./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_product03.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product03.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 355b5902b5f931f50c54d9516b33231d0a6419b36d45cf753c504688535a3e74 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:09:54,794 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:09:54,796 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:09:54,848 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:09:54,848 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:09:54,852 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:09:54,853 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:09:54,857 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:09:54,859 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:09:54,862 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:09:54,863 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:09:54,864 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:09:54,864 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:09:54,866 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:09:54,880 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:09:54,882 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:09:54,883 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:09:54,883 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:09:54,885 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:09:54,889 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:09:54,890 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:09:54,891 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:09:54,892 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:09:54,893 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:09:54,894 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:09:54,894 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:09:54,895 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:09:54,896 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:09:54,896 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:09:54,897 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:09:54,897 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:09:54,898 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:09:54,899 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:09:54,899 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:09:54,900 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:09:54,900 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:09:54,901 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:09:54,915 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:09:54,915 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:09:54,916 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:09:54,918 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:09:54,919 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:09:54,956 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:09:54,957 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:09:54,957 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:09:54,957 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:09:54,958 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:09:54,958 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:09:54,959 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:09:54,959 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:09:54,959 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:09:54,959 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:09:54,960 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:09:54,960 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:09:54,960 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:09:54,960 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:09:54,960 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:09:54,960 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:09:54,961 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:09:54,961 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:09:54,961 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:09:54,961 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:09:54,961 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:09:54,961 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:09:54,961 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:09:54,962 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:09:54,962 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:09:54,962 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:09:54,962 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:09:54,963 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:09:54,963 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:09:54,963 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:09:54,963 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:09:54,964 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:09:54,964 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:09:54,964 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 355b5902b5f931f50c54d9516b33231d0a6419b36d45cf753c504688535a3e74 [2022-02-20 18:09:55,335 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:09:55,348 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:09:55,349 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:09:55,350 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:09:55,351 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:09:55,368 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product03.cil.c [2022-02-20 18:09:55,417 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ee2929721/2d7236d02a9d4676807d6d191a99f503/FLAGd3ccb42e3 [2022-02-20 18:09:55,805 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:09:55,805 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product03.cil.c [2022-02-20 18:09:55,812 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ee2929721/2d7236d02a9d4676807d6d191a99f503/FLAGd3ccb42e3 [2022-02-20 18:09:55,822 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/ee2929721/2d7236d02a9d4676807d6d191a99f503 [2022-02-20 18:09:55,824 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:09:55,825 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:09:55,828 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:09:55,828 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:09:55,831 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:09:55,831 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:09:55" (1/1) ... [2022-02-20 18:09:55,832 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@1eca8f74 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:55, skipping insertion in model container [2022-02-20 18:09:55,832 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:09:55" (1/1) ... [2022-02-20 18:09:55,837 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:09:55,868 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:09:56,062 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product03.cil.c[1605,1618] [2022-02-20 