:46,419 INFO L290 TraceCheckUtils]: 23: Hoare triple {12992#(not (= ~methaneLevelCritical~0 0))} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {12992#(not (= ~methaneLevelCritical~0 0))} is VALID [2022-02-20 18:07:46,430 INFO L290 TraceCheckUtils]: 24: Hoare triple {12992#(not (= ~methaneLevelCritical~0 0))} assume { :end_inline_startSystem } true; {12992#(not (= ~methaneLevelCritical~0 0))} is VALID [2022-02-20 18:07:46,440 INFO L272 TraceCheckUtils]: 25: Hoare triple {12992#(not (= ~methaneLevelCritical~0 0))} call timeShift(); {13055#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} is VALID [2022-02-20 18:07:46,441 INFO L290 TraceCheckUtils]: 26: Hoare triple {13055#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume !(0 != ~pumpRunning~0); {12982#true} is VALID [2022-02-20 18:07:46,441 INFO L290 TraceCheckUtils]: 27: Hoare triple {12982#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {12982#true} is VALID [2022-02-20 18:07:46,441 INFO L290 TraceCheckUtils]: 28: Hoare triple {12982#true} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {12982#true} is VALID [2022-02-20 18:07:46,441 INFO L290 TraceCheckUtils]: 29: Hoare triple {12982#true} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {12982#true} is VALID [2022-02-20 18:07:46,441 INFO L290 TraceCheckUtils]: 30: Hoare triple {12982#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {12982#true} is VALID [2022-02-20 18:07:46,441 INFO L290 TraceCheckUtils]: 31: Hoare triple {12982#true} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {12982#true} is VALID [2022-02-20 18:07:46,441 INFO L290 TraceCheckUtils]: 32: Hoare triple {12982#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {12982#true} is VALID [2022-02-20 18:07:46,442 INFO L290 TraceCheckUtils]: 33: Hoare triple {12982#true} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {12982#true} is VALID [2022-02-20 18:07:46,442 INFO L290 TraceCheckUtils]: 34: Hoare triple {12982#true} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {12982#true} is VALID [2022-02-20 18:07:46,442 INFO L272 TraceCheckUtils]: 35: Hoare triple {12982#true} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {12982#true} is VALID [2022-02-20 18:07:46,442 INFO L290 TraceCheckUtils]: 36: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,442 INFO L290 TraceCheckUtils]: 37: Hoare triple {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} assume true; {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,443 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {13066#(= |isMethaneLevelCritical_#res| ~methaneLevelCritical~0)} {12982#true} #234#return; {13059#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,443 INFO L290 TraceCheckUtils]: 39: Hoare triple {13059#(= |timeShift_isMethaneAlarm_#t~ret10#1| ~methaneLevelCritical~0)} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {13060#(= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)} is VALID [2022-02-20 18:07:46,444 INFO L290 TraceCheckUtils]: 40: Hoare triple {13060#(= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|)} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {13061#(= |timeShift_activatePump_~tmp~2#1| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,444 INFO L290 TraceCheckUtils]: 41: Hoare triple {13061#(= |timeShift_activatePump_~tmp~2#1| ~methaneLevelCritical~0)} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,444 INFO L290 TraceCheckUtils]: 42: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,445 INFO L290 TraceCheckUtils]: 43: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline_activatePump } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,445 INFO L290 TraceCheckUtils]: 44: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline_processEnvironment } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,445 INFO L290 TraceCheckUtils]: 45: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,445 INFO L272 TraceCheckUtils]: 46: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12982#true} is VALID [2022-02-20 18:07:46,445 INFO L290 TraceCheckUtils]: 47: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,446 INFO L290 TraceCheckUtils]: 48: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,446 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {12982#true} {13062#(= ~methaneLevelCritical~0 0)} #240#return; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,446 INFO L290 TraceCheckUtils]: 50: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,447 INFO L290 TraceCheckUtils]: 51: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume !(0 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,447 INFO L290 TraceCheckUtils]: 52: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,447 INFO L290 TraceCheckUtils]: 53: Hoare triple {13062#(= ~methaneLevelCritical~0 0)} assume true; {13062#(= ~methaneLevelCritical~0 0)} is VALID [2022-02-20 18:07:46,447 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {13062#(= ~methaneLevelCritical~0 0)} {12992#(not (= ~methaneLevelCritical~0 0))} #246#return; {12983#false} is VALID [2022-02-20 18:07:46,448 INFO L290 TraceCheckUtils]: 55: Hoare triple {12983#false} assume !false; {12983#false} is VALID [2022-02-20 18:07:46,448 INFO L290 TraceCheckUtils]: 56: Hoare triple {12983#false} assume test_~splverifierCounter~0#1 < 4; {12983#false} is VALID [2022-02-20 18:07:46,448 INFO L290 TraceCheckUtils]: 57: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12983#false} is VALID [2022-02-20 18:07:46,448 INFO L290 TraceCheckUtils]: 58: Hoare triple {12983#false} assume !(0 != test_~tmp~0#1); {12983#false} is VALID [2022-02-20 18:07:46,448 INFO L290 TraceCheckUtils]: 59: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12983#false} is VALID [2022-02-20 18:07:46,448 INFO L290 TraceCheckUtils]: 60: Hoare triple {12983#false} assume 0 != test_~tmp___0~0#1; {12983#false} is VALID [2022-02-20 18:07:46,448 INFO L272 TraceCheckUtils]: 61: Hoare triple {12983#false} call changeMethaneLevel(); {13053#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,448 INFO L290 TraceCheckUtils]: 62: Hoare triple {13053#(= |old(~methaneLevelCritical~0)| ~methaneLevelCritical~0)} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {12982#true} is VALID [2022-02-20 18:07:46,449 INFO L290 TraceCheckUtils]: 63: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,449 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {12982#true} {12983#false} #244#return; {12983#false} is VALID [2022-02-20 18:07:46,449 INFO L290 TraceCheckUtils]: 65: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12983#false} is VALID [2022-02-20 18:07:46,449 INFO L290 TraceCheckUtils]: 66: Hoare triple {12983#false} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {12983#false} is VALID [2022-02-20 18:07:46,449 INFO L290 TraceCheckUtils]: 67: Hoare triple {12983#false} assume { :end_inline_startSystem } true; {12983#false} is VALID [2022-02-20 18:07:46,449 INFO L272 TraceCheckUtils]: 68: Hoare triple {12983#false} call timeShift(); {13055#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} is VALID [2022-02-20 18:07:46,449 INFO L290 TraceCheckUtils]: 69: Hoare triple {13055#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0) (= |old(~methAndRunningLastTime~0)| ~methAndRunningLastTime~0))} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {12982#true} is VALID [2022-02-20 18:07:46,449 INFO L290 TraceCheckUtils]: 70: Hoare triple {12982#true} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L290 TraceCheckUtils]: 71: Hoare triple {12982#true} assume { :end_inline_lowerWaterLevel } true; {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L290 TraceCheckUtils]: 72: Hoare triple {12982#true} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L290 TraceCheckUtils]: 73: Hoare triple {12982#true} assume !(0 == ~pumpRunning~0); {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L272 TraceCheckUtils]: 74: Hoare triple {12982#true} call processEnvironment__wrappee__base(); {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L290 TraceCheckUtils]: 75: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {12982#true} {12982#true} #238#return; {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L290 TraceCheckUtils]: 77: Hoare triple {12982#true} assume { :end_inline_processEnvironment } true; {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L290 TraceCheckUtils]: 78: Hoare triple {12982#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12982#true} is VALID [2022-02-20 18:07:46,450 INFO L272 TraceCheckUtils]: 79: Hoare triple {12982#true} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L290 TraceCheckUtils]: 80: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L290 TraceCheckUtils]: 81: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {12982#true} {12982#true} #240#return; {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L290 TraceCheckUtils]: 83: Hoare triple {12982#true} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L290 TraceCheckUtils]: 84: Hoare triple {12982#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L290 TraceCheckUtils]: 85: Hoare triple {12982#true} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L290 TraceCheckUtils]: 86: Hoare triple {12982#true} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12982#true} is VALID [2022-02-20 18:07:46,451 INFO L290 TraceCheckUtils]: 87: Hoare triple {12982#true} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {12982#true} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 88: Hoare triple {12982#true} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {12982#true} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 89: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,452 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {12982#true} {12983#false} #246#return; {12983#false} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 91: Hoare triple {12983#false} assume !false; {12983#false} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 92: Hoare triple {12983#false} assume test_~splverifierCounter~0#1 < 4; {12983#false} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 93: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12983#false} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 94: Hoare triple {12983#false} assume !(0 != test_~tmp~0#1); {12983#false} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 95: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12983#false} is VALID [2022-02-20 18:07:46,452 INFO L290 TraceCheckUtils]: 96: Hoare triple {12983#false} assume !(0 != test_~tmp___0~0#1); {12983#false} is VALID [2022-02-20 18:07:46,453 INFO L290 TraceCheckUtils]: 97: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12983#false} is VALID [2022-02-20 18:07:46,453 INFO L290 TraceCheckUtils]: 98: Hoare triple {12983#false} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {12983#false} is VALID [2022-02-20 18:07:46,453 INFO L290 TraceCheckUtils]: 99: Hoare triple {12983#false} assume { :end_inline_startSystem } true; {12983#false} is VALID [2022-02-20 18:07:46,453 INFO L272 TraceCheckUtils]: 100: Hoare triple {12983#false} call timeShift(); {12983#false} is VALID [2022-02-20 18:07:46,453 INFO L290 TraceCheckUtils]: 101: Hoare triple {12983#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {12983#false} is VALID [2022-02-20 18:07:46,453 INFO L290 TraceCheckUtils]: 102: Hoare triple {12983#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {12983#false} is VALID [2022-02-20 18:07:46,453 INFO L290 TraceCheckUtils]: 103: Hoare triple {12983#false} assume { :end_inline_lowerWaterLevel } true; {12983#false} is VALID [2022-02-20 18:07:46,454 INFO L290 TraceCheckUtils]: 104: Hoare triple {12983#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {12983#false} is VALID [2022-02-20 18:07:46,454 INFO L290 TraceCheckUtils]: 105: Hoare triple {12983#false} assume !(0 == ~pumpRunning~0); {12983#false} is VALID [2022-02-20 18:07:46,454 INFO L272 TraceCheckUtils]: 106: Hoare triple {12983#false} call processEnvironment__wrappee__base(); {12982#true} is VALID [2022-02-20 18:07:46,455 INFO L290 TraceCheckUtils]: 107: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,457 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {12982#true} {12983#false} #238#return; {12983#false} is VALID [2022-02-20 18:07:46,457 INFO L290 TraceCheckUtils]: 109: Hoare triple {12983#false} assume { :end_inline_processEnvironment } true; {12983#false} is VALID [2022-02-20 18:07:46,457 INFO L290 TraceCheckUtils]: 110: Hoare triple {12983#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12983#false} is VALID [2022-02-20 18:07:46,457 INFO L272 TraceCheckUtils]: 111: Hoare triple {12983#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12982#true} is VALID [2022-02-20 18:07:46,457 INFO L290 TraceCheckUtils]: 112: Hoare triple {12982#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12982#true} is VALID [2022-02-20 18:07:46,458 INFO L290 TraceCheckUtils]: 113: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,458 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {12982#true} {12983#false} #240#return; {12983#false} is VALID [2022-02-20 18:07:46,458 INFO L290 TraceCheckUtils]: 115: Hoare triple {12983#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {12983#false} is VALID [2022-02-20 18:07:46,458 INFO L290 TraceCheckUtils]: 116: Hoare triple {12983#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {12983#false} is VALID [2022-02-20 18:07:46,458 INFO L290 TraceCheckUtils]: 117: Hoare triple {12983#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {12983#false} is VALID [2022-02-20 18:07:46,458 INFO L290 TraceCheckUtils]: 118: Hoare triple {12983#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12983#false} is VALID [2022-02-20 18:07:46,458 INFO L290 TraceCheckUtils]: 119: Hoare triple {12983#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {12983#false} is VALID [2022-02-20 18:07:46,458 INFO L290 TraceCheckUtils]: 120: Hoare triple {12983#false} assume !false; {12983#false} is VALID [2022-02-20 18:07:46,459 INFO L134 CoverageAnalysis]: Checked inductivity of 87 backedges. 43 proven. 16 refuted. 0 times theorem prover too weak. 28 trivial. 0 not checked. [2022-02-20 18:07:46,459 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:07:46,459 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [711096579] [2022-02-20 18:07:46,459 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [711096579] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:07:46,459 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1402917736] [2022-02-20 18:07:46,459 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:46,460 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:07:46,460 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:46,461 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:07:46,471 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Waiting until timeout for monitored process [2022-02-20 18:07:46,557 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,559 INFO L263 TraceCheckSpWp]: Trace formula consists of 537 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:07:46,576 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:46,578 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:46,940 INFO L290 TraceCheckUtils]: 0: Hoare triple {12982#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4;~methAndRunningLastTime~0 := 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0; {12982#true} is VALID [2022-02-20 18:07:46,940 INFO L290 TraceCheckUtils]: 1: Hoare triple {12982#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 2: Hoare triple {12982#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 3: Hoare triple {12982#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 4: Hoare triple {12982#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret21#1 && main_#t~ret21#1 <= 2147483647;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 5: Hoare triple {12982#true} assume 0 != main_~tmp~4#1;assume { :begin_inline_setup } true; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 6: Hoare triple {12982#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 7: Hoare triple {12982#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 8: Hoare triple {12982#true} assume !false; {12982#true} is VALID [2022-02-20 18:07:46,941 INFO L290 TraceCheckUtils]: 9: Hoare triple {12982#true} assume test_~splverifierCounter~0#1 < 4; {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L290 TraceCheckUtils]: 10: Hoare triple {12982#true} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L290 TraceCheckUtils]: 11: Hoare triple {12982#true} assume 0 != test_~tmp~0#1; {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L272 TraceCheckUtils]: 12: Hoare triple {12982#true} call waterRise(); {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L290 TraceCheckUtils]: 13: Hoare triple {12982#true} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L290 TraceCheckUtils]: 14: Hoare triple {12982#true} assume true; {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {12982#true} {12982#true} #242#return; {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L290 TraceCheckUtils]: 16: Hoare triple {12982#true} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12982#true} is VALID [2022-02-20 18:07:46,942 INFO L290 TraceCheckUtils]: 17: Hoare triple {12982#true} assume 0 != test_~tmp___0~0#1; {12982#true} is VALID [2022-02-20 18:07:46,943 INFO L272 TraceCheckUtils]: 18: Hoare triple {12982#true} call changeMethaneLevel(); {12982#true} is VALID [2022-02-20 18:07:46,943 INFO L290 TraceCheckUtils]: 19: Hoare triple {12982#true} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,943 INFO L290 TraceCheckUtils]: 20: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume true; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,944 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {13054#(<= 1 ~methaneLevelCritical~0)} {12982#true} #244#return; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,944 INFO L290 TraceCheckUtils]: 22: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,945 INFO L290 TraceCheckUtils]: 23: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,945 INFO L290 TraceCheckUtils]: 24: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume { :end_inline_startSystem } true; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,945 INFO L272 TraceCheckUtils]: 25: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} call timeShift(); {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,946 INFO L290 TraceCheckUtils]: 26: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume !(0 != ~pumpRunning~0); {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,946 INFO L290 TraceCheckUtils]: 27: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,946 INFO L290 TraceCheckUtils]: 28: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume 0 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,946 INFO L290 TraceCheckUtils]: 29: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume !(~waterLevel~0 < 2);isHighWaterSensorDry_~retValue_acc~8#1 := 0;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,947 INFO L290 TraceCheckUtils]: 30: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;assume -2147483648 <= isHighWaterLevel_#t~ret19#1 && isHighWaterLevel_#t~ret19#1 <= 2147483647;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,947 INFO L290 TraceCheckUtils]: 31: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume !(0 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,947 INFO L290 TraceCheckUtils]: 32: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,948 INFO L290 TraceCheckUtils]: 33: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;assume -2147483648 <= processEnvironment_#t~ret8#1 && processEnvironment_#t~ret8#1 <= 2147483647;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,948 INFO L290 TraceCheckUtils]: 34: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} assume 0 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,948 INFO L272 TraceCheckUtils]: 35: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {13054#(<= 1 ~methaneLevelCritical~0)} is VALID [2022-02-20 18:07:46,949 INFO L290 TraceCheckUtils]: 36: Hoare triple {13054#(<= 1 ~methaneLevelCritical~0)} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {13183#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} is VALID [2022-02-20 18:07:46,949 INFO L290 TraceCheckUtils]: 37: Hoare triple {13183#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} assume true; {13183#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} is VALID [2022-02-20 18:07:46,950 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {13183#(and (<= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|) (<= 1 ~methaneLevelCritical~0))} {13054#(<= 1 ~methaneLevelCritical~0)} #234#return; {13190#(and (<= 1 ~methaneLevelCritical~0) (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#t~ret10#1|))} is VALID [2022-02-20 18:07:46,977 INFO L290 TraceCheckUtils]: 39: Hoare triple {13190#(and (<= 1 ~methaneLevelCritical~0) (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#t~ret10#1|))} assume -2147483648 <= isMethaneAlarm_#t~ret10#1 && isMethaneAlarm_#t~ret10#1 <= 2147483647;isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {13194#(and (<= 1 ~methaneLevelCritical~0) (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))} is VALID [2022-02-20 18:07:46,977 INFO L290 TraceCheckUtils]: 40: Hoare triple {13194#(and (<= 1 ~methaneLevelCritical~0) (<= ~methaneLevelCritical~0 |timeShift_isMethaneAlarm_#res#1|))} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;assume -2147483648 <= activatePump_#t~ret9#1 && activatePump_#t~ret9#1 <= 2147483647;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {13198#(and (<= ~methaneLevelCritical~0 |timeShift_activatePump_~tmp~2#1|) (<= 1 ~methaneLevelCritical~0))} is VALID [2022-02-20 18:07:46,978 INFO L290 TraceCheckUtils]: 41: Hoare triple {13198#(and (<= ~methaneLevelCritical~0 |timeShift_activatePump_~tmp~2#1|) (<= 1 ~methaneLevelCritical~0))} assume !(0 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1; {12983#false} is VALID [2022-02-20 18:07:46,978 INFO L290 TraceCheckUtils]: 42: Hoare triple {12983#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {12983#false} is VALID [2022-02-20 18:07:46,978 INFO L290 TraceCheckUtils]: 43: Hoare triple {12983#false} assume { :end_inline_activatePump } true; {12983#false} is VALID [2022-02-20 18:07:46,978 INFO L290 TraceCheckUtils]: 44: Hoare triple {12983#false} assume { :end_inline_processEnvironment } true; {12983#false} is VALID [2022-02-20 18:07:46,978 INFO L290 TraceCheckUtils]: 45: Hoare triple {12983#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12983#false} is VALID [2022-02-20 18:07:46,978 INFO L272 TraceCheckUtils]: 46: Hoare triple {12983#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12983#false} is VALID [2022-02-20 18:07:46,978 INFO L290 TraceCheckUtils]: 47: Hoare triple {12983#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 48: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {12983#false} {12983#false} #240#return; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 50: Hoare triple {12983#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 51: Hoare triple {12983#false} assume !(0 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 52: Hoare triple {12983#false} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 53: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L284 TraceCheckUtils]: 54: Hoare quadruple {12983#false} {13054#(<= 1 ~methaneLevelCritical~0)} #246#return; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 55: Hoare triple {12983#false} assume !false; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 56: Hoare triple {12983#false} assume test_~splverifierCounter~0#1 < 4; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 57: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12983#false} is VALID [2022-02-20 18:07:46,979 INFO L290 TraceCheckUtils]: 58: Hoare triple {12983#false} assume !(0 != test_~tmp~0#1); {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 59: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 60: Hoare triple {12983#false} assume 0 != test_~tmp___0~0#1; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L272 TraceCheckUtils]: 61: Hoare triple {12983#false} call changeMethaneLevel(); {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 62: Hoare triple {12983#false} assume !(0 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 63: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L284 TraceCheckUtils]: 64: Hoare quadruple {12983#false} {12983#false} #244#return; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 65: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 66: Hoare triple {12983#false} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 67: Hoare triple {12983#false} assume { :end_inline_startSystem } true; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L272 TraceCheckUtils]: 68: Hoare triple {12983#false} call timeShift(); {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 69: Hoare triple {12983#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {12983#false} is VALID [2022-02-20 18:07:46,980 INFO L290 TraceCheckUtils]: 70: Hoare triple {12983#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 71: Hoare triple {12983#false} assume { :end_inline_lowerWaterLevel } true; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 72: Hoare triple {12983#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 73: Hoare triple {12983#false} assume !(0 == ~pumpRunning~0); {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L272 TraceCheckUtils]: 74: Hoare triple {12983#false} call processEnvironment__wrappee__base(); {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 75: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {12983#false} {12983#false} #238#return; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 77: Hoare triple {12983#false} assume { :end_inline_processEnvironment } true; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 78: Hoare triple {12983#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L272 TraceCheckUtils]: 79: Hoare triple {12983#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 80: Hoare triple {12983#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L290 TraceCheckUtils]: 81: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,981 INFO L284 TraceCheckUtils]: 82: Hoare quadruple {12983#false} {12983#false} #240#return; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 83: Hoare triple {12983#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 84: Hoare triple {12983#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 85: Hoare triple {12983#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 86: Hoare triple {12983#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 87: Hoare triple {12983#false} assume !(0 != ~methAndRunningLastTime~0);~methAndRunningLastTime~0 := 1; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 88: Hoare triple {12983#false} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 89: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L284 TraceCheckUtils]: 90: Hoare quadruple {12983#false} {12983#false} #246#return; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 91: Hoare triple {12983#false} assume !false; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 92: Hoare triple {12983#false} assume test_~splverifierCounter~0#1 < 4; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 93: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {12983#false} is VALID [2022-02-20 18:07:46,982 INFO L290 TraceCheckUtils]: 94: Hoare triple {12983#false} assume !(0 != test_~tmp~0#1); {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 95: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 96: Hoare triple {12983#false} assume !(0 != test_~tmp___0~0#1); {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 97: Hoare triple {12983#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 98: Hoare triple {12983#false} assume 0 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 99: Hoare triple {12983#false} assume { :end_inline_startSystem } true; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L272 TraceCheckUtils]: 100: Hoare triple {12983#false} call timeShift(); {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 101: Hoare triple {12983#false} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 102: Hoare triple {12983#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 103: Hoare triple {12983#false} assume { :end_inline_lowerWaterLevel } true; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 104: Hoare triple {12983#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 105: Hoare triple {12983#false} assume !(0 == ~pumpRunning~0); {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L272 TraceCheckUtils]: 106: Hoare triple {12983#false} call processEnvironment__wrappee__base(); {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 107: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L284 TraceCheckUtils]: 108: Hoare quadruple {12983#false} {12983#false} #238#return; {12983#false} is VALID [2022-02-20 18:07:46,983 INFO L290 TraceCheckUtils]: 109: Hoare triple {12983#false} assume { :end_inline_processEnvironment } true; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 110: Hoare triple {12983#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L272 TraceCheckUtils]: 111: Hoare triple {12983#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 112: Hoare triple {12983#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 113: Hoare triple {12983#false} assume true; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L284 TraceCheckUtils]: 114: Hoare quadruple {12983#false} {12983#false} #240#return; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 115: Hoare triple {12983#false} assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret22#1 && __utac_acc__Specification2_spec__2_#t~ret22#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 116: Hoare triple {12983#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 117: Hoare triple {12983#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification2_spec__2_#t~ret23#1 && __utac_acc__Specification2_spec__2_#t~ret23#1 <= 2147483647;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 118: Hoare triple {12983#false} assume 0 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 119: Hoare triple {12983#false} assume 0 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {12983#false} is VALID [2022-02-20 18:07:46,984 INFO L290 TraceCheckUtils]: 120: Hoare triple {12983#false} assume !false; {12983#false} is VALID [2022-02-20 18:07:46,985 INFO L134 CoverageAnalysis]: Checked inductivity of 87 backedges. 39 proven. 0 refuted. 0 times theorem prover too weak. 48 trivial. 0 not checked. [2022-02-20 18:07:46,985 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:46,985 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1402917736] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:46,985 INFO L191 FreeRefinementEngine]: Found 1 perfect and 1 imperfect interpolant sequences. [2022-02-20 18:07:46,985 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [14] total 18 [2022-02-20 18:07:46,986 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [358919491] [2022-02-20 18:07:46,986 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:46,987 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 9.857142857142858) internal successors, (69), 6 states have internal predecessors, (69), 3 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (8), 4 states have call predecessors, (8), 3 states have call successors, (8) Word has length 121 [2022-02-20 18:07:46,987 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:46,987 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 9.857142857142858) internal successors, (69), 6 states have internal predecessors, (69), 3 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (8), 4 states have call predecessors, (8), 3 states have call successors, (8) [2022-02-20 18:07:47,064 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:47,064 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:07:47,065 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:07:47,065 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:07:47,065 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=43, Invalid=263, Unknown=0, NotChecked=0, Total=306 [2022-02-20 18:07:47,065 INFO L87 Difference]: Start difference. First operand 543 states and 668 transitions. Second operand has 7 states, 7 states have (on average 9.857142857142858) internal successors, (69), 6 states have internal predecessors, (69), 3 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (8), 4 states have call predecessors, (8), 3 states have call successors, (8) [2022-02-20 18:07:47,611 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:47,612 INFO L93 Difference]: Finished difference Result 1096 states and 1354 transitions. [2022-02-20 18:07:47,612 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:07:47,612 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 9.857142857142858) internal successors, (69), 6 states have internal predecessors, (69), 3 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (8), 4 states have call predecessors, (8), 3 states have call successors, (8) Word has length 121 [2022-02-20 18:07:47,612 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:47,612 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 9.857142857142858) internal successors, (69), 6 states have internal predecessors, (69), 3 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (8), 4 states have call predecessors, (8), 3 states have call successors, (8) [2022-02-20 18:07:47,614 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 249 transitions. [2022-02-20 18:07:47,614 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 9.857142857142858) internal successors, (69), 6 states have internal predecessors, (69), 3 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (8), 4 states have call predecessors, (8), 3 states have call successors, (8) [2022-02-20 18:07:47,616 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 249 transitions. [2022-02-20 18:07:47,616 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 249 transitions. [2022-02-20 18:07:47,761 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 249 edges. 249 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:47,779 INFO L225 Difference]: With dead ends: 1096 [2022-02-20 18:07:47,779 INFO L226 Difference]: Without dead ends: 561 [2022-02-20 18:07:47,780 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 153 GetRequests, 136 SyntacticMatches, 0 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 16 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=49, Invalid=293, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:07:47,781 INFO L933 BasicCegarLoop]: 159 mSDtfsCounter, 79 mSDsluCounter, 389 mSDsCounter, 0 mSdLazyCounter, 94 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 81 SdHoareTripleChecker+Valid, 548 SdHoareTripleChecker+Invalid, 99 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 94 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:47,781 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [81 Valid, 548 Invalid, 99 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 94 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:07:47,782 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 561 states. [2022-02-20 18:07:47,918 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 561 to 529. [2022-02-20 18:07:47,918 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:47,919 INFO L82 GeneralOperation]: Start isEquivalent. First operand 561 states. Second operand has 529 states, 416 states have (on average 1.2091346153846154) internal successors, (503), 444 states have internal predecessors, (503), 59 states have call successors, (59), 50 states have call predecessors, (59), 53 states have return successors, (73), 55 states have call predecessors, (73), 59 states have call successors, (73) [2022-02-20 18:07:47,920 INFO L74 IsIncluded]: Start isIncluded. First operand 561 states. Second operand has 529 states, 416 states have (on average 1.2091346153846154) internal successors, (503), 444 states have internal predecessors, (503), 59 states have call successors, (59), 50 states have call predecessors, (59), 53 states have return successors, (73), 55 states have call predecessors, (73), 59 states have call successors, (73) [2022-02-20 18:07:47,921 INFO L87 Difference]: Start difference. First operand 561 states. Second operand has 529 states, 416 states have (on average 1.2091346153846154) internal successors, (503), 444 states have internal predecessors, (503), 59 states have call successors, (59), 50 states have call predecessors, (59), 53 states have return successors, (73), 55 states have call predecessors, (73), 59 states have call successors, (73) [2022-02-20 18:07:47,939 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:47,940 INFO L93 Difference]: Finished difference Result 561 states and 675 transitions. [2022-02-20 18:07:47,940 INFO L276 IsEmpty]: Start isEmpty. Operand 561 states and 675 transitions. [2022-02-20 18:07:47,947 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:47,948 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:47,949 INFO L74 IsIncluded]: Start isIncluded. First operand has 529 states, 416 states have (on average 1.2091346153846154) internal successors, (503), 444 states have internal predecessors, (503), 59 states have call successors, (59), 50 states have call predecessors, (59), 53 states have return successors, (73), 55 states have call predecessors, (73), 59 states have call successors, (73) Second operand 561 states. [2022-02-20 18:07:47,949 INFO L87 Difference]: Start difference. First operand has 529 states, 416 states have (on average 1.2091346153846154) internal successors, (503), 444 states have internal predecessors, (503), 59 states have call successors, (59), 50 states have call predecessors, (59), 53 states have return successors, (73), 55 states have call predecessors, (73), 59 states have call successors, (73) Second operand 561 states. [2022-02-20 18:07:47,964 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:47,964 INFO L93 Difference]: Finished difference Result 561 states and 675 transitions. [2022-02-20 18:07:47,965 INFO L276 IsEmpty]: Start isEmpty. Operand 561 states and 675 transitions. [2022-02-20 18:07:47,966 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:47,966 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:47,966 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:47,966 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:47,967 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 529 states, 416 states have (on average 1.2091346153846154) internal successors, (503), 444 states have internal predecessors, (503), 59 states have call successors, (59), 50 states have call predecessors, (59), 53 states have return successors, (73), 55 states have call predecessors, (73), 59 states have call successors, (73) [2022-02-20 18:07:47,984 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 529 states to 529 states and 635 transitions. [2022-02-20 18:07:47,984 INFO L78 Accepts]: Start accepts. Automaton has 529 states and 635 transitions. Word has length 121 [2022-02-20 18:07:47,984 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:47,984 INFO L470 AbstractCegarLoop]: Abstraction has 529 states and 635 transitions. [2022-02-20 18:07:47,985 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 9.857142857142858) internal successors, (69), 6 states have internal predecessors, (69), 3 states have call successors, (8), 3 states have call predecessors, (8), 4 states have return successors, (8), 4 states have call predecessors, (8), 3 states have call successors, (8) [2022-02-20 18:07:47,985 INFO L276 IsEmpty]: Start isEmpty. Operand 529 states and 635 transitions. [2022-02-20 18:07:47,987 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 18:07:47,987 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:47,987 INFO L514 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:48,025 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:48,211 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable10 [2022-02-20 18:07:48,211 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:48,211 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:48,212 INFO L85 PathProgramCache]: Analyzing trace with hash -556908766, now seen corresponding path program 2 times [2022-02-20 18:07:48,212 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:07:48,212 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [585170157] [2022-02-20 18:07:48,212 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:48,212 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:07:48,240 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:07:48,241 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:07:48,255 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:07:48,286 INFO L138 FreeRefinementEngine]: Strategy CAMEL found a feasible trace [2022-02-20 18:07:48,286 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:07:48,287 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:07:48,288 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable11 [2022-02-20 18:07:48,291 INFO L732 BasicCegarLoop]: Path program histogram: [2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:48,293 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:07:48,322 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:07:48,322 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:07:48,328 INFO L158 Benchmark]: Toolchain (without parser) took 9419.57ms. Allocated memory was 136.3MB in the beginning and 237.0MB in the end (delta: 100.7MB). Free memory was 105.7MB in the beginning and 158.1MB in the end (delta: -52.3MB). Peak memory consumption was 49.2MB. Max. memory is 16.1GB. [2022-02-20 18:07:48,328 INFO L158 Benchmark]: CDTParser took 0.17ms. Allocated memory is still 83.9MB. Free memory was 40.0MB in the beginning and 39.9MB in the end (delta: 44.5kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:07:48,328 INFO L158 Benchmark]: CACSL2BoogieTranslator took 436.71ms. Allocated memory is still 136.3MB. Free memory was 105.7MB in the beginning and 101.7MB in the end (delta: 4.0MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-20 18:07:48,328 INFO L158 Benchmark]: Boogie Procedure Inliner took 61.06ms. Allocated memory is still 136.3MB. Free memory was 101.7MB in the beginning and 98.8MB in the end (delta: 2.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:07:48,328 INFO L158 Benchmark]: Boogie Preprocessor took 36.28ms. Allocated memory is still 136.3MB. Free memory was 98.8MB in the beginning and 97.1MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:07:48,329 INFO L158 Benchmark]: RCFGBuilder took 379.71ms. Allocated memory is still 136.3MB. Free memory was 97.1MB in the beginning and 77.4MB in the end (delta: 19.8MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:07:48,329 INFO L158 Benchmark]: TraceAbstraction took 8501.00ms. Allocated memory was 136.3MB in the beginning and 237.0MB in the end (delta: 100.7MB). Free memory was 76.6MB in the beginning and 158.1MB in the end (delta: -81.4MB). Peak memory consumption was 20.7MB. Max. memory is 16.1GB. [2022-02-20 18:07:48,330 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.17ms. Allocated memory is still 83.9MB. Free memory was 40.0MB in the beginning and 39.9MB in the end (delta: 44.5kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 436.71ms. Allocated memory is still 136.3MB. Free memory was 105.7MB in the beginning and 101.7MB in the end (delta: 4.0MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 61.06ms. Allocated memory is still 136.3MB. Free memory was 101.7MB in the beginning and 98.8MB in the end (delta: 2.9MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 36.28ms. Allocated memory is still 136.3MB. Free memory was 98.8MB in the beginning and 97.1MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 379.71ms. Allocated memory is still 136.3MB. Free memory was 97.1MB in the beginning and 77.4MB in the end (delta: 19.8MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 8501.00ms. Allocated memory was 136.3MB in the beginning and 237.0MB in the end (delta: 100.7MB). Free memory was 76.6MB in the beginning and 158.1MB in the end (delta: -81.4MB). Peak memory consumption was 20.7MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:07:48,369 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Using bit-precise analysis Retrying with bit-precise analysis ### Bit-precise run ### Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 471ad46a1662a2ee36763023473e29e175f1086d40bbf36d792af661871bf09e --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:07:50,155 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:07:50,157 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:07:50,194 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:07:50,194 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:07:50,196 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:07:50,197 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:07:50,201 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:07:50,203 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:07:50,206 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:07:50,207 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:07:50,211 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:07:50,211 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:07:50,213 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:07:50,214 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:07:50,217 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:07:50,218 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:07:50,219 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:07:50,221 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:07:50,226 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:07:50,228 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:07:50,229 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:07:50,230 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:07:50,231 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:07:50,238 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:07:50,238 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:07:50,239 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:07:50,240 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:07:50,241 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:07:50,241 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:07:50,242 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:07:50,242 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:07:50,244 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:07:50,245 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:07:50,246 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:07:50,246 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:07:50,247 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:07:50,247 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:07:50,247 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:07:50,249 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:07:50,249 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:07:50,253 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Bitvector.epf [2022-02-20 18:07:50,285 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:07:50,285 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:07:50,286 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:07:50,286 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:07:50,287 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:07:50,287 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:07:50,288 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:07:50,289 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:07:50,289 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:07:50,289 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:07:50,290 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:07:50,290 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:07:50,290 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:07:50,290 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:07:50,290 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:07:50,290 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:07:50,290 INFO L138 SettingsManager]: * Adapt memory model on pointer casts if necessary=true [2022-02-20 18:07:50,291 INFO L138 SettingsManager]: * Use bitvectors instead of ints=true [2022-02-20 18:07:50,291 INFO L138 SettingsManager]: * Memory model=HoenickeLindenmann_4ByteResolution [2022-02-20 18:07:50,291 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:07:50,291 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:07:50,291 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:07:50,291 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:07:50,292 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:07:50,292 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:07:50,292 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:07:50,292 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:50,292 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:07:50,292 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:07:50,292 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:07:50,293 INFO L138 SettingsManager]: * Trace refinement strategy=WOLF [2022-02-20 18:07:50,293 INFO L138 SettingsManager]: * Command for external solver=cvc4 --incremental --print-success --lang smt [2022-02-20 18:07:50,293 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:07:50,293 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:07:50,293 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:07:50,293 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode [2022-02-20 18:07:50,294 INFO L138 SettingsManager]: * Logic for external solver=AUFBV WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 471ad46a1662a2ee36763023473e29e175f1086d40bbf36d792af661871bf09e [2022-02-20 18:07:50,582 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:07:50,599 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:07:50,601 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:07:50,602 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:07:50,602 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:07:50,604 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c [2022-02-20 18:07:50,649 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/cb553b3bf/c7858c3456bf45a791172033f046f8f9/FLAG8c31600a0 [2022-02-20 18:07:51,089 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:07:51,091 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c [2022-02-20 18:07:51,102 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/cb553b3bf/c7858c3456bf45a791172033f046f8f9/FLAG8c31600a0 [2022-02-20 18:07:51,119 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/cb553b3bf/c7858c3456bf45a791172033f046f8f9 [2022-02-20 18:07:51,121 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:07:51,122 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:07:51,124 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:51,124 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:07:51,127 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:07:51,128 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,129 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@795faa37 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51, skipping insertion in model container [2022-02-20 18:07:51,129 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,134 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:07:51,180 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:07:51,298 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c[1605,1618] [2022-02-20 18:07:51,445 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:51,453 INFO L200 MainTranslator]: Restarting translation with changed settings: SettingsChange [mNewPreferredMemoryModel=HoenickeLindenmann_1ByteResolution] [2022-02-20 18:07:51,457 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:07:51,460 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c[1605,1618] [2022-02-20 18:07:51,506 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:51,519 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:07:51,527 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec2_product44.cil.c[1605,1618] [2022-02-20 18:07:51,553 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:07:51,581 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:07:51,582 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51 WrapperNode [2022-02-20 18:07:51,582 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:07:51,582 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:51,583 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:07:51,583 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:07:51,587 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,597 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,618 INFO L137 Inliner]: procedures = 58, calls = 155, calls flagged for inlining = 25, calls inlined = 22, statements flattened = 241 [2022-02-20 18:07:51,618 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:07:51,619 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:07:51,619 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:07:51,619 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:07:51,624 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,624 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,635 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,636 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,641 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,644 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,645 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,647 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:07:51,648 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:07:51,648 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:07:51,648 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:07:51,649 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (1/1) ... [2022-02-20 18:07:51,653 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:07:51,662 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:07:51,676 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:07:51,684 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:07:51,702 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:07:51,703 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:07:51,703 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:07:51,703 INFO L130 BoogieDeclarations]: Found specification of procedure isMethaneLevelCritical [2022-02-20 18:07:51,703 INFO L138 BoogieDeclarations]: Found implementation of procedure isMethaneLevelCritical [2022-02-20 18:07:51,703 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:07:51,703 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:07:51,703 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:07:51,704 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:07:51,704 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:07:51,704 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:07:51,704 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~intINTTYPE1 [2022-02-20 18:07:51,704 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:07:51,704 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:07:51,704 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:07:51,704 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:07:51,774 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:07:51,776 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:07:51,999 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:07:52,005 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:07:52,005 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:07:52,007 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:52 BoogieIcfgContainer [2022-02-20 18:07:52,007 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:07:52,008 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:07:52,008 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:07:52,010 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:07:52,011 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:07:51" (1/3) ... [2022-02-20 18:07:52,011 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@66b2dfd4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:52, skipping insertion in model container [2022-02-20 18:07:52,011 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:07:51" (2/3) ... [2022-02-20 18:07:52,011 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@66b2dfd4 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:07:52, skipping insertion in model container [2022-02-20 18:07:52,012 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:07:52" (3/3) ... [2022-02-20 18:07:52,013 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec2_product44.cil.c [2022-02-20 18:07:52,016 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:07:52,016 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:07:52,080 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:07:52,086 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:07:52,086 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:07:52,104 INFO L276 IsEmpty]: Start isEmpty. Operand has 86 states, 68 states have (on average 1.3823529411764706) internal successors, (94), 74 states have internal predecessors, (94), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:07:52,110 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:07:52,110 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:52,110 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:52,111 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:52,115 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:52,115 INFO L85 PathProgramCache]: Analyzing trace with hash -276262322, now seen corresponding path program 1 times [2022-02-20 18:07:52,125 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:52,125 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1542896584] [2022-02-20 18:07:52,125 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:52,126 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:52,126 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:52,128 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:52,129 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Waiting until timeout for monitored process [2022-02-20 18:07:52,193 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:52,196 INFO L263 TraceCheckSpWp]: Trace formula consists of 157 conjuncts, 1 conjunts are in the unsatisfiable core [2022-02-20 18:07:52,205 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:52,208 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:52,276 INFO L290 TraceCheckUtils]: 0: Hoare triple {89#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {89#true} is VALID [2022-02-20 18:07:52,277 INFO L290 TraceCheckUtils]: 1: Hoare triple {89#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {89#true} is VALID [2022-02-20 18:07:52,277 INFO L290 TraceCheckUtils]: 2: Hoare triple {89#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {89#true} is VALID [2022-02-20 18:07:52,277 INFO L290 TraceCheckUtils]: 3: Hoare triple {89#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {89#true} is VALID [2022-02-20 18:07:52,277 INFO L290 TraceCheckUtils]: 4: Hoare triple {89#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {89#true} is VALID [2022-02-20 18:07:52,278 INFO L290 TraceCheckUtils]: 5: Hoare triple {89#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {89#true} is VALID [2022-02-20 18:07:52,278 INFO L290 TraceCheckUtils]: 6: Hoare triple {89#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {89#true} is VALID [2022-02-20 18:07:52,278 INFO L290 TraceCheckUtils]: 7: Hoare triple {89#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {89#true} is VALID [2022-02-20 18:07:52,279 INFO L290 TraceCheckUtils]: 8: Hoare triple {89#true} assume !true; {90#false} is VALID [2022-02-20 18:07:52,279 INFO L272 TraceCheckUtils]: 9: Hoare triple {90#false} call cleanup(); {90#false} is VALID [2022-02-20 18:07:52,279 INFO L290 TraceCheckUtils]: 10: Hoare triple {90#false} havoc ~i~0;havoc ~__cil_tmp2~0; {90#false} is VALID [2022-02-20 18:07:52,279 INFO L272 TraceCheckUtils]: 11: Hoare triple {90#false} call timeShift(); {90#false} is VALID [2022-02-20 18:07:52,279 INFO L290 TraceCheckUtils]: 12: Hoare triple {90#false} assume !