18:09:56,262 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:09:56,290 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:09:56,316 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product03.cil.c[1605,1618] [2022-02-20 18:09:56,405 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:09:56,437 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:09:56,437 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56 WrapperNode [2022-02-20 18:09:56,437 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:09:56,438 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:09:56,438 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:09:56,438 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:09:56,448 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,489 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,534 INFO L137 Inliner]: procedures = 50, calls = 146, calls flagged for inlining = 20, calls inlined = 16, statements flattened = 193 [2022-02-20 18:09:56,535 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:09:56,536 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:09:56,536 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:09:56,536 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:09:56,541 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,542 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,546 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,546 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,561 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,568 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,570 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,574 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:09:56,587 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:09:56,588 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:09:56,588 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:09:56,589 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (1/1) ... [2022-02-20 18:09:56,594 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:09:56,601 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:09:56,640 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:09:56,697 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:09:56,724 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:09:56,724 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:09:56,724 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:09:56,724 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:09:56,725 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:09:56,725 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:09:56,725 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:09:56,725 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:09:56,725 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:09:56,726 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:09:56,726 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:09:56,726 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:09:56,801 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:09:56,803 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:09:57,026 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:09:57,032 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:09:57,033 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:09:57,034 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:09:57 BoogieIcfgContainer [2022-02-20 18:09:57,034 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:09:57,035 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:09:57,036 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:09:57,038 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:09:57,038 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:09:55" (1/3) ... [2022-02-20 18:09:57,039 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3813d816 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:09:57, skipping insertion in model container [2022-02-20 18:09:57,039 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:09:56" (2/3) ... [2022-02-20 18:09:57,039 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@3813d816 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:09:57, skipping insertion in model container [2022-02-20 18:09:57,039 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:09:57" (3/3) ... [2022-02-20 18:09:57,041 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product03.cil.c [2022-02-20 18:09:57,044 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:09:57,044 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:09:57,084 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:09:57,092 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:09:57,092 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:09:57,110 INFO L276 IsEmpty]: Start isEmpty. Operand has 62 states, 50 states have (on average 1.4) internal successors, (70), 54 states have internal predecessors, (70), 6 states have call successors, (6), 4 states have call predecessors, (6), 4 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-20 18:09:57,115 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:09:57,115 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:09:57,115 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:09:57,116 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:09:57,120 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:09:57,121 INFO L85 PathProgramCache]: Analyzing trace with hash -192528358, now seen corresponding path program 1 times [2022-02-20 18:09:57,128 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:09:57,128 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1527919962] [2022-02-20 18:09:57,128 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:57,129 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:09:57,277 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:57,362 INFO L290 TraceCheckUtils]: 0: Hoare triple {65#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {65#true} is VALID [2022-02-20 18:09:57,366 INFO L290 TraceCheckUtils]: 1: Hoare triple {65#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {65#true} is VALID [2022-02-20 18:09:57,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {65#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {65#true} is VALID [2022-02-20 18:09:57,367 INFO L290 TraceCheckUtils]: 3: Hoare triple {65#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {65#true} is VALID [2022-02-20 18:09:57,367 INFO L290 TraceCheckUtils]: 4: Hoare triple {65#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {65#true} is VALID [2022-02-20 18:09:57,367 INFO L290 TraceCheckUtils]: 5: Hoare triple {65#true} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {65#true} is VALID [2022-02-20 18:09:57,368 INFO L290 TraceCheckUtils]: 6: Hoare triple {65#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {65#true} is VALID [2022-02-20 18:09:57,372 INFO L290 TraceCheckUtils]: 7: Hoare triple {65#true} assume false; {66#false} is VALID [2022-02-20 18:09:57,373 INFO L272 TraceCheckUtils]: 8: Hoare triple {66#false} call cleanup(); {66#false} is VALID [2022-02-20 18:09:57,373 INFO L290 TraceCheckUtils]: 9: Hoare triple {66#false} havoc ~i~0;havoc ~__cil_tmp2~0; {66#false} is VALID [2022-02-20 18:09:57,373 INFO L272 TraceCheckUtils]: 10: Hoare triple {66#false} call timeShift(); {66#false} is VALID [2022-02-20 18:09:57,373 INFO L290 TraceCheckUtils]: 11: Hoare triple {66#false} assume !