(0bv32 != ~pumpRunning~0); {90#false} is VALID [2022-02-20 18:07:52,280 INFO L290 TraceCheckUtils]: 13: Hoare triple {90#false} assume !(0bv32 != ~systemActive~0); {90#false} is VALID [2022-02-20 18:07:52,280 INFO L290 TraceCheckUtils]: 14: Hoare triple {90#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {90#false} is VALID [2022-02-20 18:07:52,280 INFO L272 TraceCheckUtils]: 15: Hoare triple {90#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {90#false} is VALID [2022-02-20 18:07:52,280 INFO L290 TraceCheckUtils]: 16: Hoare triple {90#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {90#false} is VALID [2022-02-20 18:07:52,281 INFO L290 TraceCheckUtils]: 17: Hoare triple {90#false} assume true; {90#false} is VALID [2022-02-20 18:07:52,281 INFO L284 TraceCheckUtils]: 18: Hoare quadruple {90#false} {90#false} #240#return; {90#false} is VALID [2022-02-20 18:07:52,281 INFO L290 TraceCheckUtils]: 19: Hoare triple {90#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {90#false} is VALID [2022-02-20 18:07:52,281 INFO L290 TraceCheckUtils]: 20: Hoare triple {90#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {90#false} is VALID [2022-02-20 18:07:52,281 INFO L290 TraceCheckUtils]: 21: Hoare triple {90#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {90#false} is VALID [2022-02-20 18:07:52,282 INFO L290 TraceCheckUtils]: 22: Hoare triple {90#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {90#false} is VALID [2022-02-20 18:07:52,282 INFO L290 TraceCheckUtils]: 23: Hoare triple {90#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {90#false} is VALID [2022-02-20 18:07:52,282 INFO L290 TraceCheckUtils]: 24: Hoare triple {90#false} assume !false; {90#false} is VALID [2022-02-20 18:07:52,283 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:52,283 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:52,284 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:52,284 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1542896584] [2022-02-20 18:07:52,284 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1542896584] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:52,284 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:52,284 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:07:52,286 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [803059322] [2022-02-20 18:07:52,286 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:52,289 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:52,290 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:52,293 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:52,316 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:52,316 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:07:52,316 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:52,329 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:07:52,329 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:52,331 INFO L87 Difference]: Start difference. First operand has 86 states, 68 states have (on average 1.3823529411764706) internal successors, (94), 74 states have internal predecessors, (94), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 9 states have call predecessors, (10), 10 states have call successors, (10) Second operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:52,410 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:52,410 INFO L93 Difference]: Finished difference Result 163 states and 222 transitions. [2022-02-20 18:07:52,410 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:07:52,410 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 25 [2022-02-20 18:07:52,411 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:52,411 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:52,420 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 222 transitions. [2022-02-20 18:07:52,420 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:52,425 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 222 transitions. [2022-02-20 18:07:52,425 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 222 transitions. [2022-02-20 18:07:52,592 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 222 edges. 222 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:52,600 INFO L225 Difference]: With dead ends: 163 [2022-02-20 18:07:52,600 INFO L226 Difference]: Without dead ends: 77 [2022-02-20 18:07:52,602 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 24 GetRequests, 24 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:07:52,604 INFO L933 BasicCegarLoop]: 108 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 108 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:52,605 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 108 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:52,615 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2022-02-20 18:07:52,625 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 77. [2022-02-20 18:07:52,626 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:52,627 INFO L82 GeneralOperation]: Start isEquivalent. First operand 77 states. Second operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:52,628 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:52,628 INFO L87 Difference]: Start difference. First operand 77 states. Second operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:52,633 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:52,633 INFO L93 Difference]: Finished difference Result 77 states and 99 transitions. [2022-02-20 18:07:52,633 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:52,634 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:52,634 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:52,635 INFO L74 IsIncluded]: Start isIncluded. First operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 77 states. [2022-02-20 18:07:52,635 INFO L87 Difference]: Start difference. First operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) Second operand 77 states. [2022-02-20 18:07:52,639 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:52,639 INFO L93 Difference]: Finished difference Result 77 states and 99 transitions. [2022-02-20 18:07:52,639 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:52,640 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:52,640 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:52,640 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:52,640 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:52,641 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 77 states, 61 states have (on average 1.3114754098360655) internal successors, (80), 66 states have internal predecessors, (80), 10 states have call successors, (10), 6 states have call predecessors, (10), 5 states have return successors, (9), 8 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:07:52,644 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 99 transitions. [2022-02-20 18:07:52,645 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 99 transitions. Word has length 25 [2022-02-20 18:07:52,645 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:52,645 INFO L470 AbstractCegarLoop]: Abstraction has 77 states and 99 transitions. [2022-02-20 18:07:52,645 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 10.5) internal successors, (21), 2 states have internal predecessors, (21), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:52,646 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 99 transitions. [2022-02-20 18:07:52,647 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 27 [2022-02-20 18:07:52,647 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:52,647 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:52,658 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:52,854 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:52,856 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:52,856 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:52,856 INFO L85 PathProgramCache]: Analyzing trace with hash 174267448, now seen corresponding path program 1 times [2022-02-20 18:07:52,857 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:52,857 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [530807019] [2022-02-20 18:07:52,857 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:52,857 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:52,857 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:52,858 INFO L229 MonitoredProcess]: Starting monitored process 3 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:52,860 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Waiting until timeout for monitored process [2022-02-20 18:07:52,901 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:52,903 INFO L263 TraceCheckSpWp]: Trace formula consists of 158 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:07:52,910 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:52,911 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:52,970 INFO L290 TraceCheckUtils]: 0: Hoare triple {668#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {668#true} is VALID [2022-02-20 18:07:52,970 INFO L290 TraceCheckUtils]: 1: Hoare triple {668#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {668#true} is VALID [2022-02-20 18:07:52,971 INFO L290 TraceCheckUtils]: 2: Hoare triple {668#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {668#true} is VALID [2022-02-20 18:07:52,971 INFO L290 TraceCheckUtils]: 3: Hoare triple {668#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {668#true} is VALID [2022-02-20 18:07:52,971 INFO L290 TraceCheckUtils]: 4: Hoare triple {668#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {668#true} is VALID [2022-02-20 18:07:52,971 INFO L290 TraceCheckUtils]: 5: Hoare triple {668#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {668#true} is VALID [2022-02-20 18:07:52,971 INFO L290 TraceCheckUtils]: 6: Hoare triple {668#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {668#true} is VALID [2022-02-20 18:07:52,972 INFO L290 TraceCheckUtils]: 7: Hoare triple {668#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {694#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:07:52,972 INFO L290 TraceCheckUtils]: 8: Hoare triple {694#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !false; {694#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} is VALID [2022-02-20 18:07:52,972 INFO L290 TraceCheckUtils]: 9: Hoare triple {694#(= |ULTIMATE.start_test_~splverifierCounter~0#1| (_ bv0 32))} assume !~bvslt32(test_~splverifierCounter~0#1, 4bv32); {669#false} is VALID [2022-02-20 18:07:52,973 INFO L272 TraceCheckUtils]: 10: Hoare triple {669#false} call cleanup(); {669#false} is VALID [2022-02-20 18:07:52,973 INFO L290 TraceCheckUtils]: 11: Hoare triple {669#false} havoc ~i~0;havoc ~__cil_tmp2~0; {669#false} is VALID [2022-02-20 18:07:52,973 INFO L272 TraceCheckUtils]: 12: Hoare triple {669#false} call timeShift(); {669#false} is VALID [2022-02-20 18:07:52,973 INFO L290 TraceCheckUtils]: 13: Hoare triple {669#false} assume !(0bv32 != ~pumpRunning~0); {669#false} is VALID [2022-02-20 18:07:52,973 INFO L290 TraceCheckUtils]: 14: Hoare triple {669#false} assume !(0bv32 != ~systemActive~0); {669#false} is VALID [2022-02-20 18:07:52,973 INFO L290 TraceCheckUtils]: 15: Hoare triple {669#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {669#false} is VALID [2022-02-20 18:07:52,974 INFO L272 TraceCheckUtils]: 16: Hoare triple {669#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {669#false} is VALID [2022-02-20 18:07:52,974 INFO L290 TraceCheckUtils]: 17: Hoare triple {669#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {669#false} is VALID [2022-02-20 18:07:52,974 INFO L290 TraceCheckUtils]: 18: Hoare triple {669#false} assume true; {669#false} is VALID [2022-02-20 18:07:52,974 INFO L284 TraceCheckUtils]: 19: Hoare quadruple {669#false} {669#false} #240#return; {669#false} is VALID [2022-02-20 18:07:52,974 INFO L290 TraceCheckUtils]: 20: Hoare triple {669#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {669#false} is VALID [2022-02-20 18:07:52,974 INFO L290 TraceCheckUtils]: 21: Hoare triple {669#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {669#false} is VALID [2022-02-20 18:07:52,975 INFO L290 TraceCheckUtils]: 22: Hoare triple {669#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {669#false} is VALID [2022-02-20 18:07:52,975 INFO L290 TraceCheckUtils]: 23: Hoare triple {669#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {669#false} is VALID [2022-02-20 18:07:52,975 INFO L290 TraceCheckUtils]: 24: Hoare triple {669#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {669#false} is VALID [2022-02-20 18:07:52,975 INFO L290 TraceCheckUtils]: 25: Hoare triple {669#false} assume !false; {669#false} is VALID [2022-02-20 18:07:52,975 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:52,975 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:52,976 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:52,976 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [530807019] [2022-02-20 18:07:52,976 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [530807019] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:52,976 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:52,976 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:52,976 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1543893398] [2022-02-20 18:07:52,977 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:52,977 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:52,978 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:52,978 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:52,998 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 26 edges. 26 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:52,998 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:52,999 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:52,999 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:52,999 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:53,000 INFO L87 Difference]: Start difference. First operand 77 states and 99 transitions. Second operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,082 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,082 INFO L93 Difference]: Finished difference Result 114 states and 147 transitions. [2022-02-20 18:07:53,082 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:53,082 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 26 [2022-02-20 18:07:53,083 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:53,083 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,085 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 147 transitions. [2022-02-20 18:07:53,085 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,088 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 147 transitions. [2022-02-20 18:07:53,088 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 147 transitions. [2022-02-20 18:07:53,204 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 147 edges. 147 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:53,206 INFO L225 Difference]: With dead ends: 114 [2022-02-20 18:07:53,206 INFO L226 Difference]: Without dead ends: 68 [2022-02-20 18:07:53,207 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 25 GetRequests, 24 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:53,208 INFO L933 BasicCegarLoop]: 86 mSDtfsCounter, 18 mSDsluCounter, 64 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 21 SdHoareTripleChecker+Valid, 150 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:53,208 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [21 Valid, 150 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:53,208 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 68 states. [2022-02-20 18:07:53,212 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 68 to 68. [2022-02-20 18:07:53,212 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:53,213 INFO L82 GeneralOperation]: Start isEquivalent. First operand 68 states. Second operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:53,213 INFO L74 IsIncluded]: Start isIncluded. First operand 68 states. Second operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:53,213 INFO L87 Difference]: Start difference. First operand 68 states. Second operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:53,216 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,216 INFO L93 Difference]: Finished difference Result 68 states and 87 transitions. [2022-02-20 18:07:53,216 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 87 transitions. [2022-02-20 18:07:53,217 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:53,217 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:53,217 INFO L74 IsIncluded]: Start isIncluded. First operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 68 states. [2022-02-20 18:07:53,218 INFO L87 Difference]: Start difference. First operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 68 states. [2022-02-20 18:07:53,220 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,220 INFO L93 Difference]: Finished difference Result 68 states and 87 transitions. [2022-02-20 18:07:53,220 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 87 transitions. [2022-02-20 18:07:53,221 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:53,221 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:53,221 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:53,221 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:53,222 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 68 states, 55 states have (on average 1.3272727272727274) internal successors, (73), 60 states have internal predecessors, (73), 7 states have call successors, (7), 5 states have call predecessors, (7), 5 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:07:53,224 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 68 states to 68 states and 87 transitions. [2022-02-20 18:07:53,224 INFO L78 Accepts]: Start accepts. Automaton has 68 states and 87 transitions. Word has length 26 [2022-02-20 18:07:53,224 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:53,225 INFO L470 AbstractCegarLoop]: Abstraction has 68 states and 87 transitions. [2022-02-20 18:07:53,225 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.333333333333333) internal successors, (22), 3 states have internal predecessors, (22), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,225 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 87 transitions. [2022-02-20 18:07:53,226 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2022-02-20 18:07:53,226 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:53,226 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:53,233 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (3)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:53,432 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 3 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:53,433 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:53,434 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:53,434 INFO L85 PathProgramCache]: Analyzing trace with hash -2461694, now seen corresponding path program 1 times [2022-02-20 18:07:53,434 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:53,434 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [617888356] [2022-02-20 18:07:53,434 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:53,435 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:53,435 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:53,436 INFO L229 MonitoredProcess]: Starting monitored process 4 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:53,437 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Waiting until timeout for monitored process [2022-02-20 18:07:53,477 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:53,479 INFO L263 TraceCheckSpWp]: Trace formula consists of 158 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:07:53,486 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:53,487 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:53,544 INFO L290 TraceCheckUtils]: 0: Hoare triple {1147#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1147#true} is VALID [2022-02-20 18:07:53,544 INFO L290 TraceCheckUtils]: 1: Hoare triple {1147#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1147#true} is VALID [2022-02-20 18:07:53,545 INFO L290 TraceCheckUtils]: 2: Hoare triple {1147#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1147#true} is VALID [2022-02-20 18:07:53,545 INFO L290 TraceCheckUtils]: 3: Hoare triple {1147#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1147#true} is VALID [2022-02-20 18:07:53,545 INFO L290 TraceCheckUtils]: 4: Hoare triple {1147#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {1147#true} is VALID [2022-02-20 18:07:53,545 INFO L290 TraceCheckUtils]: 5: Hoare triple {1147#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1147#true} is VALID [2022-02-20 18:07:53,545 INFO L290 TraceCheckUtils]: 6: Hoare triple {1147#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {1147#true} is VALID [2022-02-20 18:07:53,545 INFO L290 TraceCheckUtils]: 7: Hoare triple {1147#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1147#true} is VALID [2022-02-20 18:07:53,546 INFO L290 TraceCheckUtils]: 8: Hoare triple {1147#true} assume !false; {1147#true} is VALID [2022-02-20 18:07:53,546 INFO L290 TraceCheckUtils]: 9: Hoare triple {1147#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1147#true} is VALID [2022-02-20 18:07:53,546 INFO L290 TraceCheckUtils]: 10: Hoare triple {1147#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1147#true} is VALID [2022-02-20 18:07:53,546 INFO L290 TraceCheckUtils]: 11: Hoare triple {1147#true} assume !(0bv32 != test_~tmp~0#1); {1147#true} is VALID [2022-02-20 18:07:53,546 INFO L290 TraceCheckUtils]: 12: Hoare triple {1147#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1147#true} is VALID [2022-02-20 18:07:53,546 INFO L290 TraceCheckUtils]: 13: Hoare triple {1147#true} assume !(0bv32 != test_~tmp___0~0#1); {1147#true} is VALID [2022-02-20 18:07:53,547 INFO L290 TraceCheckUtils]: 14: Hoare triple {1147#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1147#true} is VALID [2022-02-20 18:07:53,547 INFO L290 TraceCheckUtils]: 15: Hoare triple {1147#true} assume 0bv32 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1bv32; {1197#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:07:53,547 INFO L290 TraceCheckUtils]: 16: Hoare triple {1197#(= ~systemActive~0 (_ bv1 32))} assume { :end_inline_startSystem } true; {1197#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:07:53,548 INFO L272 TraceCheckUtils]: 17: Hoare triple {1197#(= ~systemActive~0 (_ bv1 32))} call timeShift(); {1197#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:07:53,548 INFO L290 TraceCheckUtils]: 18: Hoare triple {1197#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {1197#(= ~systemActive~0 (_ bv1 32))} is VALID [2022-02-20 18:07:53,549 INFO L290 TraceCheckUtils]: 19: Hoare triple {1197#(= ~systemActive~0 (_ bv1 32))} assume !(0bv32 != ~systemActive~0); {1148#false} is VALID [2022-02-20 18:07:53,549 INFO L290 TraceCheckUtils]: 20: Hoare triple {1148#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1148#false} is VALID [2022-02-20 18:07:53,549 INFO L272 TraceCheckUtils]: 21: Hoare triple {1148#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {1148#false} is VALID [2022-02-20 18:07:53,549 INFO L290 TraceCheckUtils]: 22: Hoare triple {1148#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {1148#false} is VALID [2022-02-20 18:07:53,549 INFO L290 TraceCheckUtils]: 23: Hoare triple {1148#false} assume true; {1148#false} is VALID [2022-02-20 18:07:53,549 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {1148#false} {1148#false} #240#return; {1148#false} is VALID [2022-02-20 18:07:53,550 INFO L290 TraceCheckUtils]: 25: Hoare triple {1148#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {1148#false} is VALID [2022-02-20 18:07:53,550 INFO L290 TraceCheckUtils]: 26: Hoare triple {1148#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1148#false} is VALID [2022-02-20 18:07:53,550 INFO L290 TraceCheckUtils]: 27: Hoare triple {1148#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {1148#false} is VALID [2022-02-20 18:07:53,550 INFO L290 TraceCheckUtils]: 28: Hoare triple {1148#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1148#false} is VALID [2022-02-20 18:07:53,550 INFO L290 TraceCheckUtils]: 29: Hoare triple {1148#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1148#false} is VALID [2022-02-20 18:07:53,550 INFO L290 TraceCheckUtils]: 30: Hoare triple {1148#false} assume !false; {1148#false} is VALID [2022-02-20 18:07:53,551 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:53,551 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:53,551 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:53,551 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [617888356] [2022-02-20 18:07:53,551 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [617888356] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:53,551 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:53,552 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:07:53,552 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [717191529] [2022-02-20 18:07:53,552 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:53,552 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:53,553 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:53,553 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,575 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:53,575 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:53,576 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:53,576 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:53,576 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:53,576 INFO L87 Difference]: Start difference. First operand 68 states and 87 transitions. Second operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,704 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,704 INFO L93 Difference]: Finished difference Result 186 states and 244 transitions. [2022-02-20 18:07:53,704 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:53,705 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:07:53,705 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:53,705 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,709 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 244 transitions. [2022-02-20 18:07:53,709 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,712 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 244 transitions. [2022-02-20 18:07:53,712 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 244 transitions. [2022-02-20 18:07:53,915 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 244 edges. 244 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:53,918 INFO L225 Difference]: With dead ends: 186 [2022-02-20 18:07:53,918 INFO L226 Difference]: Without dead ends: 126 [2022-02-20 18:07:53,919 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 30 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:53,920 INFO L933 BasicCegarLoop]: 108 mSDtfsCounter, 79 mSDsluCounter, 74 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 79 SdHoareTripleChecker+Valid, 182 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:53,920 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [79 Valid, 182 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:53,921 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 126 states. [2022-02-20 18:07:53,941 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 126 to 121. [2022-02-20 18:07:53,941 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:53,942 INFO L82 GeneralOperation]: Start isEquivalent. First operand 126 states. Second operand has 121 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 105 states have internal predecessors, (130), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:53,942 INFO L74 IsIncluded]: Start isIncluded. First operand 126 states. Second operand has 121 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 105 states have internal predecessors, (130), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:53,943 INFO L87 Difference]: Start difference. First operand 126 states. Second operand has 121 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 105 states have internal predecessors, (130), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:53,946 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,946 INFO L93 Difference]: Finished difference Result 126 states and 163 transitions. [2022-02-20 18:07:53,946 INFO L276 IsEmpty]: Start isEmpty. Operand 126 states and 163 transitions. [2022-02-20 18:07:53,947 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:53,947 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:53,948 INFO L74 IsIncluded]: Start isIncluded. First operand has 121 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 105 states have internal predecessors, (130), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) Second operand 126 states. [2022-02-20 18:07:53,948 INFO L87 Difference]: Start difference. First operand has 121 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 105 states have internal predecessors, (130), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) Second operand 126 states. [2022-02-20 18:07:53,952 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:53,952 INFO L93 Difference]: Finished difference Result 126 states and 163 transitions. [2022-02-20 18:07:53,952 INFO L276 IsEmpty]: Start isEmpty. Operand 126 states and 163 transitions. [2022-02-20 18:07:53,953 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:53,953 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:53,953 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:53,953 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:53,953 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 121 states, 96 states have (on average 1.3541666666666667) internal successors, (130), 105 states have internal predecessors, (130), 14 states have call successors, (14), 10 states have call predecessors, (14), 10 states have return successors, (14), 12 states have call predecessors, (14), 14 states have call successors, (14) [2022-02-20 18:07:53,957 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 121 states to 121 states and 158 transitions. [2022-02-20 18:07:53,957 INFO L78 Accepts]: Start accepts. Automaton has 121 states and 158 transitions. Word has length 31 [2022-02-20 18:07:53,957 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:53,957 INFO L470 AbstractCegarLoop]: Abstraction has 121 states and 158 transitions. [2022-02-20 18:07:53,958 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:53,958 INFO L276 IsEmpty]: Start isEmpty. Operand 121 states and 158 transitions. [2022-02-20 18:07:53,958 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-20 18:07:53,958 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:53,959 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:53,967 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (4)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:54,165 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 4 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:54,166 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:54,166 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:54,166 INFO L85 PathProgramCache]: Analyzing trace with hash -1429569393, now seen corresponding path program 1 times [2022-02-20 18:07:54,167 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:54,167 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [976518282] [2022-02-20 18:07:54,167 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:54,167 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:54,167 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:54,168 INFO L229 MonitoredProcess]: Starting monitored process 5 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:54,199 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Waiting until timeout for monitored process [2022-02-20 18:07:54,225 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:54,227 INFO L263 TraceCheckSpWp]: Trace formula consists of 161 conjuncts, 6 conjunts are in the unsatisfiable core [2022-02-20 18:07:54,235 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:54,235 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:54,344 INFO L290 TraceCheckUtils]: 0: Hoare triple {1931#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,344 INFO L290 TraceCheckUtils]: 1: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,345 INFO L290 TraceCheckUtils]: 2: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,345 INFO L290 TraceCheckUtils]: 3: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,345 INFO L290 TraceCheckUtils]: 4: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,346 INFO L290 TraceCheckUtils]: 5: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,346 INFO L290 TraceCheckUtils]: 6: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,346 INFO L290 TraceCheckUtils]: 7: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,347 INFO L290 TraceCheckUtils]: 8: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !false; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,347 INFO L290 TraceCheckUtils]: 9: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,347 INFO L290 TraceCheckUtils]: 10: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,348 INFO L290 TraceCheckUtils]: 11: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp~0#1); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,348 INFO L290 TraceCheckUtils]: 12: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,349 INFO L290 TraceCheckUtils]: 13: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp___0~0#1); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,349 INFO L290 TraceCheckUtils]: 14: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,349 INFO L290 TraceCheckUtils]: 15: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,350 INFO L290 TraceCheckUtils]: 16: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume 0bv32 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,350 INFO L290 TraceCheckUtils]: 17: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~pumpRunning~0); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,350 INFO L290 TraceCheckUtils]: 18: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} ~systemActive~0 := 0bv32; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,351 INFO L290 TraceCheckUtils]: 19: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :end_inline_stopSystem } true; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,351 INFO L272 TraceCheckUtils]: 20: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} call timeShift(); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,351 INFO L290 TraceCheckUtils]: 21: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~pumpRunning~0); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,352 INFO L290 TraceCheckUtils]: 22: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume !(0bv32 != ~systemActive~0); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,352 INFO L290 TraceCheckUtils]: 23: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,353 INFO L272 TraceCheckUtils]: 24: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} is VALID [2022-02-20 18:07:54,353 INFO L290 TraceCheckUtils]: 25: Hoare triple {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {2012#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} is VALID [2022-02-20 18:07:54,353 INFO L290 TraceCheckUtils]: 26: Hoare triple {2012#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} assume true; {2012#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} is VALID [2022-02-20 18:07:54,354 INFO L284 TraceCheckUtils]: 27: Hoare quadruple {2012#(and (= ~methaneLevelCritical~0 (_ bv0 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} {1936#(= ~methaneLevelCritical~0 (_ bv0 32))} #240#return; {2019#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret22#1| (_ bv0 32))} is VALID [2022-02-20 18:07:54,355 INFO L290 TraceCheckUtils]: 28: Hoare triple {2019#(= |timeShift___utac_acc__Specification2_spec__2_#t~ret22#1| (_ bv0 32))} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {2023#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~5#1| (_ bv0 32))} is VALID [2022-02-20 18:07:54,355 INFO L290 TraceCheckUtils]: 29: Hoare triple {2023#(= |timeShift___utac_acc__Specification2_spec__2_~tmp~5#1| (_ bv0 32))} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1932#false} is VALID [2022-02-20 18:07:54,355 INFO L290 TraceCheckUtils]: 30: Hoare triple {1932#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {1932#false} is VALID [2022-02-20 18:07:54,355 INFO L290 TraceCheckUtils]: 31: Hoare triple {1932#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {1932#false} is VALID [2022-02-20 18:07:54,356 INFO L290 TraceCheckUtils]: 32: Hoare triple {1932#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {1932#false} is VALID [2022-02-20 18:07:54,356 INFO L290 TraceCheckUtils]: 33: Hoare triple {1932#false} assume !false; {1932#false} is VALID [2022-02-20 18:07:54,356 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:54,356 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:54,357 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:54,357 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [976518282] [2022-02-20 18:07:54,357 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [976518282] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:54,357 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:54,357 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:07:54,358 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [987348379] [2022-02-20 18:07:54,358 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:54,358 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:54,358 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:54,359 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:54,400 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:54,400 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:07:54,400 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:54,401 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:07:54,401 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:07:54,401 INFO L87 Difference]: Start difference. First operand 121 states and 158 transitions. Second operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:54,710 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:54,710 INFO L93 Difference]: Finished difference Result 345 states and 459 transitions. [2022-02-20 18:07:54,710 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:07:54,711 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 34 [2022-02-20 18:07:54,711 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:54,711 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:54,714 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 245 transitions. [2022-02-20 18:07:54,714 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:54,717 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 245 transitions. [2022-02-20 18:07:54,717 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 245 transitions. [2022-02-20 18:07:54,872 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 245 edges. 245 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:54,876 INFO L225 Difference]: With dead ends: 345 [2022-02-20 18:07:54,876 INFO L226 Difference]: Without dead ends: 232 [2022-02-20 18:07:54,877 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 35 GetRequests, 29 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=18, Invalid=38, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:07:54,877 INFO L933 BasicCegarLoop]: 91 mSDtfsCounter, 54 mSDsluCounter, 314 mSDsCounter, 0 mSdLazyCounter, 34 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 57 SdHoareTripleChecker+Valid, 405 SdHoareTripleChecker+Invalid, 38 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 34 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:54,878 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [57 Valid, 405 Invalid, 38 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 34 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:54,878 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 232 states. [2022-02-20 18:07:54,894 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 232 to 226. [2022-02-20 18:07:54,894 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:54,894 INFO L82 GeneralOperation]: Start isEquivalent. First operand 232 states. Second operand has 226 states, 177 states have (on average 1.3389830508474576) internal successors, (237), 194 states have internal predecessors, (237), 28 states have call successors, (28), 20 states have call predecessors, (28), 20 states have return successors, (30), 24 states have call predecessors, (30), 28 states have call successors, (30) [2022-02-20 18:07:54,895 INFO L74 IsIncluded]: Start isIncluded. First operand 232 states. Second operand has 226 states, 177 states have (on average 1.3389830508474576) internal successors, (237), 194 states have internal predecessors, (237), 28 states have call successors, (28), 20 states have call predecessors, (28), 20 states have return successors, (30), 24 states have call predecessors, (30), 28 states have call successors, (30) [2022-02-20 18:07:54,896 INFO L87 Difference]: Start difference. First operand 232 states. Second operand has 226 states, 177 states have (on average 1.3389830508474576) internal successors, (237), 194 states have internal predecessors, (237), 28 states have call successors, (28), 20 states have call predecessors, (28), 20 states have return successors, (30), 24 states have call predecessors, (30), 28 states have call successors, (30) [2022-02-20 18:07:54,901 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:54,901 INFO L93 Difference]: Finished difference Result 232 states and 301 transitions. [2022-02-20 18:07:54,901 INFO L276 IsEmpty]: Start isEmpty. Operand 232 states and 301 transitions. [2022-02-20 18:07:54,902 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:54,902 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:54,902 INFO L74 IsIncluded]: Start isIncluded. First operand has 226 states, 177 states have (on average 1.3389830508474576) internal successors, (237), 194 states have internal predecessors, (237), 28 states have call successors, (28), 20 states have call predecessors, (28), 20 states have return successors, (30), 24 states have call predecessors, (30), 28 states have call successors, (30) Second operand 232 states. [2022-02-20 18:07:54,903 INFO L87 Difference]: Start difference. First operand has 226 states, 177 states have (on average 1.3389830508474576) internal successors, (237), 194 states have internal predecessors, (237), 28 states have call successors, (28), 20 states have call predecessors, (28), 20 states have return successors, (30), 24 states have call predecessors, (30), 28 states have call successors, (30) Second operand 232 states. [2022-02-20 18:07:54,908 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:54,908 INFO L93 Difference]: Finished difference Result 232 states and 301 transitions. [2022-02-20 18:07:54,908 INFO L276 IsEmpty]: Start isEmpty. Operand 232 states and 301 transitions. [2022-02-20 18:07:54,909 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:54,909 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:54,909 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:54,909 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:54,910 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 226 states, 177 states have (on average 1.3389830508474576) internal successors, (237), 194 states have internal predecessors, (237), 28 states have call successors, (28), 20 states have call predecessors, (28), 20 states have return successors, (30), 24 states have call predecessors, (30), 28 states have call successors, (30) [2022-02-20 18:07:54,915 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 226 states to 226 states and 295 transitions. [2022-02-20 18:07:54,915 INFO L78 Accepts]: Start accepts. Automaton has 226 states and 295 transitions. Word has length 34 [2022-02-20 18:07:54,915 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:54,915 INFO L470 AbstractCegarLoop]: Abstraction has 226 states and 295 transitions. [2022-02-20 18:07:54,915 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 5.166666666666667) internal successors, (31), 4 states have internal predecessors, (31), 1 states have call successors, (2), 1 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:07:54,916 INFO L276 IsEmpty]: Start isEmpty. Operand 226 states and 295 transitions. [2022-02-20 18:07:54,916 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:07:54,916 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:54,916 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:54,925 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (5)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:55,123 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 5 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:55,124 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:55,124 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:55,124 INFO L85 PathProgramCache]: Analyzing trace with hash 857149899, now seen corresponding path program 1 times [2022-02-20 18:07:55,124 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:55,124 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [289567744] [2022-02-20 18:07:55,125 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:55,125 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:55,125 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:55,126 INFO L229 MonitoredProcess]: Starting monitored process 6 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:55,127 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Waiting until timeout for monitored process [2022-02-20 18:07:55,163 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:55,165 INFO L263 TraceCheckSpWp]: Trace formula consists of 168 conjuncts, 7 conjunts are in the unsatisfiable core [2022-02-20 18:07:55,175 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:55,176 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:55,299 INFO L290 TraceCheckUtils]: 0: Hoare triple {3320#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,300 INFO L290 TraceCheckUtils]: 1: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,301 INFO L290 TraceCheckUtils]: 2: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,311 INFO L290 TraceCheckUtils]: 3: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,311 INFO L290 TraceCheckUtils]: 4: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,311 INFO L290 TraceCheckUtils]: 5: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,312 INFO L290 TraceCheckUtils]: 6: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,312 INFO L290 TraceCheckUtils]: 7: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,312 INFO L290 TraceCheckUtils]: 8: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume !false; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,313 INFO L290 TraceCheckUtils]: 9: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,313 INFO L290 TraceCheckUtils]: 10: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,313 INFO L290 TraceCheckUtils]: 11: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp~0#1); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,314 INFO L290 TraceCheckUtils]: 12: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,314 INFO L290 TraceCheckUtils]: 13: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___0~0#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,314 INFO L272 TraceCheckUtils]: 14: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} call changeMethaneLevel(); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,315 INFO L290 TraceCheckUtils]: 15: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,315 INFO L290 TraceCheckUtils]: 16: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume true; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,315 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {3325#(= (_ bv0 32) ~pumpRunning~0)} {3325#(= (_ bv0 32) ~pumpRunning~0)} #244#return; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,316 INFO L290 TraceCheckUtils]: 18: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,316 INFO L290 TraceCheckUtils]: 19: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,316 INFO L290 TraceCheckUtils]: 20: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,317 INFO L290 TraceCheckUtils]: 21: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,317 INFO L290 TraceCheckUtils]: 22: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} ~systemActive~0 := 0bv32; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,317 INFO L290 TraceCheckUtils]: 23: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume { :end_inline_stopSystem } true; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,318 INFO L272 TraceCheckUtils]: 24: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} call timeShift(); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,318 INFO L290 TraceCheckUtils]: 25: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~pumpRunning~0); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,318 INFO L290 TraceCheckUtils]: 26: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume !(0bv32 != ~systemActive~0); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,319 INFO L290 TraceCheckUtils]: 27: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,319 INFO L272 TraceCheckUtils]: 28: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,319 INFO L290 TraceCheckUtils]: 29: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,320 INFO L290 TraceCheckUtils]: 30: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume true; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,320 INFO L284 TraceCheckUtils]: 31: Hoare quadruple {3325#(= (_ bv0 32) ~pumpRunning~0)} {3325#(= (_ bv0 32) ~pumpRunning~0)} #240#return; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,320 INFO L290 TraceCheckUtils]: 32: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {3325#(= (_ bv0 32) ~pumpRunning~0)} is VALID [2022-02-20 18:07:55,321 INFO L290 TraceCheckUtils]: 33: Hoare triple {3325#(= (_ bv0 32) ~pumpRunning~0)} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {3425#(= |timeShift_isPumpRunning_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:07:55,321 INFO L290 TraceCheckUtils]: 34: Hoare triple {3425#(= |timeShift_isPumpRunning_#res#1| (_ bv0 32))} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {3429#(= (_ bv0 32) |timeShift___utac_acc__Specification2_spec__2_~tmp___0~2#1|)} is VALID [2022-02-20 18:07:55,322 INFO L290 TraceCheckUtils]: 35: Hoare triple {3429#(= (_ bv0 32) |timeShift___utac_acc__Specification2_spec__2_~tmp___0~2#1|)} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {3321#false} is VALID [2022-02-20 18:07:55,322 INFO L290 TraceCheckUtils]: 36: Hoare triple {3321#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {3321#false} is VALID [2022-02-20 18:07:55,322 INFO L290 TraceCheckUtils]: 37: Hoare triple {3321#false} assume !false; {3321#false} is VALID [2022-02-20 18:07:55,322 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:55,322 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:55,322 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:55,323 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [289567744] [2022-02-20 18:07:55,323 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [289567744] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:55,323 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:55,323 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:07:55,323 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1022309880] [2022-02-20 18:07:55,323 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:55,324 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 38 [2022-02-20 18:07:55,324 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:55,324 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:55,350 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 38 edges. 38 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:55,351 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:07:55,351 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:55,351 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:07:55,351 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:55,351 INFO L87 Difference]: Start difference. First operand 226 states and 295 transitions. Second operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:55,632 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:55,632 INFO L93 Difference]: Finished difference Result 604 states and 798 transitions. [2022-02-20 18:07:55,632 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:55,633 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) Word has length 38 [2022-02-20 18:07:55,633 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:55,633 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:55,635 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 228 transitions. [2022-02-20 18:07:55,636 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:55,638 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 228 transitions. [2022-02-20 18:07:55,638 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 228 transitions. [2022-02-20 18:07:55,797 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 228 edges. 228 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:55,807 INFO L225 Difference]: With dead ends: 604 [2022-02-20 18:07:55,807 INFO L226 Difference]: Without dead ends: 386 [2022-02-20 18:07:55,808 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 39 GetRequests, 34 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:07:55,809 INFO L933 BasicCegarLoop]: 91 mSDtfsCounter, 50 mSDsluCounter, 236 mSDsCounter, 0 mSdLazyCounter, 22 mSolverCounterSat, 8 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 50 SdHoareTripleChecker+Valid, 327 SdHoareTripleChecker+Invalid, 30 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 8 IncrementalHoareTripleChecker+Valid, 22 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:55,809 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [50 Valid, 327 Invalid, 30 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [8 Valid, 22 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:55,810 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 386 states. [2022-02-20 18:07:55,824 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 386 to 374. [2022-02-20 18:07:55,824 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:55,825 INFO L82 GeneralOperation]: Start isEquivalent. First operand 386 states. Second operand has 374 states, 289 states have (on average 1.2975778546712802) internal successors, (375), 314 states have internal predecessors, (375), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:55,826 INFO L74 IsIncluded]: Start isIncluded. First operand 386 states. Second operand has 374 states, 289 states have (on average 1.2975778546712802) internal successors, (375), 314 states have internal predecessors, (375), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:55,826 INFO L87 Difference]: Start difference. First operand 386 states. Second operand has 374 states, 289 states have (on average 1.2975778546712802) internal successors, (375), 314 states have internal predecessors, (375), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:55,836 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:55,836 INFO L93 Difference]: Finished difference Result 386 states and 491 transitions. [2022-02-20 18:07:55,836 INFO L276 IsEmpty]: Start isEmpty. Operand 386 states and 491 transitions. [2022-02-20 18:07:55,837 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:55,838 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:55,838 INFO L74 IsIncluded]: Start isIncluded. First operand has 374 states, 289 states have (on average 1.2975778546712802) internal successors, (375), 314 states have internal predecessors, (375), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) Second operand 386 states. [2022-02-20 18:07:55,839 INFO L87 Difference]: Start difference. First operand has 374 states, 289 states have (on average 1.2975778546712802) internal successors, (375), 314 states have internal predecessors, (375), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) Second operand 386 states. [2022-02-20 18:07:55,849 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:55,849 INFO L93 Difference]: Finished difference Result 386 states and 491 transitions. [2022-02-20 18:07:55,850 INFO L276 IsEmpty]: Start isEmpty. Operand 386 states and 491 transitions. [2022-02-20 18:07:55,850 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:55,851 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:55,851 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:55,851 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:55,852 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 374 states, 289 states have (on average 1.2975778546712802) internal successors, (375), 314 states have internal predecessors, (375), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:55,862 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 374 states to 374 states and 475 transitions. [2022-02-20 18:07:55,862 INFO L78 Accepts]: Start accepts. Automaton has 374 states and 475 transitions. Word has length 38 [2022-02-20 18:07:55,862 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:55,862 INFO L470 AbstractCegarLoop]: Abstraction has 374 states and 475 transitions. [2022-02-20 18:07:55,862 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 6.6) internal successors, (33), 4 states have internal predecessors, (33), 1 states have call successors, (3), 1 states have call predecessors, (3), 1 states have return successors, (2), 1 states have call predecessors, (2), 1 states have call successors, (2) [2022-02-20 18:07:55,862 INFO L276 IsEmpty]: Start isEmpty. Operand 374 states and 475 transitions. [2022-02-20 18:07:55,863 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2022-02-20 18:07:55,863 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:55,863 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:55,872 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (6)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:56,070 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 6 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:56,071 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:56,071 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:56,071 INFO L85 PathProgramCache]: Analyzing trace with hash 851298230, now seen corresponding path program 1 times [2022-02-20 18:07:56,072 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:56,072 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1886142190] [2022-02-20 18:07:56,072 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:56,072 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:56,072 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:56,073 INFO L229 MonitoredProcess]: Starting monitored process 7 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:56,074 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Waiting until timeout for monitored process [2022-02-20 18:07:56,115 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:56,117 INFO L263 TraceCheckSpWp]: Trace formula consists of 191 conjuncts, 5 conjunts are in the unsatisfiable core [2022-02-20 18:07:56,128 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:56,129 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:56,226 INFO L290 TraceCheckUtils]: 0: Hoare triple {5594#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {5594#true} is VALID [2022-02-20 18:07:56,226 INFO L290 TraceCheckUtils]: 1: Hoare triple {5594#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {5594#true} is VALID [2022-02-20 18:07:56,226 INFO L290 TraceCheckUtils]: 2: Hoare triple {5594#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5594#true} is VALID [2022-02-20 18:07:56,227 INFO L290 TraceCheckUtils]: 3: Hoare triple {5594#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {5594#true} is VALID [2022-02-20 18:07:56,227 INFO L290 TraceCheckUtils]: 4: Hoare triple {5594#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {5594#true} is VALID [2022-02-20 18:07:56,227 INFO L290 TraceCheckUtils]: 5: Hoare triple {5594#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {5594#true} is VALID [2022-02-20 18:07:56,227 INFO L290 TraceCheckUtils]: 6: Hoare triple {5594#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {5594#true} is VALID [2022-02-20 18:07:56,227 INFO L290 TraceCheckUtils]: 7: Hoare triple {5594#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {5594#true} is VALID [2022-02-20 18:07:56,227 INFO L290 TraceCheckUtils]: 8: Hoare triple {5594#true} assume !false; {5594#true} is VALID [2022-02-20 18:07:56,227 INFO L290 TraceCheckUtils]: 9: Hoare triple {5594#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L290 TraceCheckUtils]: 10: Hoare triple {5594#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L290 TraceCheckUtils]: 11: Hoare triple {5594#true} assume !