(0 != ~pumpRunning~0); {66#false} is VALID [2022-02-20 18:09:57,374 INFO L290 TraceCheckUtils]: 12: Hoare triple {66#false} assume !(0 != ~systemActive~0); {66#false} is VALID [2022-02-20 18:09:57,374 INFO L290 TraceCheckUtils]: 13: Hoare triple {66#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {66#false} is VALID [2022-02-20 18:09:57,375 INFO L290 TraceCheckUtils]: 14: Hoare triple {66#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {66#false} is VALID [2022-02-20 18:09:57,375 INFO L290 TraceCheckUtils]: 15: Hoare triple {66#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {66#false} is VALID [2022-02-20 18:09:57,375 INFO L290 TraceCheckUtils]: 16: Hoare triple {66#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {66#false} is VALID [2022-02-20 18:09:57,375 INFO L290 TraceCheckUtils]: 17: Hoare triple {66#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {66#false} is VALID [2022-02-20 18:09:57,376 INFO L290 TraceCheckUtils]: 18: Hoare triple {66#false} assume !false; {66#false} is VALID [2022-02-20 18:09:57,377 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:09:57,377 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:09:57,377 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1527919962] [2022-02-20 18:09:57,398 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1527919962] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:09:57,398 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:09:57,398 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:09:57,401 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [137754322] [2022-02-20 18:09:57,401 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:09:57,405 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:09:57,406 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:09:57,408 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,452 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:57,453 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:09:57,453 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:09:57,476 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:09:57,477 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:09:57,479 INFO L87 Difference]: Start difference. First operand has 62 states, 50 states have (on average 1.4) internal successors, (70), 54 states have internal predecessors, (70), 6 states have call successors, (6), 4 states have call predecessors, (6), 4 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,559 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:57,560 INFO L93 Difference]: Finished difference Result 116 states and 159 transitions. [2022-02-20 18:09:57,560 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:09:57,560 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:09:57,560 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:09:57,562 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,572 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 159 transitions. [2022-02-20 18:09:57,572 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,579 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 159 transitions. [2022-02-20 18:09:57,580 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 159 transitions. [2022-02-20 18:09:57,696 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 159 edges. 159 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:57,702 INFO L225 Difference]: With dead ends: 116 [2022-02-20 18:09:57,702 INFO L226 Difference]: Without dead ends: 53 [2022-02-20 18:09:57,704 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:09:57,706 INFO L933 BasicCegarLoop]: 76 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 76 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:09:57,707 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 76 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:09:57,717 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 53 states. [2022-02-20 18:09:57,726 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 53 to 53. [2022-02-20 18:09:57,726 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:09:57,727 INFO L82 GeneralOperation]: Start isEquivalent. First operand 53 states. Second operand has 53 states, 43 states have (on average 1.302325581395349) internal successors, (56), 46 states have internal predecessors, (56), 6 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 5 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:09:57,728 INFO L74 IsIncluded]: Start isIncluded. First operand 53 states. Second operand has 53 states, 43 states have (on average 1.302325581395349) internal successors, (56), 46 states have internal predecessors, (56), 6 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 5 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:09:57,728 INFO L87 Difference]: Start difference. First operand 53 states. Second operand has 53 states, 43 states have (on average 1.302325581395349) internal successors, (56), 46 states have internal predecessors, (56), 6 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 5 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:09:57,731 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:57,731 INFO L93 Difference]: Finished difference Result 53 states and 67 transitions. [2022-02-20 18:09:57,731 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 67 transitions. [2022-02-20 18:09:57,732 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:57,732 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:57,733 INFO L74 IsIncluded]: Start isIncluded. First operand has 53 states, 43 states have (on average 1.302325581395349) internal successors, (56), 46 states have internal predecessors, (56), 6 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 5 states have call predecessors, (5), 5 states have call successors, (5) Second operand 53 states. [2022-02-20 18:09:57,733 INFO L87 Difference]: Start difference. First operand has 53 states, 43 states have (on average 1.302325581395349) internal successors, (56), 46 states have internal predecessors, (56), 6 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 5 states have call predecessors, (5), 5 states have call successors, (5) Second operand 53 states. [2022-02-20 18:09:57,735 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:57,735 INFO L93 Difference]: Finished difference Result 53 states and 67 transitions. [2022-02-20 18:09:57,736 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 67 transitions. [2022-02-20 18:09:57,736 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:57,736 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:57,736 