(0bv32 != test_~tmp~0#1); {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L290 TraceCheckUtils]: 12: Hoare triple {5594#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L290 TraceCheckUtils]: 13: Hoare triple {5594#true} assume 0bv32 != test_~tmp___0~0#1; {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L272 TraceCheckUtils]: 14: Hoare triple {5594#true} call changeMethaneLevel(); {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L290 TraceCheckUtils]: 15: Hoare triple {5594#true} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L290 TraceCheckUtils]: 16: Hoare triple {5594#true} assume true; {5594#true} is VALID [2022-02-20 18:07:56,228 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {5594#true} {5594#true} #244#return; {5594#true} is VALID [2022-02-20 18:07:56,229 INFO L290 TraceCheckUtils]: 18: Hoare triple {5594#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {5594#true} is VALID [2022-02-20 18:07:56,229 INFO L290 TraceCheckUtils]: 19: Hoare triple {5594#true} assume 0bv32 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1bv32; {5594#true} is VALID [2022-02-20 18:07:56,229 INFO L290 TraceCheckUtils]: 20: Hoare triple {5594#true} assume { :end_inline_startSystem } true; {5594#true} is VALID [2022-02-20 18:07:56,229 INFO L272 TraceCheckUtils]: 21: Hoare triple {5594#true} call timeShift(); {5594#true} is VALID [2022-02-20 18:07:56,229 INFO L290 TraceCheckUtils]: 22: Hoare triple {5594#true} assume !(0bv32 != ~pumpRunning~0); {5594#true} is VALID [2022-02-20 18:07:56,229 INFO L290 TraceCheckUtils]: 23: Hoare triple {5594#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {5594#true} is VALID [2022-02-20 18:07:56,229 INFO L290 TraceCheckUtils]: 24: Hoare triple {5594#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {5594#true} is VALID [2022-02-20 18:07:56,230 INFO L290 TraceCheckUtils]: 25: Hoare triple {5594#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~8#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {5594#true} is VALID [2022-02-20 18:07:56,230 INFO L290 TraceCheckUtils]: 26: Hoare triple {5594#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {5594#true} is VALID [2022-02-20 18:07:56,230 INFO L290 TraceCheckUtils]: 27: Hoare triple {5594#true} assume 0bv32 != isHighWaterLevel_~tmp~3#1;isHighWaterLevel_~tmp___0~1#1 := 0bv32; {5680#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~1#1|)} is VALID [2022-02-20 18:07:56,231 INFO L290 TraceCheckUtils]: 28: Hoare triple {5680#(= (_ bv0 32) |timeShift_isHighWaterLevel_~tmp___0~1#1|)} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {5684#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} is VALID [2022-02-20 18:07:56,231 INFO L290 TraceCheckUtils]: 29: Hoare triple {5684#(= |timeShift_isHighWaterLevel_#res#1| (_ bv0 32))} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {5688#(= |timeShift_processEnvironment_~tmp~1#1| (_ bv0 32))} is VALID [2022-02-20 18:07:56,231 INFO L290 TraceCheckUtils]: 30: Hoare triple {5688#(= |timeShift_processEnvironment_~tmp~1#1| (_ bv0 32))} assume 0bv32 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {5595#false} is VALID [2022-02-20 18:07:56,231 INFO L272 TraceCheckUtils]: 31: Hoare triple {5595#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {5595#false} is VALID [2022-02-20 18:07:56,232 INFO L290 TraceCheckUtils]: 32: Hoare triple {5595#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {5595#false} is VALID [2022-02-20 18:07:56,232 INFO L290 TraceCheckUtils]: 33: Hoare triple {5595#false} assume true; {5595#false} is VALID [2022-02-20 18:07:56,232 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {5595#false} {5595#false} #234#return; {5595#false} is VALID [2022-02-20 18:07:56,232 INFO L290 TraceCheckUtils]: 35: Hoare triple {5595#false} isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {5595#false} is VALID [2022-02-20 18:07:56,232 INFO L290 TraceCheckUtils]: 36: Hoare triple {5595#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {5595#false} is VALID [2022-02-20 18:07:56,232 INFO L290 TraceCheckUtils]: 37: Hoare triple {5595#false} assume !(0bv32 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {5595#false} is VALID [2022-02-20 18:07:56,232 INFO L290 TraceCheckUtils]: 38: Hoare triple {5595#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L290 TraceCheckUtils]: 39: Hoare triple {5595#false} assume { :end_inline_activatePump } true; {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L290 TraceCheckUtils]: 40: Hoare triple {5595#false} assume { :end_inline_processEnvironment } true; {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L290 TraceCheckUtils]: 41: Hoare triple {5595#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L272 TraceCheckUtils]: 42: Hoare triple {5595#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L290 TraceCheckUtils]: 43: Hoare triple {5595#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L290 TraceCheckUtils]: 44: Hoare triple {5595#false} assume true; {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {5595#false} {5595#false} #240#return; {5595#false} is VALID [2022-02-20 18:07:56,233 INFO L290 TraceCheckUtils]: 46: Hoare triple {5595#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {5595#false} is VALID [2022-02-20 18:07:56,234 INFO L290 TraceCheckUtils]: 47: Hoare triple {5595#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {5595#false} is VALID [2022-02-20 18:07:56,234 INFO L290 TraceCheckUtils]: 48: Hoare triple {5595#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {5595#false} is VALID [2022-02-20 18:07:56,234 INFO L290 TraceCheckUtils]: 49: Hoare triple {5595#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {5595#false} is VALID [2022-02-20 18:07:56,234 INFO L290 TraceCheckUtils]: 50: Hoare triple {5595#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {5595#false} is VALID [2022-02-20 18:07:56,234 INFO L290 TraceCheckUtils]: 51: Hoare triple {5595#false} assume !false; {5595#false} is VALID [2022-02-20 18:07:56,234 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:56,234 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:56,235 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:56,235 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1886142190] [2022-02-20 18:07:56,235 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1886142190] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:56,235 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:56,235 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:07:56,235 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1015540171] [2022-02-20 18:07:56,235 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:56,236 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:56,236 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:56,236 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:56,267 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:56,267 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:07:56,267 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:56,268 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:07:56,268 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:56,268 INFO L87 Difference]: Start difference. First operand 374 states and 475 transitions. Second operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:56,552 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:56,553 INFO L93 Difference]: Finished difference Result 828 states and 1074 transitions. [2022-02-20 18:07:56,553 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:07:56,553 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:56,553 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:56,553 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:56,555 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 197 transitions. [2022-02-20 18:07:56,555 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:56,556 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 197 transitions. [2022-02-20 18:07:56,557 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 197 transitions. [2022-02-20 18:07:56,688 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 197 edges. 197 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:56,700 INFO L225 Difference]: With dead ends: 828 [2022-02-20 18:07:56,700 INFO L226 Difference]: Without dead ends: 462 [2022-02-20 18:07:56,701 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 53 GetRequests, 48 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:07:56,702 INFO L933 BasicCegarLoop]: 100 mSDtfsCounter, 39 mSDsluCounter, 272 mSDsCounter, 0 mSdLazyCounter, 13 mSolverCounterSat, 7 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 41 SdHoareTripleChecker+Valid, 372 SdHoareTripleChecker+Invalid, 20 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 7 IncrementalHoareTripleChecker+Valid, 13 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:56,702 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [41 Valid, 372 Invalid, 20 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [7 Valid, 13 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:56,703 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 462 states. [2022-02-20 18:07:56,716 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 462 to 386. [2022-02-20 18:07:56,716 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:56,717 INFO L82 GeneralOperation]: Start isEquivalent. First operand 462 states. Second operand has 386 states, 301 states have (on average 1.2857142857142858) internal successors, (387), 326 states have internal predecessors, (387), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:56,717 INFO L74 IsIncluded]: Start isIncluded. First operand 462 states. Second operand has 386 states, 301 states have (on average 1.2857142857142858) internal successors, (387), 326 states have internal predecessors, (387), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:56,718 INFO L87 Difference]: Start difference. First operand 462 states. Second operand has 386 states, 301 states have (on average 1.2857142857142858) internal successors, (387), 326 states have internal predecessors, (387), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:56,729 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:56,730 INFO L93 Difference]: Finished difference Result 462 states and 587 transitions. [2022-02-20 18:07:56,730 INFO L276 IsEmpty]: Start isEmpty. Operand 462 states and 587 transitions. [2022-02-20 18:07:56,731 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:56,731 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:56,732 INFO L74 IsIncluded]: Start isIncluded. First operand has 386 states, 301 states have (on average 1.2857142857142858) internal successors, (387), 326 states have internal predecessors, (387), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) Second operand 462 states. [2022-02-20 18:07:56,732 INFO L87 Difference]: Start difference. First operand has 386 states, 301 states have (on average 1.2857142857142858) internal successors, (387), 326 states have internal predecessors, (387), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) Second operand 462 states. [2022-02-20 18:07:56,743 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:56,743 INFO L93 Difference]: Finished difference Result 462 states and 587 transitions. [2022-02-20 18:07:56,743 INFO L276 IsEmpty]: Start isEmpty. Operand 462 states and 587 transitions. [2022-02-20 18:07:56,744 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:56,745 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:56,745 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:56,745 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:56,746 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 386 states, 301 states have (on average 1.2857142857142858) internal successors, (387), 326 states have internal predecessors, (387), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:56,755 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 386 states to 386 states and 487 transitions. [2022-02-20 18:07:56,755 INFO L78 Accepts]: Start accepts. Automaton has 386 states and 487 transitions. Word has length 52 [2022-02-20 18:07:56,755 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:56,756 INFO L470 AbstractCegarLoop]: Abstraction has 386 states and 487 transitions. [2022-02-20 18:07:56,756 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 8.6) internal successors, (43), 5 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:56,756 INFO L276 IsEmpty]: Start isEmpty. Operand 386 states and 487 transitions. [2022-02-20 18:07:56,757 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2022-02-20 18:07:56,757 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:56,757 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:56,766 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (7)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:56,964 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 7 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:56,964 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:56,965 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:56,965 INFO L85 PathProgramCache]: Analyzing trace with hash 991846840, now seen corresponding path program 1 times [2022-02-20 18:07:56,965 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:56,965 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [415785734] [2022-02-20 18:07:56,965 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:56,966 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:56,966 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:56,968 INFO L229 MonitoredProcess]: Starting monitored process 8 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:56,969 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Waiting until timeout for monitored process [2022-02-20 18:07:57,010 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:57,012 INFO L263 TraceCheckSpWp]: Trace formula consists of 191 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:07:57,022 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:57,023 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:57,152 INFO L290 TraceCheckUtils]: 0: Hoare triple {8390#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {8390#true} is VALID [2022-02-20 18:07:57,153 INFO L290 TraceCheckUtils]: 1: Hoare triple {8390#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {8390#true} is VALID [2022-02-20 18:07:57,153 INFO L290 TraceCheckUtils]: 2: Hoare triple {8390#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {8390#true} is VALID [2022-02-20 18:07:57,153 INFO L290 TraceCheckUtils]: 3: Hoare triple {8390#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {8390#true} is VALID [2022-02-20 18:07:57,153 INFO L290 TraceCheckUtils]: 4: Hoare triple {8390#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {8390#true} is VALID [2022-02-20 18:07:57,153 INFO L290 TraceCheckUtils]: 5: Hoare triple {8390#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {8390#true} is VALID [2022-02-20 18:07:57,153 INFO L290 TraceCheckUtils]: 6: Hoare triple {8390#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {8390#true} is VALID [2022-02-20 18:07:57,154 INFO L290 TraceCheckUtils]: 7: Hoare triple {8390#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {8390#true} is VALID [2022-02-20 18:07:57,154 INFO L290 TraceCheckUtils]: 8: Hoare triple {8390#true} assume !false; {8390#true} is VALID [2022-02-20 18:07:57,154 INFO L290 TraceCheckUtils]: 9: Hoare triple {8390#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {8390#true} is VALID [2022-02-20 18:07:57,154 INFO L290 TraceCheckUtils]: 10: Hoare triple {8390#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {8390#true} is VALID [2022-02-20 18:07:57,154 INFO L290 TraceCheckUtils]: 11: Hoare triple {8390#true} assume !(0bv32 != test_~tmp~0#1); {8390#true} is VALID [2022-02-20 18:07:57,154 INFO L290 TraceCheckUtils]: 12: Hoare triple {8390#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {8390#true} is VALID [2022-02-20 18:07:57,154 INFO L290 TraceCheckUtils]: 13: Hoare triple {8390#true} assume 0bv32 != test_~tmp___0~0#1; {8390#true} is VALID [2022-02-20 18:07:57,155 INFO L272 TraceCheckUtils]: 14: Hoare triple {8390#true} call changeMethaneLevel(); {8390#true} is VALID [2022-02-20 18:07:57,155 INFO L290 TraceCheckUtils]: 15: Hoare triple {8390#true} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {8390#true} is VALID [2022-02-20 18:07:57,155 INFO L290 TraceCheckUtils]: 16: Hoare triple {8390#true} assume true; {8390#true} is VALID [2022-02-20 18:07:57,155 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {8390#true} {8390#true} #244#return; {8390#true} is VALID [2022-02-20 18:07:57,155 INFO L290 TraceCheckUtils]: 18: Hoare triple {8390#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {8390#true} is VALID [2022-02-20 18:07:57,155 INFO L290 TraceCheckUtils]: 19: Hoare triple {8390#true} assume 0bv32 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1bv32; {8390#true} is VALID [2022-02-20 18:07:57,155 INFO L290 TraceCheckUtils]: 20: Hoare triple {8390#true} assume { :end_inline_startSystem } true; {8390#true} is VALID [2022-02-20 18:07:57,156 INFO L272 TraceCheckUtils]: 21: Hoare triple {8390#true} call timeShift(); {8390#true} is VALID [2022-02-20 18:07:57,156 INFO L290 TraceCheckUtils]: 22: Hoare triple {8390#true} assume !(0bv32 != ~pumpRunning~0); {8390#true} is VALID [2022-02-20 18:07:57,156 INFO L290 TraceCheckUtils]: 23: Hoare triple {8390#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {8390#true} is VALID [2022-02-20 18:07:57,156 INFO L290 TraceCheckUtils]: 24: Hoare triple {8390#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {8390#true} is VALID [2022-02-20 18:07:57,157 INFO L290 TraceCheckUtils]: 25: Hoare triple {8390#true} assume ~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~8#1 := 1bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {8470#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} is VALID [2022-02-20 18:07:57,157 INFO L290 TraceCheckUtils]: 26: Hoare triple {8470#(= (_ bv1 32) |timeShift_isHighWaterSensorDry_#res#1|)} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {8474#(= |timeShift_isHighWaterLevel_~tmp~3#1| (_ bv1 32))} is VALID [2022-02-20 18:07:57,158 INFO L290 TraceCheckUtils]: 27: Hoare triple {8474#(= |timeShift_isHighWaterLevel_~tmp~3#1| (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1bv32; {8391#false} is VALID [2022-02-20 18:07:57,158 INFO L290 TraceCheckUtils]: 28: Hoare triple {8391#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {8391#false} is VALID [2022-02-20 18:07:57,158 INFO L290 TraceCheckUtils]: 29: Hoare triple {8391#false} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {8391#false} is VALID [2022-02-20 18:07:57,158 INFO L290 TraceCheckUtils]: 30: Hoare triple {8391#false} assume 0bv32 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {8391#false} is VALID [2022-02-20 18:07:57,158 INFO L272 TraceCheckUtils]: 31: Hoare triple {8391#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {8391#false} is VALID [2022-02-20 18:07:57,158 INFO L290 TraceCheckUtils]: 32: Hoare triple {8391#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {8391#false} is VALID [2022-02-20 18:07:57,158 INFO L290 TraceCheckUtils]: 33: Hoare triple {8391#false} assume true; {8391#false} is VALID [2022-02-20 18:07:57,159 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {8391#false} {8391#false} #234#return; {8391#false} is VALID [2022-02-20 18:07:57,159 INFO L290 TraceCheckUtils]: 35: Hoare triple {8391#false} isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {8391#false} is VALID [2022-02-20 18:07:57,159 INFO L290 TraceCheckUtils]: 36: Hoare triple {8391#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {8391#false} is VALID [2022-02-20 18:07:57,159 INFO L290 TraceCheckUtils]: 37: Hoare triple {8391#false} assume !(0bv32 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {8391#false} is VALID [2022-02-20 18:07:57,159 INFO L290 TraceCheckUtils]: 38: Hoare triple {8391#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {8391#false} is VALID [2022-02-20 18:07:57,159 INFO L290 TraceCheckUtils]: 39: Hoare triple {8391#false} assume { :end_inline_activatePump } true; {8391#false} is VALID [2022-02-20 18:07:57,160 INFO L290 TraceCheckUtils]: 40: Hoare triple {8391#false} assume { :end_inline_processEnvironment } true; {8391#false} is VALID [2022-02-20 18:07:57,160 INFO L290 TraceCheckUtils]: 41: Hoare triple {8391#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {8391#false} is VALID [2022-02-20 18:07:57,160 INFO L272 TraceCheckUtils]: 42: Hoare triple {8391#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {8391#false} is VALID [2022-02-20 18:07:57,160 INFO L290 TraceCheckUtils]: 43: Hoare triple {8391#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {8391#false} is VALID [2022-02-20 18:07:57,160 INFO L290 TraceCheckUtils]: 44: Hoare triple {8391#false} assume true; {8391#false} is VALID [2022-02-20 18:07:57,160 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {8391#false} {8391#false} #240#return; {8391#false} is VALID [2022-02-20 18:07:57,160 INFO L290 TraceCheckUtils]: 46: Hoare triple {8391#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {8391#false} is VALID [2022-02-20 18:07:57,161 INFO L290 TraceCheckUtils]: 47: Hoare triple {8391#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {8391#false} is VALID [2022-02-20 18:07:57,161 INFO L290 TraceCheckUtils]: 48: Hoare triple {8391#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {8391#false} is VALID [2022-02-20 18:07:57,161 INFO L290 TraceCheckUtils]: 49: Hoare triple {8391#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {8391#false} is VALID [2022-02-20 18:07:57,161 INFO L290 TraceCheckUtils]: 50: Hoare triple {8391#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {8391#false} is VALID [2022-02-20 18:07:57,161 INFO L290 TraceCheckUtils]: 51: Hoare triple {8391#false} assume !false; {8391#false} is VALID [2022-02-20 18:07:57,161 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:57,161 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:57,162 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:57,162 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [415785734] [2022-02-20 18:07:57,162 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [415785734] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:57,162 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:57,162 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:07:57,162 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1064466117] [2022-02-20 18:07:57,162 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:57,163 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.75) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:57,163 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:57,163 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 4 states, 4 states have (on average 10.75) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:57,201 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:57,201 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 4 states [2022-02-20 18:07:57,202 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:57,202 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 4 interpolants. [2022-02-20 18:07:57,202 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=5, Invalid=7, Unknown=0, NotChecked=0, Total=12 [2022-02-20 18:07:57,202 INFO L87 Difference]: Start difference. First operand 386 states and 487 transitions. Second operand has 4 states, 4 states have (on average 10.75) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:57,385 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:57,386 INFO L93 Difference]: Finished difference Result 824 states and 1060 transitions. [2022-02-20 18:07:57,386 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 4 states. [2022-02-20 18:07:57,386 INFO L78 Accepts]: Start accepts. Automaton has has 4 states, 4 states have (on average 10.75) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:57,386 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:57,386 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 10.75) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:57,388 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 187 transitions. [2022-02-20 18:07:57,388 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 4 states, 4 states have (on average 10.75) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:57,389 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 4 states to 4 states and 187 transitions. [2022-02-20 18:07:57,389 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 4 states and 187 transitions. [2022-02-20 18:07:57,534 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 187 edges. 187 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:57,545 INFO L225 Difference]: With dead ends: 824 [2022-02-20 18:07:57,545 INFO L226 Difference]: Without dead ends: 446 [2022-02-20 18:07:57,546 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 52 GetRequests, 49 SyntacticMatches, 0 SemanticMatches, 3 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=9, Invalid=11, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:07:57,547 INFO L933 BasicCegarLoop]: 98 mSDtfsCounter, 27 mSDsluCounter, 170 mSDsCounter, 0 mSdLazyCounter, 9 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 27 SdHoareTripleChecker+Valid, 268 SdHoareTripleChecker+Invalid, 13 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 9 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:57,547 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [27 Valid, 268 Invalid, 13 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 9 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:57,548 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 446 states. [2022-02-20 18:07:57,558 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 446 to 394. [2022-02-20 18:07:57,558 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:57,559 INFO L82 GeneralOperation]: Start isEquivalent. First operand 446 states. Second operand has 394 states, 309 states have (on average 1.27831715210356) internal successors, (395), 334 states have internal predecessors, (395), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:57,559 INFO L74 IsIncluded]: Start isIncluded. First operand 446 states. Second operand has 394 states, 309 states have (on average 1.27831715210356) internal successors, (395), 334 states have internal predecessors, (395), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:57,560 INFO L87 Difference]: Start difference. First operand 446 states. Second operand has 394 states, 309 states have (on average 1.27831715210356) internal successors, (395), 334 states have internal predecessors, (395), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:57,569 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:57,569 INFO L93 Difference]: Finished difference Result 446 states and 561 transitions. [2022-02-20 18:07:57,570 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 561 transitions. [2022-02-20 18:07:57,570 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:57,570 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:57,571 INFO L74 IsIncluded]: Start isIncluded. First operand has 394 states, 309 states have (on average 1.27831715210356) internal successors, (395), 334 states have internal predecessors, (395), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) Second operand 446 states. [2022-02-20 18:07:57,572 INFO L87 Difference]: Start difference. First operand has 394 states, 309 states have (on average 1.27831715210356) internal successors, (395), 334 states have internal predecessors, (395), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) Second operand 446 states. [2022-02-20 18:07:57,581 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:57,581 INFO L93 Difference]: Finished difference Result 446 states and 561 transitions. [2022-02-20 18:07:57,581 INFO L276 IsEmpty]: Start isEmpty. Operand 446 states and 561 transitions. [2022-02-20 18:07:57,582 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:57,582 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:57,582 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:57,582 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:57,583 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 394 states, 309 states have (on average 1.27831715210356) internal successors, (395), 334 states have internal predecessors, (395), 44 states have call successors, (44), 40 states have call predecessors, (44), 40 states have return successors, (56), 44 states have call predecessors, (56), 44 states have call successors, (56) [2022-02-20 18:07:57,592 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 394 states to 394 states and 495 transitions. [2022-02-20 18:07:57,592 INFO L78 Accepts]: Start accepts. Automaton has 394 states and 495 transitions. Word has length 52 [2022-02-20 18:07:57,592 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:57,592 INFO L470 AbstractCegarLoop]: Abstraction has 394 states and 495 transitions. [2022-02-20 18:07:57,593 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 4 states, 4 states have (on average 10.75) internal successors, (43), 4 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:57,593 INFO L276 IsEmpty]: Start isEmpty. Operand 394 states and 495 transitions. [2022-02-20 18:07:57,593 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 53 [2022-02-20 18:07:57,593 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:57,594 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:57,613 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (8)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:57,800 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 8 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:57,801 INFO L402 AbstractCegarLoop]: === Iteration 8 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:57,801 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:57,801 INFO L85 PathProgramCache]: Analyzing trace with hash -1379892422, now seen corresponding path program 1 times [2022-02-20 18:07:57,802 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:57,802 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1986103099] [2022-02-20 18:07:57,802 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:57,802 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:57,802 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:57,803 INFO L229 MonitoredProcess]: Starting monitored process 9 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:57,805 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Waiting until timeout for monitored process [2022-02-20 18:07:57,845 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:57,847 INFO L263 TraceCheckSpWp]: Trace formula consists of 191 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:07:57,858 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:57,859 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:57,964 INFO L290 TraceCheckUtils]: 0: Hoare triple {11157#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,967 INFO L290 TraceCheckUtils]: 1: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,968 INFO L290 TraceCheckUtils]: 2: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,968 INFO L290 TraceCheckUtils]: 3: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,968 INFO L290 TraceCheckUtils]: 4: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,969 INFO L290 TraceCheckUtils]: 5: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,969 INFO L290 TraceCheckUtils]: 6: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,969 INFO L290 TraceCheckUtils]: 7: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,969 INFO L290 TraceCheckUtils]: 8: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume !false; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,970 INFO L290 TraceCheckUtils]: 9: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,970 INFO L290 TraceCheckUtils]: 10: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,972 INFO L290 TraceCheckUtils]: 11: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != test_~tmp~0#1); {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,977 INFO L290 TraceCheckUtils]: 12: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,988 INFO L290 TraceCheckUtils]: 13: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp___0~0#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,989 INFO L272 TraceCheckUtils]: 14: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} call changeMethaneLevel(); {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,989 INFO L290 TraceCheckUtils]: 15: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,989 INFO L290 TraceCheckUtils]: 16: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume true; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,989 INFO L284 TraceCheckUtils]: 17: Hoare quadruple {11162#(= ~waterLevel~0 (_ bv1 32))} {11162#(= ~waterLevel~0 (_ bv1 32))} #244#return; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,990 INFO L290 TraceCheckUtils]: 18: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,990 INFO L290 TraceCheckUtils]: 19: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1bv32; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,990 INFO L290 TraceCheckUtils]: 20: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume { :end_inline_startSystem } true; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,990 INFO L272 TraceCheckUtils]: 21: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} call timeShift(); {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,991 INFO L290 TraceCheckUtils]: 22: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,991 INFO L290 TraceCheckUtils]: 23: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,991 INFO L290 TraceCheckUtils]: 24: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {11162#(= ~waterLevel~0 (_ bv1 32))} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 25: Hoare triple {11162#(= ~waterLevel~0 (_ bv1 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~8#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 26: Hoare triple {11158#false} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 27: Hoare triple {11158#false} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1bv32; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 28: Hoare triple {11158#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 29: Hoare triple {11158#false} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 30: Hoare triple {11158#false} assume 0bv32 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L272 TraceCheckUtils]: 31: Hoare triple {11158#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 32: Hoare triple {11158#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 33: Hoare triple {11158#false} assume true; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {11158#false} {11158#false} #234#return; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 35: Hoare triple {11158#false} isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 36: Hoare triple {11158#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 37: Hoare triple {11158#false} assume !(0bv32 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 38: Hoare triple {11158#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {11158#false} is VALID [2022-02-20 18:07:57,992 INFO L290 TraceCheckUtils]: 39: Hoare triple {11158#false} assume { :end_inline_activatePump } true; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 40: Hoare triple {11158#false} assume { :end_inline_processEnvironment } true; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 41: Hoare triple {11158#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L272 TraceCheckUtils]: 42: Hoare triple {11158#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 43: Hoare triple {11158#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 44: Hoare triple {11158#false} assume true; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {11158#false} {11158#false} #240#return; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 46: Hoare triple {11158#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 47: Hoare triple {11158#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 48: Hoare triple {11158#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 49: Hoare triple {11158#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 50: Hoare triple {11158#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L290 TraceCheckUtils]: 51: Hoare triple {11158#false} assume !false; {11158#false} is VALID [2022-02-20 18:07:57,993 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:07:57,993 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:57,994 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:57,994 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1986103099] [2022-02-20 18:07:57,994 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1986103099] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:57,994 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:57,994 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:07:57,994 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [875768992] [2022-02-20 18:07:57,994 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:57,994 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:57,994 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:57,995 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:58,034 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 50 edges. 50 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:58,034 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:07:58,035 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:58,036 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:07:58,036 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:58,036 INFO L87 Difference]: Start difference. First operand 394 states and 495 transitions. Second operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:58,274 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:58,275 INFO L93 Difference]: Finished difference Result 948 states and 1198 transitions. [2022-02-20 18:07:58,275 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:07:58,275 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) Word has length 52 [2022-02-20 18:07:58,275 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:58,275 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:58,277 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 223 transitions. [2022-02-20 18:07:58,277 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:58,279 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 223 transitions. [2022-02-20 18:07:58,279 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 223 transitions. [2022-02-20 18:07:58,479 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 223 edges. 223 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:58,509 INFO L225 Difference]: With dead ends: 948 [2022-02-20 18:07:58,509 INFO L226 Difference]: Without dead ends: 562 [2022-02-20 18:07:58,511 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 51 GetRequests, 50 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:07:58,529 INFO L933 BasicCegarLoop]: 90 mSDtfsCounter, 34 mSDsluCounter, 74 mSDsCounter, 0 mSdLazyCounter, 8 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 34 SdHoareTripleChecker+Valid, 164 SdHoareTripleChecker+Invalid, 9 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 8 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:07:58,529 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [34 Valid, 164 Invalid, 9 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 8 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:07:58,530 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 562 states. [2022-02-20 18:07:58,563 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 562 to 562. [2022-02-20 18:07:58,563 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:07:58,568 INFO L82 GeneralOperation]: Start isEquivalent. First operand 562 states. Second operand has 562 states, 441 states have (on average 1.2448979591836735) internal successors, (549), 470 states have internal predecessors, (549), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (78), 60 states have call predecessors, (78), 64 states have call successors, (78) [2022-02-20 18:07:58,569 INFO L74 IsIncluded]: Start isIncluded. First operand 562 states. Second operand has 562 states, 441 states have (on average 1.2448979591836735) internal successors, (549), 470 states have internal predecessors, (549), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (78), 60 states have call predecessors, (78), 64 states have call successors, (78) [2022-02-20 18:07:58,580 INFO L87 Difference]: Start difference. First operand 562 states. Second operand has 562 states, 441 states have (on average 1.2448979591836735) internal successors, (549), 470 states have internal predecessors, (549), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (78), 60 states have call predecessors, (78), 64 states have call successors, (78) [2022-02-20 18:07:58,615 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:58,615 INFO L93 Difference]: Finished difference Result 562 states and 691 transitions. [2022-02-20 18:07:58,615 INFO L276 IsEmpty]: Start isEmpty. Operand 562 states and 691 transitions. [2022-02-20 18:07:58,616 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:58,616 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:58,618 INFO L74 IsIncluded]: Start isIncluded. First operand has 562 states, 441 states have (on average 1.2448979591836735) internal successors, (549), 470 states have internal predecessors, (549), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (78), 60 states have call predecessors, (78), 64 states have call successors, (78) Second operand 562 states. [2022-02-20 18:07:58,632 INFO L87 Difference]: Start difference. First operand has 562 states, 441 states have (on average 1.2448979591836735) internal successors, (549), 470 states have internal predecessors, (549), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (78), 60 states have call predecessors, (78), 64 states have call successors, (78) Second operand 562 states. [2022-02-20 18:07:58,646 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:58,646 INFO L93 Difference]: Finished difference Result 562 states and 691 transitions. [2022-02-20 18:07:58,646 INFO L276 IsEmpty]: Start isEmpty. Operand 562 states and 691 transitions. [2022-02-20 18:07:58,647 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:07:58,647 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:07:58,663 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:07:58,663 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:07:58,664 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 562 states, 441 states have (on average 1.2448979591836735) internal successors, (549), 470 states have internal predecessors, (549), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (78), 60 states have call predecessors, (78), 64 states have call successors, (78) [2022-02-20 18:07:58,697 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 562 states to 562 states and 691 transitions. [2022-02-20 18:07:58,697 INFO L78 Accepts]: Start accepts. Automaton has 562 states and 691 transitions. Word has length 52 [2022-02-20 18:07:58,697 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:07:58,697 INFO L470 AbstractCegarLoop]: Abstraction has 562 states and 691 transitions. [2022-02-20 18:07:58,697 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 14.333333333333334) internal successors, (43), 2 states have internal predecessors, (43), 2 states have call successors, (4), 2 states have call predecessors, (4), 2 states have return successors, (3), 2 states have call predecessors, (3), 2 states have call successors, (3) [2022-02-20 18:07:58,697 INFO L276 IsEmpty]: Start isEmpty. Operand 562 states and 691 transitions. [2022-02-20 18:07:58,699 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 57 [2022-02-20 18:07:58,699 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:07:58,699 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:07:58,708 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (9)] Forceful destruction successful, exit code 0 [2022-02-20 18:07:58,899 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 9 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:07:58,900 INFO L402 AbstractCegarLoop]: === Iteration 9 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:07:58,901 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:07:58,901 INFO L85 PathProgramCache]: Analyzing trace with hash 420303764, now seen corresponding path program 1 times [2022-02-20 18:07:58,901 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:07:58,901 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [667578908] [2022-02-20 18:07:58,901 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:07:58,901 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:07:58,901 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:07:58,902 INFO L229 MonitoredProcess]: Starting monitored process 10 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:07:58,903 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Waiting until timeout for monitored process [2022-02-20 18:07:58,964 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:58,968 INFO L263 TraceCheckSpWp]: Trace formula consists of 198 conjuncts, 8 conjunts are in the unsatisfiable core [2022-02-20 18:07:58,978 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:07:58,980 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:07:59,201 INFO L290 TraceCheckUtils]: 0: Hoare triple {14559#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {14559#true} is VALID [2022-02-20 18:07:59,215 INFO L290 TraceCheckUtils]: 1: Hoare triple {14559#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {14559#true} is VALID [2022-02-20 18:07:59,215 INFO L290 TraceCheckUtils]: 2: Hoare triple {14559#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {14559#true} is VALID [2022-02-20 18:07:59,215 INFO L290 TraceCheckUtils]: 3: Hoare triple {14559#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {14559#true} is VALID [2022-02-20 18:07:59,215 INFO L290 TraceCheckUtils]: 4: Hoare triple {14559#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {14559#true} is VALID [2022-02-20 18:07:59,215 INFO L290 TraceCheckUtils]: 5: Hoare triple {14559#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {14559#true} is VALID [2022-02-20 18:07:59,215 INFO L290 TraceCheckUtils]: 6: Hoare triple {14559#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 7: Hoare triple {14559#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 8: Hoare triple {14559#true} assume !false; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 9: Hoare triple {14559#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 10: Hoare triple {14559#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 11: Hoare triple {14559#true} assume 0bv32 != test_~tmp~0#1; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L272 TraceCheckUtils]: 12: Hoare triple {14559#true} call waterRise(); {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 13: Hoare triple {14559#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 14: Hoare triple {14559#true} assume true; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {14559#true} {14559#true} #242#return; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 16: Hoare triple {14559#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L290 TraceCheckUtils]: 17: Hoare triple {14559#true} assume 0bv32 != test_~tmp___0~0#1; {14559#true} is VALID [2022-02-20 18:07:59,216 INFO L272 TraceCheckUtils]: 18: Hoare triple {14559#true} call changeMethaneLevel(); {14559#true} is VALID [2022-02-20 18:07:59,217 INFO L290 TraceCheckUtils]: 19: Hoare triple {14559#true} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,217 INFO L290 TraceCheckUtils]: 20: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume true; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,218 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} {14559#true} #244#return; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,218 INFO L290 TraceCheckUtils]: 22: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,218 INFO L290 TraceCheckUtils]: 23: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume 0bv32 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1bv32; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,218 INFO L290 TraceCheckUtils]: 24: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume { :end_inline_startSystem } true; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,219 INFO L272 TraceCheckUtils]: 25: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} call timeShift(); {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,220 INFO L290 TraceCheckUtils]: 26: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume !(0bv32 != ~pumpRunning~0); {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,220 INFO L290 TraceCheckUtils]: 27: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,220 INFO L290 TraceCheckUtils]: 28: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,221 INFO L290 TraceCheckUtils]: 29: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~8#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,221 INFO L290 TraceCheckUtils]: 30: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,221 INFO L290 TraceCheckUtils]: 31: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1bv32; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,222 INFO L290 TraceCheckUtils]: 32: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,222 INFO L290 TraceCheckUtils]: 33: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,222 INFO L290 TraceCheckUtils]: 34: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} assume 0bv32 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,223 INFO L272 TraceCheckUtils]: 35: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} is VALID [2022-02-20 18:07:59,224 INFO L290 TraceCheckUtils]: 36: Hoare triple {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {14673#(and (= ~methaneLevelCritical~0 (_ bv1 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} is VALID [2022-02-20 18:07:59,224 INFO L290 TraceCheckUtils]: 37: Hoare triple {14673#(and (= ~methaneLevelCritical~0 (_ bv1 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} assume true; {14673#(and (= ~methaneLevelCritical~0 (_ bv1 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} is VALID [2022-02-20 18:07:59,225 INFO L284 TraceCheckUtils]: 38: Hoare quadruple {14673#(and (= ~methaneLevelCritical~0 (_ bv1 32)) (= ~methaneLevelCritical~0 |isMethaneLevelCritical_#res|))} {14621#(= ~methaneLevelCritical~0 (_ bv1 32))} #234#return; {14680#(= (_ bv1 32) |timeShift_isMethaneAlarm_#t~ret10#1|)} is VALID [2022-02-20 18:07:59,225 INFO L290 TraceCheckUtils]: 39: Hoare triple {14680#(= (_ bv1 32) |timeShift_isMethaneAlarm_#t~ret10#1|)} isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {14684#(= |timeShift_isMethaneAlarm_#res#1| (_ bv1 32))} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 40: Hoare triple {14684#(= |timeShift_isMethaneAlarm_#res#1| (_ bv1 32))} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {14688#(= |timeShift_activatePump_~tmp~2#1| (_ bv1 32))} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 41: Hoare triple {14688#(= |timeShift_activatePump_~tmp~2#1| (_ bv1 32))} assume !(0bv32 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {14560#false} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 42: Hoare triple {14560#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {14560#false} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 43: Hoare triple {14560#false} assume { :end_inline_activatePump } true; {14560#false} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 44: Hoare triple {14560#false} assume { :end_inline_processEnvironment } true; {14560#false} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 45: Hoare triple {14560#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {14560#false} is VALID [2022-02-20 18:07:59,226 INFO L272 TraceCheckUtils]: 46: Hoare triple {14560#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {14560#false} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 47: Hoare triple {14560#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {14560#false} is VALID [2022-02-20 18:07:59,226 INFO L290 TraceCheckUtils]: 48: Hoare triple {14560#false} assume true; {14560#false} is VALID [2022-02-20 18:07:59,227 INFO L284 TraceCheckUtils]: 49: Hoare quadruple {14560#false} {14560#false} #240#return; {14560#false} is VALID [2022-02-20 18:07:59,227 INFO L290 TraceCheckUtils]: 50: Hoare triple {14560#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {14560#false} is VALID [2022-02-20 18:07:59,227 INFO L290 TraceCheckUtils]: 51: Hoare triple {14560#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {14560#false} is VALID [2022-02-20 18:07:59,227 INFO L290 TraceCheckUtils]: 52: Hoare triple {14560#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {14560#false} is VALID [2022-02-20 18:07:59,227 INFO L290 TraceCheckUtils]: 53: Hoare triple {14560#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {14560#false} is VALID [2022-02-20 18:07:59,227 INFO L290 TraceCheckUtils]: 54: Hoare triple {14560#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {14560#false} is VALID [2022-02-20 18:07:59,227 INFO L290 TraceCheckUtils]: 55: Hoare triple {14560#false} assume !false; {14560#false} is VALID [2022-02-20 18:07:59,228 INFO L134 CoverageAnalysis]: Checked inductivity of 3 backedges. 3 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:07:59,228 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:07:59,228 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:07:59,228 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [667578908] [2022-02-20 18:07:59,228 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [667578908] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:07:59,228 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:07:59,228 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:07:59,228 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1640472083] [2022-02-20 18:07:59,228 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:07:59,229 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 3 states have call successors, (5), 3 states have call predecessors, (5), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) Word has length 56 [2022-02-20 18:07:59,229 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:07:59,229 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 3 states have call successors, (5), 3 states have call predecessors, (5), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:07:59,288 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 56 edges. 56 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:07:59,288 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:07:59,288 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:07:59,288 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:07:59,288 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=12, Invalid=30, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:07:59,289 INFO L87 Difference]: Start difference. First operand 562 states and 691 transitions. Second operand has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 3 states have call successors, (5), 3 states have call predecessors, (5), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:07:59,932 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:07:59,933 INFO L93 Difference]: Finished difference Result 1132 states and 1398 transitions. [2022-02-20 18:07:59,933 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:07:59,933 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 3 states have call successors, (5), 3 states have call predecessors, (5), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) Word has length 56 [2022-02-20 18:07:59,933 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:07:59,933 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 3 states have call successors, (5), 3 states have call predecessors, (5), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:07:59,935 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 250 transitions. [2022-02-20 18:07:59,935 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 3 states have call successors, (5), 3 states have call predecessors, (5), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:07:59,937 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 250 transitions. [2022-02-20 18:07:59,937 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 250 transitions. [2022-02-20 18:08:00,112 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 250 edges. 250 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:08:00,129 INFO L225 Difference]: With dead ends: 1132 [2022-02-20 18:08:00,129 INFO L226 Difference]: Without dead ends: 578 [2022-02-20 18:08:00,154 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 58 GetRequests, 50 SyntacticMatches, 0 SemanticMatches, 8 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 5 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=26, Invalid=64, Unknown=0, NotChecked=0, Total=90 [2022-02-20 18:08:00,154 INFO L933 BasicCegarLoop]: 160 mSDtfsCounter, 79 mSDsluCounter, 588 mSDsCounter, 0 mSdLazyCounter, 53 mSolverCounterSat, 5 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 81 SdHoareTripleChecker+Valid, 748 SdHoareTripleChecker+Invalid, 58 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 5 IncrementalHoareTripleChecker+Valid, 53 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:08:00,154 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [81 Valid, 748 Invalid, 58 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [5 Valid, 53 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:08:00,155 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 578 states. [2022-02-20 18:08:00,168 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 578 to 558. [2022-02-20 18:08:00,168 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:08:00,169 INFO L82 GeneralOperation]: Start isEquivalent. First operand 578 states. Second operand has 558 states, 437 states have (on average 1.22883295194508) internal successors, (537), 464 states have internal predecessors, (537), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (70), 60 states have call predecessors, (70), 64 states have call successors, (70) [2022-02-20 18:08:00,169 INFO L74 IsIncluded]: Start isIncluded. First operand 578 states. Second operand has 558 states, 437 states have (on average 1.22883295194508) internal successors, (537), 464 states have internal predecessors, (537), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (70), 60 states have call predecessors, (70), 64 states have call successors, (70) [2022-02-20 18:08:00,170 INFO L87 Difference]: Start difference. First operand 578 states. Second operand has 558 states, 437 states have (on average 1.22883295194508) internal successors, (537), 464 states have internal predecessors, (537), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (70), 60 states have call predecessors, (70), 64 states have call successors, (70) [2022-02-20 18:08:00,182 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:00,183 INFO L93 Difference]: Finished difference Result 578 states and 697 transitions. [2022-02-20 18:08:00,183 INFO L276 IsEmpty]: Start isEmpty. Operand 578 states and 697 transitions. [2022-02-20 18:08:00,184 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:08:00,184 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:08:00,185 INFO L74 IsIncluded]: Start isIncluded. First operand has 558 states, 437 states have (on average 1.22883295194508) internal successors, (537), 464 states have internal predecessors, (537), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (70), 60 states have call predecessors, (70), 64 states have call successors, (70) Second operand 578 states. [2022-02-20 18:08:00,185 INFO L87 Difference]: Start difference. First operand has 558 states, 437 states have (on average 1.22883295194508) internal successors, (537), 464 states have internal predecessors, (537), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (70), 60 states have call predecessors, (70), 64 states have call successors, (70) Second operand 578 states. [2022-02-20 18:08:00,198 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:00,198 INFO L93 Difference]: Finished difference Result 578 states and 697 transitions. [2022-02-20 18:08:00,199 INFO L276 IsEmpty]: Start isEmpty. Operand 578 states and 697 transitions. [2022-02-20 18:08:00,199 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:08:00,200 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:08:00,200 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:08:00,200 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:08:00,201 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 558 states, 437 states have (on average 1.22883295194508) internal successors, (537), 464 states have internal predecessors, (537), 64 states have call successors, (64), 60 states have call predecessors, (64), 56 states have return successors, (70), 60 states have call predecessors, (70), 64 states have call successors, (70) [2022-02-20 18:08:00,216 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 558 states to 558 states and 671 transitions. [2022-02-20 18:08:00,217 INFO L78 Accepts]: Start accepts. Automaton has 558 states and 671 transitions. Word has length 56 [2022-02-20 18:08:00,217 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:08:00,217 INFO L470 AbstractCegarLoop]: Abstraction has 558 states and 671 transitions. [2022-02-20 18:08:00,217 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 6.714285714285714) internal successors, (47), 6 states have internal predecessors, (47), 3 states have call successors, (5), 3 states have call predecessors, (5), 4 states have return successors, (4), 4 states have call predecessors, (4), 3 states have call successors, (4) [2022-02-20 18:08:00,217 INFO L276 IsEmpty]: Start isEmpty. Operand 558 states and 671 transitions. [2022-02-20 18:08:00,218 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 84 [2022-02-20 18:08:00,218 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:08:00,218 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:08:00,241 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (10)] Forceful destruction successful, exit code 0 [2022-02-20 18:08:00,425 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 10 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:08:00,425 INFO L402 AbstractCegarLoop]: === Iteration 10 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:08:00,426 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:08:00,426 INFO L85 PathProgramCache]: Analyzing trace with hash 405499339, now seen corresponding path program 1 times [2022-02-20 18:08:00,426 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:08:00,426 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [2011745981] [2022-02-20 18:08:00,426 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:08:00,426 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:08:00,426 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:08:00,427 INFO L229 MonitoredProcess]: Starting monitored process 11 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:08:00,429 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Waiting until timeout for monitored process [2022-02-20 18:08:00,479 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:08:00,482 INFO L263 TraceCheckSpWp]: Trace formula consists of 237 conjuncts, 2 conjunts are in the unsatisfiable core [2022-02-20 18:08:00,494 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:08:00,495 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:08:00,649 INFO L290 TraceCheckUtils]: 0: Hoare triple {18261#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 1: Hoare triple {18261#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 2: Hoare triple {18261#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 3: Hoare triple {18261#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 4: Hoare triple {18261#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 5: Hoare triple {18261#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 6: Hoare triple {18261#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 7: Hoare triple {18261#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 8: Hoare triple {18261#true} assume !false; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 9: Hoare triple {18261#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 10: Hoare triple {18261#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 11: Hoare triple {18261#true} assume 0bv32 != test_~tmp~0#1; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L272 TraceCheckUtils]: 12: Hoare triple {18261#true} call waterRise(); {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 13: Hoare triple {18261#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L290 TraceCheckUtils]: 14: Hoare triple {18261#true} assume true; {18261#true} is VALID [2022-02-20 18:08:00,650 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {18261#true} {18261#true} #242#return; {18261#true} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 16: Hoare triple {18261#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {18261#true} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 17: Hoare triple {18261#true} assume !(0bv32 != test_~tmp___0~0#1); {18261#true} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 18: Hoare triple {18261#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {18261#true} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 19: Hoare triple {18261#true} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {18261#true} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 20: Hoare triple {18261#true} assume 0bv32 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {18261#true} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 21: Hoare triple {18261#true} assume !(0bv32 != ~pumpRunning~0); {18261#true} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 22: Hoare triple {18261#true} ~systemActive~0 := 0bv32; {18332#(= ~systemActive~0 (_ bv0 32))} is VALID [2022-02-20 18:08:00,651 INFO L290 TraceCheckUtils]: 23: Hoare triple {18332#(= ~systemActive~0 (_ bv0 32))} assume { :end_inline_stopSystem } true; {18332#(= ~systemActive~0 (_ bv0 32))} is VALID [2022-02-20 18:08:00,652 INFO L272 TraceCheckUtils]: 24: Hoare triple {18332#(= ~systemActive~0 (_ bv0 32))} call timeShift(); {18332#(= ~systemActive~0 (_ bv0 32))} is VALID [2022-02-20 18:08:00,652 INFO L290 TraceCheckUtils]: 25: Hoare triple {18332#(= ~systemActive~0 (_ bv0 32))} assume !(0bv32 != ~pumpRunning~0); {18332#(= ~systemActive~0 (_ bv0 32))} is VALID [2022-02-20 18:08:00,652 INFO L290 TraceCheckUtils]: 26: Hoare triple {18332#(= ~systemActive~0 (_ bv0 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {18262#false} is VALID [2022-02-20 18:08:00,655 INFO L290 TraceCheckUtils]: 27: Hoare triple {18262#false} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {18262#false} is VALID [2022-02-20 18:08:00,655 INFO L290 TraceCheckUtils]: 28: Hoare triple {18262#false} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~8#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {18262#false} is VALID [2022-02-20 18:08:00,655 INFO L290 TraceCheckUtils]: 29: Hoare triple {18262#false} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 30: Hoare triple {18262#false} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1bv32; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 31: Hoare triple {18262#false} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 32: Hoare triple {18262#false} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 33: Hoare triple {18262#false} assume 0bv32 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L272 TraceCheckUtils]: 34: Hoare triple {18262#false} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 35: Hoare triple {18262#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 36: Hoare triple {18262#false} assume true; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L284 TraceCheckUtils]: 37: Hoare quadruple {18262#false} {18262#false} #234#return; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 38: Hoare triple {18262#false} isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 39: Hoare triple {18262#false} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 40: Hoare triple {18262#false} assume !(0bv32 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 41: Hoare triple {18262#false} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 42: Hoare triple {18262#false} assume { :end_inline_activatePump } true; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 43: Hoare triple {18262#false} assume { :end_inline_processEnvironment } true; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L290 TraceCheckUtils]: 44: Hoare triple {18262#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {18262#false} is VALID [2022-02-20 18:08:00,656 INFO L272 TraceCheckUtils]: 45: Hoare triple {18262#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 46: Hoare triple {18262#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 47: Hoare triple {18262#false} assume true; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L284 TraceCheckUtils]: 48: Hoare quadruple {18262#false} {18262#false} #240#return; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 49: Hoare triple {18262#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 50: Hoare triple {18262#false} assume !(0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0bv32; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 51: Hoare triple {18262#false} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 52: Hoare triple {18262#false} assume true; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L284 TraceCheckUtils]: 53: Hoare quadruple {18262#false} {18332#(= ~systemActive~0 (_ bv0 32))} #246#return; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 54: Hoare triple {18262#false} assume !false; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 55: Hoare triple {18262#false} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 56: Hoare triple {18262#false} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 57: Hoare triple {18262#false} assume !(0bv32 != test_~tmp~0#1); {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 58: Hoare triple {18262#false} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 59: Hoare triple {18262#false} assume 0bv32 != test_~tmp___0~0#1; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L272 TraceCheckUtils]: 60: Hoare triple {18262#false} call changeMethaneLevel(); {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 61: Hoare triple {18262#false} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {18262#false} is VALID [2022-02-20 18:08:00,657 INFO L290 TraceCheckUtils]: 62: Hoare triple {18262#false} assume true; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L284 TraceCheckUtils]: 63: Hoare quadruple {18262#false} {18262#false} #244#return; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 64: Hoare triple {18262#false} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 65: Hoare triple {18262#false} assume !(0bv32 != test_~tmp___2~0#1);test_~tmp___1~0#1 := test_#t~nondet7#1;havoc test_#t~nondet7#1; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 66: Hoare triple {18262#false} assume !(0bv32 != test_~tmp___1~0#1); {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L272 TraceCheckUtils]: 67: Hoare triple {18262#false} call timeShift(); {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 68: Hoare triple {18262#false} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 69: Hoare triple {18262#false} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 70: Hoare triple {18262#false} assume { :end_inline_lowerWaterLevel } true; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 71: Hoare triple {18262#false} assume !(0bv32 != ~systemActive~0); {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 72: Hoare triple {18262#false} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L272 TraceCheckUtils]: 73: Hoare triple {18262#false} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 74: Hoare triple {18262#false} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 75: Hoare triple {18262#false} assume true; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L284 TraceCheckUtils]: 76: Hoare quadruple {18262#false} {18262#false} #240#return; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 77: Hoare triple {18262#false} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {18262#false} is VALID [2022-02-20 18:08:00,658 INFO L290 TraceCheckUtils]: 78: Hoare triple {18262#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {18262#false} is VALID [2022-02-20 18:08:00,659 INFO L290 TraceCheckUtils]: 79: Hoare triple {18262#false} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {18262#false} is VALID [2022-02-20 18:08:00,659 INFO L290 TraceCheckUtils]: 80: Hoare triple {18262#false} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {18262#false} is VALID [2022-02-20 18:08:00,659 INFO L290 TraceCheckUtils]: 81: Hoare triple {18262#false} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {18262#false} is VALID [2022-02-20 18:08:00,659 INFO L290 TraceCheckUtils]: 82: Hoare triple {18262#false} assume !false; {18262#false} is VALID [2022-02-20 18:08:00,659 INFO L134 CoverageAnalysis]: Checked inductivity of 25 backedges. 12 proven. 0 refuted. 0 times theorem prover too weak. 13 trivial. 0 not checked. [2022-02-20 18:08:00,659 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:08:00,659 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:08:00,659 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [2011745981] [2022-02-20 18:08:00,659 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [2011745981] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:08:00,659 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:08:00,659 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:08:00,659 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [885618358] [2022-02-20 18:08:00,659 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:08:00,660 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) Word has length 83 [2022-02-20 18:08:00,660 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:08:00,660 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-20 18:08:00,712 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 75 edges. 75 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:08:00,712 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:08:00,712 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:08:00,713 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:08:00,713 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:08:00,713 INFO L87 Difference]: Start difference. First operand 558 states and 671 transitions. Second operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-20 18:08:00,867 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:00,867 INFO L93 Difference]: Finished difference Result 973 states and 1171 transitions. [2022-02-20 18:08:00,867 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:08:00,867 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) Word has length 83 [2022-02-20 18:08:00,868 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:08:00,868 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-20 18:08:00,870 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 208 transitions. [2022-02-20 18:08:00,870 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-20 18:08:00,871 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 208 transitions. [2022-02-20 18:08:00,871 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 208 transitions. [2022-02-20 18:08:01,025 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 208 edges. 208 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:08:01,038 INFO L225 Difference]: With dead ends: 973 [2022-02-20 18:08:01,038 INFO L226 Difference]: Without dead ends: 423 [2022-02-20 18:08:01,039 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 82 GetRequests, 81 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:08:01,039 INFO L933 BasicCegarLoop]: 113 mSDtfsCounter, 37 mSDsluCounter, 81 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 37 SdHoareTripleChecker+Valid, 194 SdHoareTripleChecker+Invalid, 5 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:08:01,040 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [37 Valid, 194 Invalid, 5 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:08:01,040 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 423 states. [2022-02-20 18:08:01,051 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 423 to 415. [2022-02-20 18:08:01,051 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:08:01,052 INFO L82 GeneralOperation]: Start isEquivalent. First operand 423 states. Second operand has 415 states, 324 states have (on average 1.2098765432098766) internal successors, (392), 344 states have internal predecessors, (392), 48 states have call successors, (48), 46 states have call predecessors, (48), 42 states have return successors, (51), 44 states have call predecessors, (51), 48 states have call successors, (51) [2022-02-20 18:08:01,053 INFO L74 IsIncluded]: Start isIncluded. First operand 423 states. Second operand has 415 states, 324 states have (on average 1.2098765432098766) internal successors, (392), 344 states have internal predecessors, (392), 48 states have call successors, (48), 46 states have call predecessors, (48), 42 states have return successors, (51), 44 states have call predecessors, (51), 48 states have call successors, (51) [2022-02-20 18:08:01,053 INFO L87 Difference]: Start difference. First operand 423 states. Second operand has 415 states, 324 states have (on average 1.2098765432098766) internal successors, (392), 344 states have internal predecessors, (392), 48 states have call successors, (48), 46 states have call predecessors, (48), 42 states have return successors, (51), 44 states have call predecessors, (51), 48 states have call successors, (51) [2022-02-20 18:08:01,062 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:01,062 INFO L93 Difference]: Finished difference Result 423 states and 499 transitions. [2022-02-20 18:08:01,062 INFO L276 IsEmpty]: Start isEmpty. Operand 423 states and 499 transitions. [2022-02-20 18:08:01,063 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:08:01,063 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:08:01,064 INFO L74 IsIncluded]: Start isIncluded. First operand has 415 states, 324 states have (on average 1.2098765432098766) internal successors, (392), 344 states have internal predecessors, (392), 48 states have call successors, (48), 46 states have call predecessors, (48), 42 states have return successors, (51), 44 states have call predecessors, (51), 48 states have call successors, (51) Second operand 423 states. [2022-02-20 18:08:01,065 INFO L87 Difference]: Start difference. First operand has 415 states, 324 states have (on average 1.2098765432098766) internal successors, (392), 344 states have internal predecessors, (392), 48 states have call successors, (48), 46 states have call predecessors, (48), 42 states have return successors, (51), 44 states have call predecessors, (51), 48 states have call successors, (51) Second operand 423 states. [2022-02-20 18:08:01,074 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:01,074 INFO L93 Difference]: Finished difference Result 423 states and 499 transitions. [2022-02-20 18:08:01,074 INFO L276 IsEmpty]: Start isEmpty. Operand 423 states and 499 transitions. [2022-02-20 18:08:01,074 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:08:01,075 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:08:01,075 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:08:01,075 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:08:01,075 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 415 states, 324 states have (on average 1.2098765432098766) internal successors, (392), 344 states have internal predecessors, (392), 48 states have call successors, (48), 46 states have call predecessors, (48), 42 states have return successors, (51), 44 states have call predecessors, (51), 48 states have call successors, (51) [2022-02-20 18:08:01,084 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 415 states to 415 states and 491 transitions. [2022-02-20 18:08:01,084 INFO L78 Accepts]: Start accepts. Automaton has 415 states and 491 transitions. Word has length 83 [2022-02-20 18:08:01,084 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:08:01,084 INFO L470 AbstractCegarLoop]: Abstraction has 415 states and 491 transitions. [2022-02-20 18:08:01,084 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 21.333333333333332) internal successors, (64), 3 states have internal predecessors, (64), 3 states have call successors, (6), 3 states have call predecessors, (6), 2 states have return successors, (5), 2 states have call predecessors, (5), 3 states have call successors, (5) [2022-02-20 18:08:01,085 INFO L276 IsEmpty]: Start isEmpty. Operand 415 states and 491 transitions. [2022-02-20 18:08:01,085 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 86 [2022-02-20 18:08:01,085 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:08:01,085 INFO L514 BasicCegarLoop]: trace histogram [3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:08:01,092 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (11)] Forceful destruction successful, exit code 0 [2022-02-20 18:08:01,292 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 11 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:08:01,292 INFO L402 AbstractCegarLoop]: === Iteration 11 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:08:01,293 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:08:01,293 INFO L85 PathProgramCache]: Analyzing trace with hash -1365206167, now seen corresponding path program 1 times [2022-02-20 18:08:01,293 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:08:01,293 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [1162469238] [2022-02-20 18:08:01,293 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:08:01,293 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:08:01,293 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:08:01,294 INFO L229 MonitoredProcess]: Starting monitored process 12 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:08:01,320 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Waiting until timeout for monitored process [2022-02-20 18:08:01,371 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:08:01,374 INFO L263 TraceCheckSpWp]: Trace formula consists of 241 conjuncts, 4 conjunts are in the unsatisfiable core [2022-02-20 18:08:01,386 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:08:01,388 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:08:01,589 INFO L290 TraceCheckUtils]: 0: Hoare triple {21288#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0bv32, 0bv32;assume 0bv1 == #valid[0bv32];assume ~bvult32(0bv32, #StackHeapBarrier);call #Ultimate.allocInit(2bv32, 1bv32);call write~init~intINTTYPE1(48bv8, 1bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 1bv32, 1bv32, 1bv32);call #Ultimate.allocInit(31bv32, 2bv32);call #Ultimate.allocInit(12bv32, 3bv32);call #Ultimate.allocInit(13bv32, 4bv32);call #Ultimate.allocInit(3bv32, 5bv32);call write~init~intINTTYPE1(79bv8, 5bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 5bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 5bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 6bv32);call write~init~intINTTYPE1(79bv8, 6bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 6bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 6bv32, 3bv32, 1bv32);call #Ultimate.allocInit(7bv32, 7bv32);call write~init~intINTTYPE1(44bv8, 7bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(80bv8, 7bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(117bv8, 7bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(109bv8, 7bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(112bv8, 7bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 7bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 7bv32, 6bv32, 1bv32);call #Ultimate.allocInit(3bv32, 8bv32);call write~init~intINTTYPE1(79bv8, 8bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(110bv8, 8bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 8bv32, 2bv32, 1bv32);call #Ultimate.allocInit(4bv32, 9bv32);call write~init~intINTTYPE1(79bv8, 9bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(102bv8, 9bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 9bv32, 3bv32, 1bv32);call #Ultimate.allocInit(3bv32, 10bv32);call write~init~intINTTYPE1(41bv8, 10bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(32bv8, 10bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 10bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 11bv32);call write~init~intINTTYPE1(10bv8, 11bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 11bv32, 1bv32, 1bv32);call #Ultimate.allocInit(13bv32, 12bv32);call #Ultimate.allocInit(7bv32, 13bv32);call write~init~intINTTYPE1(44bv8, 13bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(77bv8, 13bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(101bv8, 13bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(116bv8, 13bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(104bv8, 13bv32, 4bv32, 1bv32);call write~init~intINTTYPE1(58bv8, 13bv32, 5bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 13bv32, 6bv32, 1bv32);call #Ultimate.allocInit(5bv32, 14bv32);call write~init~intINTTYPE1(67bv8, 14bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(82bv8, 14bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(73bv8, 14bv32, 2bv32, 1bv32);call write~init~intINTTYPE1(84bv8, 14bv32, 3bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 14bv32, 4bv32, 1bv32);call #Ultimate.allocInit(3bv32, 15bv32);call write~init~intINTTYPE1(79bv8, 15bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(75bv8, 15bv32, 1bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 15bv32, 2bv32, 1bv32);call #Ultimate.allocInit(2bv32, 16bv32);call write~init~intINTTYPE1(41bv8, 16bv32, 0bv32, 1bv32);call write~init~intINTTYPE1(0bv8, 16bv32, 1bv32, 1bv32);call #Ultimate.allocInit(30bv32, 17bv32);call #Ultimate.allocInit(9bv32, 18bv32);call #Ultimate.allocInit(21bv32, 19bv32);call #Ultimate.allocInit(30bv32, 20bv32);call #Ultimate.allocInit(9bv32, 21bv32);call #Ultimate.allocInit(21bv32, 22bv32);call #Ultimate.allocInit(30bv32, 23bv32);call #Ultimate.allocInit(9bv32, 24bv32);call #Ultimate.allocInit(25bv32, 25bv32);call #Ultimate.allocInit(30bv32, 26bv32);call #Ultimate.allocInit(9bv32, 27bv32);call #Ultimate.allocInit(25bv32, 28bv32);~pumpRunning~0 := 0bv32;~systemActive~0 := 1bv32;~cleanupTimeShifts~0 := 4bv32;~methAndRunningLastTime~0 := 0bv32;~waterLevel~0 := 1bv32;~methaneLevelCritical~0 := 0bv32;~head~0.base, ~head~0.offset := 0bv32, 0bv32; {21288#true} is VALID [2022-02-20 18:08:01,590 INFO L290 TraceCheckUtils]: 1: Hoare triple {21288#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret21#1, main_~retValue_acc~5#1, main_~tmp~4#1;havoc main_~retValue_acc~5#1;havoc main_~tmp~4#1;assume { :begin_inline_select_helpers } true; {21288#true} is VALID [2022-02-20 18:08:01,590 INFO L290 TraceCheckUtils]: 2: Hoare triple {21288#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {21288#true} is VALID [2022-02-20 18:08:01,590 INFO L290 TraceCheckUtils]: 3: Hoare triple {21288#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1bv32;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 4: Hoare triple {21288#true} main_#t~ret21#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;main_~tmp~4#1 := main_#t~ret21#1;havoc main_#t~ret21#1; {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 5: Hoare triple {21288#true} assume 0bv32 != main_~tmp~4#1;assume { :begin_inline_setup } true; {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 6: Hoare triple {21288#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline___utac_acc__Specification2_spec__1 } true;~methAndRunningLastTime~0 := 0bv32; {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 7: Hoare triple {21288#true} assume { :end_inline___utac_acc__Specification2_spec__1 } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0bv32; {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 8: Hoare triple {21288#true} assume !false; {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 9: Hoare triple {21288#true} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 10: Hoare triple {21288#true} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {21288#true} is VALID [2022-02-20 18:08:01,591 INFO L290 TraceCheckUtils]: 11: Hoare triple {21288#true} assume 0bv32 != test_~tmp~0#1; {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L272 TraceCheckUtils]: 12: Hoare triple {21288#true} call waterRise(); {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L290 TraceCheckUtils]: 13: Hoare triple {21288#true} assume ~bvslt32(~waterLevel~0, 2bv32);~waterLevel~0 := ~bvadd32(1bv32, ~waterLevel~0); {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L290 TraceCheckUtils]: 14: Hoare triple {21288#true} assume true; {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L284 TraceCheckUtils]: 15: Hoare quadruple {21288#true} {21288#true} #242#return; {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L290 TraceCheckUtils]: 16: Hoare triple {21288#true} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L290 TraceCheckUtils]: 17: Hoare triple {21288#true} assume !