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:09:57,737 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:09:57,737 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 53 states, 43 states have (on average 1.302325581395349) internal successors, (56), 46 states have internal predecessors, (56), 6 states have call successors, (6), 4 states have call predecessors, (6), 3 states have return successors, (5), 5 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:09:57,739 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 53 states to 53 states and 67 transitions. [2022-02-20 18:09:57,740 INFO L78 Accepts]: Start accepts. Automaton has 53 states and 67 transitions. Word has length 19 [2022-02-20 18:09:57,740 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:09:57,740 INFO L470 AbstractCegarLoop]: Abstraction has 53 states and 67 transitions. [2022-02-20 18:09:57,741 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,741 INFO L276 IsEmpty]: Start isEmpty. Operand 53 states and 67 transitions. [2022-02-20 18:09:57,741 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:09:57,742 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:09:57,742 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:09:57,742 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:09:57,742 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:09:57,743 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:09:57,743 INFO L85 PathProgramCache]: Analyzing trace with hash 1987482606, now seen corresponding path program 1 times [2022-02-20 18:09:57,743 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:09:57,743 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [357924330] [2022-02-20 18:09:57,743 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:57,743 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:09:57,762 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:57,784 INFO L290 TraceCheckUtils]: 0: Hoare triple {418#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {418#true} is VALID [2022-02-20 18:09:57,785 INFO L290 TraceCheckUtils]: 1: Hoare triple {418#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {418#true} is VALID [2022-02-20 18:09:57,785 INFO L290 TraceCheckUtils]: 2: Hoare triple {418#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {418#true} is VALID [2022-02-20 18:09:57,785 INFO L290 TraceCheckUtils]: 3: Hoare triple {418#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {418#true} is VALID [2022-02-20 18:09:57,786 INFO L290 TraceCheckUtils]: 4: Hoare triple {418#true} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {418#true} is VALID [2022-02-20 18:09:57,786 INFO L290 TraceCheckUtils]: 5: Hoare triple {418#true} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {418#true} is VALID [2022-02-20 18:09:57,786 INFO L290 TraceCheckUtils]: 6: Hoare triple {418#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {420#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:09:57,787 INFO L290 TraceCheckUtils]: 7: Hoare triple {420#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {420#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:09:57,787 INFO L290 TraceCheckUtils]: 8: Hoare triple {420#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {419#false} is VALID [2022-02-20 18:09:57,787 INFO L272 TraceCheckUtils]: 9: Hoare triple {419#false} call cleanup(); {419#false} is VALID [2022-02-20 18:09:57,787 INFO L290 TraceCheckUtils]: 10: Hoare triple {419#false} havoc ~i~0;havoc ~__cil_tmp2~0; {419#false} is VALID [2022-02-20 18:09:57,788 INFO L272 TraceCheckUtils]: 11: Hoare triple {419#false} call timeShift(); {419#false} is VALID [2022-02-20 18:09:57,788 INFO L290 TraceCheckUtils]: 12: Hoare triple {419#false} assume !(0 != ~pumpRunning~0); {419#false} is VALID [2022-02-20 18:09:57,788 INFO L290 TraceCheckUtils]: 13: Hoare triple {419#false} assume !(0 != ~systemActive~0); {419#false} is VALID [2022-02-20 18:09:57,788 INFO L290 TraceCheckUtils]: 14: Hoare triple {419#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {419#false} is VALID [2022-02-20 18:09:57,788 INFO L290 TraceCheckUtils]: 15: Hoare triple {419#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {419#false} is VALID [2022-02-20 18:09:57,789 INFO L290 TraceCheckUtils]: 16: Hoare triple {419#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {419#false} is VALID [2022-02-20 18:09:57,789 INFO L290 TraceCheckUtils]: 17: Hoare triple {419#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {419#false} is VALID [2022-02-20 18:09:57,789 INFO L290 TraceCheckUtils]: 18: Hoare triple {419#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {419#false} is VALID [2022-02-20 18:09:57,789 INFO L290 TraceCheckUtils]: 19: Hoare triple {419#false} assume !false; {419#false} is VALID [2022-02-20 18:09:57,789 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:09:57,790 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:09:57,790 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [357924330] [2022-02-20 18:09:57,790 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [357924330] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:09:57,790 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:09:57,790 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:09:57,790 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [406749304] [2022-02-20 18:09:57,791 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:09:57,792 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:09:57,792 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:09:57,792 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,806 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:57,807 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:09:57,807 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:09:57,808 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:09:57,808 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:09:57,808 INFO L87 Difference]: Start difference. First operand 53 states and 67 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,853 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:57,853 INFO L93 Difference]: Finished difference Result 68 states and 85 transitions. [2022-02-20 18:09:57,853 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:09:57,854 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:09:57,854 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:09:57,854 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,856 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 85 transitions. [2022-02-20 18:09:57,856 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,857 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 85 transitions. [2022-02-20 18:09:57,857 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 85 transitions. [2022-02-20 18:09:57,913 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 85 edges. 85 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:57,914 INFO L225 Difference]: With dead ends: 68 [2022-02-20 18:09:57,914 INFO L226 Difference]: Without dead ends: 44 [2022-02-20 18:09:57,915 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:09:57,916 INFO L933 BasicCegarLoop]: 54 mSDtfsCounter, 17 mSDsluCounter, 33 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 87 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:09:57,916 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 87 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:09:57,917 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 44 states. [2022-02-20 18:09:57,919 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 44 to 44. [2022-02-20 18:09:57,919 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:09:57,920 INFO L82 GeneralOperation]: Start isEquivalent. First operand 44 states. Second operand has 44 states, 37 states have (on average 1.3243243243243243) internal successors, (49), 40 states have internal predecessors, (49), 3 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:09:57,920 INFO L74 IsIncluded]: Start isIncluded. First operand 44 states. Second operand has 44 states, 37 states have (on average 1.3243243243243243) internal successors, (49), 40 states have internal predecessors, (49), 3 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:09:57,920 INFO L87 Difference]: Start difference. First operand 44 states. Second operand has 44 states, 37 states have (on average 1.3243243243243243) internal successors, (49), 40 states have internal predecessors, (49), 3 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:09:57,922 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:57,922 INFO L93 Difference]: Finished difference Result 44 states and 55 transitions. [2022-02-20 18:09:57,922 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 55 transitions. [2022-02-20 18:09:57,922 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:57,922 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:57,923 INFO L74 IsIncluded]: Start isIncluded. First operand has 44 states, 37 states have (on average 1.3243243243243243) internal successors, (49), 40 states have internal predecessors, (49), 3 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) Second operand 44 states. [2022-02-20 18:09:57,923 INFO L87 Difference]: Start difference. First operand has 44 states, 37 states have (on average 1.3243243243243243) internal successors, (49), 40 states have internal predecessors, (49), 3 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) Second operand 44 states. [2022-02-20 18:09:57,924 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:57,924 INFO L93 Difference]: Finished difference Result 44 states and 55 transitions. [2022-02-20 18:09:57,924 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 55 transitions. [2022-02-20 18:09:57,925 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:57,925 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:57,925 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:09:57,925 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:09:57,925 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 44 states, 37 states have (on average 1.3243243243243243) internal successors, (49), 40 states have internal predecessors, (49), 3 states have call successors, (3), 3 states have call predecessors, (3), 3 states have return successors, (3), 3 states have call predecessors, (3), 3 states have call successors, (3) [2022-02-20 18:09:57,927 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 44 states to 44 states and 55 transitions. [2022-02-20 18:09:57,927 INFO L78 Accepts]: Start accepts. Automaton has 44 states and 55 transitions. Word has length 20 [2022-02-20 18:09:57,927 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:09:57,927 INFO L470 AbstractCegarLoop]: Abstraction has 44 states and 55 transitions. [2022-02-20 18:09:57,927 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:57,927 INFO L276 IsEmpty]: Start isEmpty. Operand 44 states and 55 transitions. [2022-02-20 18:09:57,928 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:09:57,928 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:09:57,928 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:09:57,928 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:09:57,929 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:09:57,929 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:09:57,929 INFO L85 PathProgramCache]: Analyzing trace with hash -296029766, now seen corresponding path program 1 times [2022-02-20 18:09:57,929 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:09:57,930 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [870714761] [2022-02-20 18:09:57,930 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:57,930 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:09:57,949 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:57,975 INFO L290 TraceCheckUtils]: 0: Hoare triple {670#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,975 INFO L290 TraceCheckUtils]: 1: Hoare triple {672#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,976 INFO L290 TraceCheckUtils]: 2: Hoare triple {672#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,976 INFO L290 TraceCheckUtils]: 3: Hoare triple {672#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,977 INFO L290 TraceCheckUtils]: 4: Hoare triple {672#(= 1 ~systemActive~0)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,977 INFO L290 TraceCheckUtils]: 5: Hoare triple {672#(= 1 ~systemActive~0)} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,978 INFO L290 TraceCheckUtils]: 6: Hoare triple {672#(= 1 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,978 INFO L290 TraceCheckUtils]: 7: Hoare triple {672#(= 1 ~systemActive~0)} assume !false; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,978 INFO L290 TraceCheckUtils]: 8: Hoare triple {672#(= 1 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,979 INFO L290 TraceCheckUtils]: 9: Hoare triple {672#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,979 INFO L290 TraceCheckUtils]: 10: Hoare triple {672#(= 1 ~systemActive~0)} assume !(0 != test_~tmp~3#1); {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,980 INFO L290 TraceCheckUtils]: 11: Hoare triple {672#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,980 INFO L290 TraceCheckUtils]: 12: Hoare triple {672#(= 1 ~systemActive~0)} assume !(0 != test_~tmp___0~0#1); {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,981 INFO L290 TraceCheckUtils]: 13: Hoare triple {672#(= 1 ~systemActive~0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,981 INFO L290 TraceCheckUtils]: 14: Hoare triple {672#(= 1 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,982 INFO L272 TraceCheckUtils]: 15: Hoare triple {672#(= 1 ~systemActive~0)} call timeShift(); {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,982 INFO L290 TraceCheckUtils]: 16: Hoare triple {672#(= 1 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {672#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:09:57,990 INFO L290 TraceCheckUtils]: 17: Hoare triple {672#(= 1 ~systemActive~0)} assume !