(0bv32 != test_~tmp___0~0#1); {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L290 TraceCheckUtils]: 18: Hoare triple {21288#true} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {21288#true} is VALID [2022-02-20 18:08:01,592 INFO L290 TraceCheckUtils]: 19: Hoare triple {21288#true} assume 0bv32 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1bv32; {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L290 TraceCheckUtils]: 20: Hoare triple {21288#true} assume { :end_inline_startSystem } true; {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L272 TraceCheckUtils]: 21: Hoare triple {21288#true} call timeShift(); {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L290 TraceCheckUtils]: 22: Hoare triple {21288#true} assume !(0bv32 != ~pumpRunning~0); {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L290 TraceCheckUtils]: 23: Hoare triple {21288#true} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L290 TraceCheckUtils]: 24: Hoare triple {21288#true} assume 0bv32 == ~pumpRunning~0;assume { :begin_inline_isHighWaterLevel } true;havoc isHighWaterLevel_#res#1;havoc isHighWaterLevel_#t~ret19#1, isHighWaterLevel_~retValue_acc~2#1, isHighWaterLevel_~tmp~3#1, isHighWaterLevel_~tmp___0~1#1;havoc isHighWaterLevel_~retValue_acc~2#1;havoc isHighWaterLevel_~tmp~3#1;havoc isHighWaterLevel_~tmp___0~1#1;assume { :begin_inline_isHighWaterSensorDry } true;havoc isHighWaterSensorDry_#res#1;havoc isHighWaterSensorDry_~retValue_acc~8#1;havoc isHighWaterSensorDry_~retValue_acc~8#1; {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L290 TraceCheckUtils]: 25: Hoare triple {21288#true} assume !~bvslt32(~waterLevel~0, 2bv32);isHighWaterSensorDry_~retValue_acc~8#1 := 0bv32;isHighWaterSensorDry_#res#1 := isHighWaterSensorDry_~retValue_acc~8#1; {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L290 TraceCheckUtils]: 26: Hoare triple {21288#true} isHighWaterLevel_#t~ret19#1 := isHighWaterSensorDry_#res#1;assume { :end_inline_isHighWaterSensorDry } true;isHighWaterLevel_~tmp~3#1 := isHighWaterLevel_#t~ret19#1;havoc isHighWaterLevel_#t~ret19#1; {21288#true} is VALID [2022-02-20 18:08:01,593 INFO L290 TraceCheckUtils]: 27: Hoare triple {21288#true} assume !(0bv32 != isHighWaterLevel_~tmp~3#1);isHighWaterLevel_~tmp___0~1#1 := 1bv32; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L290 TraceCheckUtils]: 28: Hoare triple {21288#true} isHighWaterLevel_~retValue_acc~2#1 := isHighWaterLevel_~tmp___0~1#1;isHighWaterLevel_#res#1 := isHighWaterLevel_~retValue_acc~2#1; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L290 TraceCheckUtils]: 29: Hoare triple {21288#true} processEnvironment_#t~ret8#1 := isHighWaterLevel_#res#1;assume { :end_inline_isHighWaterLevel } true;processEnvironment_~tmp~1#1 := processEnvironment_#t~ret8#1;havoc processEnvironment_#t~ret8#1; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L290 TraceCheckUtils]: 30: Hoare triple {21288#true} assume 0bv32 != processEnvironment_~tmp~1#1;assume { :begin_inline_activatePump } true;havoc activatePump_#t~ret9#1, activatePump_~tmp~2#1;havoc activatePump_~tmp~2#1;assume { :begin_inline_isMethaneAlarm } true;havoc isMethaneAlarm_#res#1;havoc isMethaneAlarm_#t~ret10#1, isMethaneAlarm_~retValue_acc~0#1;havoc isMethaneAlarm_~retValue_acc~0#1; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L272 TraceCheckUtils]: 31: Hoare triple {21288#true} call isMethaneAlarm_#t~ret10#1 := isMethaneLevelCritical(); {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L290 TraceCheckUtils]: 32: Hoare triple {21288#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L290 TraceCheckUtils]: 33: Hoare triple {21288#true} assume true; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L284 TraceCheckUtils]: 34: Hoare quadruple {21288#true} {21288#true} #234#return; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L290 TraceCheckUtils]: 35: Hoare triple {21288#true} isMethaneAlarm_~retValue_acc~0#1 := isMethaneAlarm_#t~ret10#1;havoc isMethaneAlarm_#t~ret10#1;isMethaneAlarm_#res#1 := isMethaneAlarm_~retValue_acc~0#1; {21288#true} is VALID [2022-02-20 18:08:01,594 INFO L290 TraceCheckUtils]: 36: Hoare triple {21288#true} activatePump_#t~ret9#1 := isMethaneAlarm_#res#1;assume { :end_inline_isMethaneAlarm } true;activatePump_~tmp~2#1 := activatePump_#t~ret9#1;havoc activatePump_#t~ret9#1; {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L290 TraceCheckUtils]: 37: Hoare triple {21288#true} assume !(0bv32 != activatePump_~tmp~2#1);assume { :begin_inline_activatePump__wrappee__highWaterSensor } true;~pumpRunning~0 := 1bv32; {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L290 TraceCheckUtils]: 38: Hoare triple {21288#true} assume { :end_inline_activatePump__wrappee__highWaterSensor } true; {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L290 TraceCheckUtils]: 39: Hoare triple {21288#true} assume { :end_inline_activatePump } true; {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L290 TraceCheckUtils]: 40: Hoare triple {21288#true} assume { :end_inline_processEnvironment } true; {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L290 TraceCheckUtils]: 41: Hoare triple {21288#true} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L272 TraceCheckUtils]: 42: Hoare triple {21288#true} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L290 TraceCheckUtils]: 43: Hoare triple {21288#true} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {21288#true} is VALID [2022-02-20 18:08:01,595 INFO L290 TraceCheckUtils]: 44: Hoare triple {21288#true} assume true; {21288#true} is VALID [2022-02-20 18:08:01,596 INFO L284 TraceCheckUtils]: 45: Hoare quadruple {21288#true} {21288#true} #240#return; {21288#true} is VALID [2022-02-20 18:08:01,596 INFO L290 TraceCheckUtils]: 46: Hoare triple {21288#true} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {21288#true} is VALID [2022-02-20 18:08:01,596 INFO L290 TraceCheckUtils]: 47: Hoare triple {21288#true} assume !(0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1);~methAndRunningLastTime~0 := 0bv32; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,597 INFO L290 TraceCheckUtils]: 48: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume { :end_inline___utac_acc__Specification2_spec__2 } true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,598 INFO L290 TraceCheckUtils]: 49: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,598 INFO L284 TraceCheckUtils]: 50: Hoare quadruple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} {21288#true} #246#return; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,599 INFO L290 TraceCheckUtils]: 51: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume !false; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,600 INFO L290 TraceCheckUtils]: 52: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume ~bvslt32(test_~splverifierCounter~0#1, 4bv32); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,602 INFO L290 TraceCheckUtils]: 53: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,603 INFO L290 TraceCheckUtils]: 54: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume !(0bv32 != test_~tmp~0#1); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,603 INFO L290 TraceCheckUtils]: 55: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,604 INFO L290 TraceCheckUtils]: 56: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume 0bv32 != test_~tmp___0~0#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,604 INFO L272 TraceCheckUtils]: 57: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} call changeMethaneLevel(); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,604 INFO L290 TraceCheckUtils]: 58: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume !(0bv32 != ~methaneLevelCritical~0);~methaneLevelCritical~0 := 1bv32; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,605 INFO L290 TraceCheckUtils]: 59: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,605 INFO L284 TraceCheckUtils]: 60: Hoare quadruple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} #244#return; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,606 INFO L290 TraceCheckUtils]: 61: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,606 INFO L290 TraceCheckUtils]: 62: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume 0bv32 != test_~tmp___2~0#1;assume { :begin_inline_startSystem } true;~systemActive~0 := 1bv32; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,607 INFO L290 TraceCheckUtils]: 63: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume { :end_inline_startSystem } true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,607 INFO L272 TraceCheckUtils]: 64: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} call timeShift(); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,608 INFO L290 TraceCheckUtils]: 65: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume 0bv32 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,608 INFO L290 TraceCheckUtils]: 66: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume ~bvsgt32(~waterLevel~0, 0bv32);~waterLevel~0 := ~bvsub32(~waterLevel~0, 1bv32); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,608 INFO L290 TraceCheckUtils]: 67: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume { :end_inline_lowerWaterLevel } true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,609 INFO L290 TraceCheckUtils]: 68: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume 0bv32 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,609 INFO L290 TraceCheckUtils]: 69: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume !(0bv32 == ~pumpRunning~0); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,610 INFO L272 TraceCheckUtils]: 70: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} call processEnvironment__wrappee__base(); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,610 INFO L290 TraceCheckUtils]: 71: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,610 INFO L284 TraceCheckUtils]: 72: Hoare quadruple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} #238#return; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,611 INFO L290 TraceCheckUtils]: 73: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume { :end_inline_processEnvironment } true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,611 INFO L290 TraceCheckUtils]: 74: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume { :begin_inline___utac_acc__Specification2_spec__2 } true;havoc __utac_acc__Specification2_spec__2_#t~ret22#1, __utac_acc__Specification2_spec__2_#t~ret23#1, __utac_acc__Specification2_spec__2_~tmp~5#1, __utac_acc__Specification2_spec__2_~tmp___0~2#1;havoc __utac_acc__Specification2_spec__2_~tmp~5#1;havoc __utac_acc__Specification2_spec__2_~tmp___0~2#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,611 INFO L272 TraceCheckUtils]: 75: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} call __utac_acc__Specification2_spec__2_#t~ret22#1 := isMethaneLevelCritical(); {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,612 INFO L290 TraceCheckUtils]: 76: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} havoc ~retValue_acc~6;~retValue_acc~6 := ~methaneLevelCritical~0;#res := ~retValue_acc~6; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,612 INFO L290 TraceCheckUtils]: 77: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume true; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,613 INFO L284 TraceCheckUtils]: 78: Hoare quadruple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} #240#return; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,613 INFO L290 TraceCheckUtils]: 79: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} __utac_acc__Specification2_spec__2_~tmp~5#1 := __utac_acc__Specification2_spec__2_#t~ret22#1;havoc __utac_acc__Specification2_spec__2_#t~ret22#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,613 INFO L290 TraceCheckUtils]: 80: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp~5#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,613 INFO L290 TraceCheckUtils]: 81: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} __utac_acc__Specification2_spec__2_#t~ret23#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;__utac_acc__Specification2_spec__2_~tmp___0~2#1 := __utac_acc__Specification2_spec__2_#t~ret23#1;havoc __utac_acc__Specification2_spec__2_#t~ret23#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,614 INFO L290 TraceCheckUtils]: 82: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume 0bv32 != __utac_acc__Specification2_spec__2_~tmp___0~2#1; {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} is VALID [2022-02-20 18:08:01,614 INFO L290 TraceCheckUtils]: 83: Hoare triple {21434#(= ~methAndRunningLastTime~0 (_ bv0 32))} assume 0bv32 != ~methAndRunningLastTime~0;assume { :begin_inline___automaton_fail } true; {21289#false} is VALID [2022-02-20 18:08:01,614 INFO L290 TraceCheckUtils]: 84: Hoare triple {21289#false} assume !false; {21289#false} is VALID [2022-02-20 18:08:01,614 INFO L134 CoverageAnalysis]: Checked inductivity of 27 backedges. 24 proven. 0 refuted. 0 times theorem prover too weak. 3 trivial. 0 not checked. [2022-02-20 18:08:01,614 INFO L324 TraceCheckSpWp]: Omiting computation of backward sequence because forward sequence was already perfect [2022-02-20 18:08:01,615 INFO L144 FreeRefinementEngine]: Strategy WOLF found an infeasible trace [2022-02-20 18:08:01,615 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleMathsat [1162469238] [2022-02-20 18:08:01,615 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleMathsat [1162469238] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:08:01,615 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:08:01,615 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:08:01,615 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [133767073] [2022-02-20 18:08:01,615 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:08:01,615 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 85 [2022-02-20 18:08:01,616 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:08:01,616 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:08:01,699 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 83 edges. 83 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:08:01,699 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:08:01,699 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy WOLF [2022-02-20 18:08:01,700 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:08:01,700 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:08:01,700 INFO L87 Difference]: Start difference. First operand 415 states and 491 transitions. Second operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:08:01,846 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:01,846 INFO L93 Difference]: Finished difference Result 571 states and 682 transitions. [2022-02-20 18:08:01,846 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:08:01,846 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) Word has length 85 [2022-02-20 18:08:01,847 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:08:01,847 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:08:01,849 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 167 transitions. [2022-02-20 18:08:01,849 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:08:01,851 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 167 transitions. [2022-02-20 18:08:01,851 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 167 transitions. [2022-02-20 18:08:01,987 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 167 edges. 167 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:08:02,025 INFO L225 Difference]: With dead ends: 571 [2022-02-20 18:08:02,025 INFO L226 Difference]: Without dead ends: 569 [2022-02-20 18:08:02,026 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 84 GetRequests, 83 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:08:02,026 INFO L933 BasicCegarLoop]: 93 mSDtfsCounter, 45 mSDsluCounter, 75 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 4 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 45 SdHoareTripleChecker+Valid, 168 SdHoareTripleChecker+Invalid, 7 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 4 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:08:02,026 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [45 Valid, 168 Invalid, 7 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [4 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:08:02,027 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 569 states. [2022-02-20 18:08:02,045 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 569 to 452. [2022-02-20 18:08:02,045 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:08:02,046 INFO L82 GeneralOperation]: Start isEquivalent. First operand 569 states. Second operand has 452 states, 353 states have (on average 1.2209631728045325) internal successors, (431), 374 states have internal predecessors, (431), 52 states have call successors, (52), 50 states have call predecessors, (52), 46 states have return successors, (58), 48 states have call predecessors, (58), 52 states have call successors, (58) [2022-02-20 18:08:02,047 INFO L74 IsIncluded]: Start isIncluded. First operand 569 states. Second operand has 452 states, 353 states have (on average 1.2209631728045325) internal successors, (431), 374 states have internal predecessors, (431), 52 states have call successors, (52), 50 states have call predecessors, (52), 46 states have return successors, (58), 48 states have call predecessors, (58), 52 states have call successors, (58) [2022-02-20 18:08:02,048 INFO L87 Difference]: Start difference. First operand 569 states. Second operand has 452 states, 353 states have (on average 1.2209631728045325) internal successors, (431), 374 states have internal predecessors, (431), 52 states have call successors, (52), 50 states have call predecessors, (52), 46 states have return successors, (58), 48 states have call predecessors, (58), 52 states have call successors, (58) [2022-02-20 18:08:02,068 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:02,068 INFO L93 Difference]: Finished difference Result 569 states and 680 transitions. [2022-02-20 18:08:02,069 INFO L276 IsEmpty]: Start isEmpty. Operand 569 states and 680 transitions. [2022-02-20 18:08:02,070 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:08:02,070 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:08:02,071 INFO L74 IsIncluded]: Start isIncluded. First operand has 452 states, 353 states have (on average 1.2209631728045325) internal successors, (431), 374 states have internal predecessors, (431), 52 states have call successors, (52), 50 states have call predecessors, (52), 46 states have return successors, (58), 48 states have call predecessors, (58), 52 states have call successors, (58) Second operand 569 states. [2022-02-20 18:08:02,079 INFO L87 Difference]: Start difference. First operand has 452 states, 353 states have (on average 1.2209631728045325) internal successors, (431), 374 states have internal predecessors, (431), 52 states have call successors, (52), 50 states have call predecessors, (52), 46 states have return successors, (58), 48 states have call predecessors, (58), 52 states have call successors, (58) Second operand 569 states. [2022-02-20 18:08:02,102 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:08:02,102 INFO L93 Difference]: Finished difference Result 569 states and 680 transitions. [2022-02-20 18:08:02,102 INFO L276 IsEmpty]: Start isEmpty. Operand 569 states and 680 transitions. [2022-02-20 18:08:02,103 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:08:02,103 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:08:02,104 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:08:02,109 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:08:02,110 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 452 states, 353 states have (on average 1.2209631728045325) internal successors, (431), 374 states have internal predecessors, (431), 52 states have call successors, (52), 50 states have call predecessors, (52), 46 states have return successors, (58), 48 states have call predecessors, (58), 52 states have call successors, (58) [2022-02-20 18:08:02,138 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 452 states to 452 states and 541 transitions. [2022-02-20 18:08:02,139 INFO L78 Accepts]: Start accepts. Automaton has 452 states and 541 transitions. Word has length 85 [2022-02-20 18:08:02,139 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:08:02,139 INFO L470 AbstractCegarLoop]: Abstraction has 452 states and 541 transitions. [2022-02-20 18:08:02,139 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 22.666666666666668) internal successors, (68), 3 states have internal predecessors, (68), 2 states have call successors, (8), 2 states have call predecessors, (8), 2 states have return successors, (7), 2 states have call predecessors, (7), 2 states have call successors, (7) [2022-02-20 18:08:02,140 INFO L276 IsEmpty]: Start isEmpty. Operand 452 states and 541 transitions. [2022-02-20 18:08:02,141 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 118 [2022-02-20 18:08:02,141 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:08:02,141 INFO L514 BasicCegarLoop]: trace histogram [4, 4, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:08:02,165 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (12)] Forceful destruction successful, exit code 0 [2022-02-20 18:08:02,359 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 12 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:08:02,359 INFO L402 AbstractCegarLoop]: === Iteration 12 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:08:02,360 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:08:02,360 INFO L85 PathProgramCache]: Analyzing trace with hash -556908766, now seen corresponding path program 1 times [2022-02-20 18:08:02,361 INFO L126 FreeRefinementEngine]: Executing refinement strategy WOLF [2022-02-20 18:08:02,361 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleMathsat [244604082] [2022-02-20 18:08:02,361 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:08:02,361 INFO L173 SolverBuilder]: Constructing external solver with command: mathsat -unsat_core_generation=3 [2022-02-20 18:08:02,361 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat [2022-02-20 18:08:02,362 INFO L229 MonitoredProcess]: Starting monitored process 13 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (exit command is (exit), workingDir is null) [2022-02-20 18:08:02,365 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Waiting until timeout for monitored process [2022-02-20 18:08:02,441 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:08:02,441 INFO L352 TraceCheck]: Trace is feasible, we will do another trace check, this time with branch encoders. [2022-02-20 18:08:02,491 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is sat [2022-02-20 18:08:02,601 INFO L138 FreeRefinementEngine]: Strategy WOLF found a feasible trace [2022-02-20 18:08:02,601 INFO L628 BasicCegarLoop]: Counterexample is feasible [2022-02-20 18:08:02,602 INFO L764 garLoopResultBuilder]: Registering result UNSAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:08:02,631 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 (13)] Ended with exit code 0 [2022-02-20 18:08:02,814 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 13 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/mathsat -unsat_core_generation=3 [2022-02-20 18:08:02,817 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:08:02,820 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:08:02,930 FATAL L489 DefaultTranslator]: Callstack has procedure call flag but succeeding procedure is empty at [CALL] call waterRise(); [2022-02-20 18:08:02,931 FATAL L? ?]: The Plugin de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction has thrown an exception: java.lang.AssertionError: callstack broken after backtranslation by InlinerBacktranslator at de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:216) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:225) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ModelTranslationContainer.translateProgramExecution(ModelTranslationContainer.java:206) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getProgramExecutionAsString(CounterExampleResult.java:155) at de.uni_freiburg.informatik.ultimate.core.lib.results.CounterExampleResult.getLongDescription(CounterExampleResult.java:134) at de.uni_freiburg.informatik.ultimate.core.coreplugin.services.ResultService.reportResult(ResultService.java:86) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.CegarLoopResultReporter.reportResult(CegarLoopResultReporter.java:141) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.reportLocationResults(TraceAbstractionStarter.java:607) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.runCegarLoops(TraceAbstractionStarter.java:182) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionStarter.(TraceAbstractionStarter.java:156) at de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver.finish(TraceAbstractionObserver.java:123) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runObserver(PluginConnector.java:168) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.runTool(PluginConnector.java:151) at de.uni_freiburg.informatik.ultimate.core.coreplugin.PluginConnector.run(PluginConnector.java:128) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.executePluginConnector(ToolchainWalker.java:232) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.processPlugin(ToolchainWalker.java:226) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walkUnprotected(ToolchainWalker.java:142) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainWalker.walk(ToolchainWalker.java:104) at de.uni_freiburg.informatik.ultimate.core.coreplugin.ToolchainManager$Toolchain.processToolchain(ToolchainManager.java:320) at de.uni_freiburg.informatik.ultimate.core.coreplugin.toolchain.DefaultToolchainJob.run(DefaultToolchainJob.java:145) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63) [2022-02-20 18:08:02,939 INFO L158 Benchmark]: Toolchain (without parser) took 11816.84ms. Allocated memory was 65.0MB in the beginning and 205.5MB in the end (delta: 140.5MB). Free memory was 44.5MB in the beginning and 128.9MB in the end (delta: -84.4MB). Peak memory consumption was 55.4MB. Max. memory is 16.1GB. [2022-02-20 18:08:02,940 INFO L158 Benchmark]: CDTParser took 0.19ms. Allocated memory is still 65.0MB. Free memory was 46.8MB in the beginning and 46.8MB in the end (delta: 44.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:08:02,940 INFO L158 Benchmark]: CACSL2BoogieTranslator took 457.80ms. Allocated memory was 65.0MB in the beginning and 94.4MB in the end (delta: 29.4MB). Free memory was 44.3MB in the beginning and 75.5MB in the end (delta: -31.2MB). Peak memory consumption was 15.6MB. Max. memory is 16.1GB. [2022-02-20 18:08:02,940 INFO L158 Benchmark]: Boogie Procedure Inliner took 35.63ms. Allocated memory is still 94.4MB. Free memory was 75.5MB in the beginning and 72.8MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:08:02,940 INFO L158 Benchmark]: Boogie Preprocessor took 28.78ms. Allocated memory is still 94.4MB. Free memory was 72.8MB in the beginning and 71.1MB in the end (delta: 1.7MB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:08:02,941 INFO L158 Benchmark]: RCFGBuilder took 359.00ms. Allocated memory is still 94.4MB. Free memory was 71.1MB in the beginning and 53.6MB in the end (delta: 17.5MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:08:02,941 INFO L158 Benchmark]: TraceAbstraction took 10930.28ms. Allocated memory was 94.4MB in the beginning and 205.5MB in the end (delta: 111.1MB). Free memory was 53.2MB in the beginning and 128.9MB in the end (delta: -75.7MB). Peak memory consumption was 35.6MB. Max. memory is 16.1GB. [2022-02-20 18:08:02,942 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.19ms. Allocated memory is still 65.0MB. Free memory was 46.8MB in the beginning and 46.8MB in the end (delta: 44.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 457.80ms. Allocated memory was 65.0MB in the beginning and 94.4MB in the end (delta: 29.4MB). Free memory was 44.3MB in the beginning and 75.5MB in the end (delta: -31.2MB). Peak memory consumption was 15.6MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 35.63ms. Allocated memory is still 94.4MB. Free memory was 75.5MB in the beginning and 72.8MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 28.78ms. Allocated memory is still 94.4MB. Free memory was 72.8MB in the beginning and 71.1MB in the end (delta: 1.7MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 359.00ms. Allocated memory is still 94.4MB. Free memory was 71.1MB in the beginning and 53.6MB in the end (delta: 17.5MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 10930.28ms. Allocated memory was 94.4MB in the beginning and 205.5MB in the end (delta: 111.1MB). Free memory was 53.2MB in the beginning and 128.9MB in the end (delta: -75.7MB). Peak memory consumption was 35.6MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: AssertionError: callstack broken after backtranslation by InlinerBacktranslator: de.uni_freiburg.informatik.ultimate.boogie.procedureinliner.backtranslation.InlinerBacktranslator.translateProgramExecution(InlinerBacktranslator.java:230) RESULT: Ultimate could not prove your program: Toolchain returned no result. [2022-02-20 18:08:02,977 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: ERROR: ExceptionOrErrorResult: AssertionError: callstack broken after backtranslation by InlinerBacktranslator