(0 != ~systemActive~0); {671#false} is VALID [2022-02-20 18:09:57,991 INFO L290 TraceCheckUtils]: 18: Hoare triple {671#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {671#false} is VALID [2022-02-20 18:09:57,991 INFO L290 TraceCheckUtils]: 19: Hoare triple {671#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {671#false} is VALID [2022-02-20 18:09:57,991 INFO L290 TraceCheckUtils]: 20: Hoare triple {671#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {671#false} is VALID [2022-02-20 18:09:57,991 INFO L290 TraceCheckUtils]: 21: Hoare triple {671#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {671#false} is VALID [2022-02-20 18:09:57,991 INFO L290 TraceCheckUtils]: 22: Hoare triple {671#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {671#false} is VALID [2022-02-20 18:09:57,992 INFO L290 TraceCheckUtils]: 23: Hoare triple {671#false} assume !false; {671#false} is VALID [2022-02-20 18:09:57,992 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:09:57,992 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:09:57,992 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [870714761] [2022-02-20 18:09:57,993 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [870714761] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:09:57,993 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:09:57,993 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:09:57,993 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1152172832] [2022-02-20 18:09:57,993 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:09:57,994 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:09:57,994 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:09:57,994 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,012 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:58,013 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:09:58,013 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:09:58,014 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:09:58,014 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:09:58,014 INFO L87 Difference]: Start difference. First operand 44 states and 55 transitions. Second operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,072 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:58,072 INFO L93 Difference]: Finished difference Result 117 states and 151 transitions. [2022-02-20 18:09:58,072 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:09:58,073 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:09:58,073 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:09:58,073 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,075 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 151 transitions. [2022-02-20 18:09:58,075 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,077 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 151 transitions. [2022-02-20 18:09:58,077 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 151 transitions. [2022-02-20 18:09:58,206 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 151 edges. 151 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:58,208 INFO L225 Difference]: With dead ends: 117 [2022-02-20 18:09:58,208 INFO L226 Difference]: Without dead ends: 80 [2022-02-20 18:09:58,209 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:09:58,210 INFO L933 BasicCegarLoop]: 57 mSDtfsCounter, 35 mSDsluCounter, 45 mSDsCounter, 0 mSdLazyCounter, 4 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 35 SdHoareTripleChecker+Valid, 102 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 4 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:09:58,210 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [35 Valid, 102 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 4 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:09:58,211 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 80 states. [2022-02-20 18:09:58,216 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 80 to 75. [2022-02-20 18:09:58,216 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:09:58,216 INFO L82 GeneralOperation]: Start isEquivalent. First operand 80 states. Second operand has 75 states, 62 states have (on average 1.3548387096774193) internal successors, (84), 67 states have internal predecessors, (84), 6 states have call successors, (6), 6 states have call predecessors, (6), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-20 18:09:58,217 INFO L74 IsIncluded]: Start isIncluded. First operand 80 states. Second operand has 75 states, 62 states have (on average 1.3548387096774193) internal successors, (84), 67 states have internal predecessors, (84), 6 states have call successors, (6), 6 states have call predecessors, (6), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-20 18:09:58,217 INFO L87 Difference]: Start difference. First operand 80 states. Second operand has 75 states, 62 states have (on average 1.3548387096774193) internal successors, (84), 67 states have internal predecessors, (84), 6 states have call successors, (6), 6 states have call predecessors, (6), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-20 18:09:58,219 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:58,219 INFO L93 Difference]: Finished difference Result 80 states and 101 transitions. [2022-02-20 18:09:58,219 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 101 transitions. [2022-02-20 18:09:58,220 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:58,220 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:58,220 INFO L74 IsIncluded]: Start isIncluded. First operand has 75 states, 62 states have (on average 1.3548387096774193) internal successors, (84), 67 states have internal predecessors, (84), 6 states have call successors, (6), 6 states have call predecessors, (6), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 80 states. [2022-02-20 18:09:58,221 INFO L87 Difference]: Start difference. First operand has 75 states, 62 states have (on average 1.3548387096774193) internal successors, (84), 67 states have internal predecessors, (84), 6 states have call successors, (6), 6 states have call predecessors, (6), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) Second operand 80 states. [2022-02-20 18:09:58,223 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:58,223 INFO L93 Difference]: Finished difference Result 80 states and 101 transitions. [2022-02-20 18:09:58,223 INFO L276 IsEmpty]: Start isEmpty. Operand 80 states and 101 transitions. [2022-02-20 18:09:58,224 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:58,224 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:58,224 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:09:58,224 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:09:58,224 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 75 states, 62 states have (on average 1.3548387096774193) internal successors, (84), 67 states have internal predecessors, (84), 6 states have call successors, (6), 6 states have call predecessors, (6), 6 states have return successors, (6), 6 states have call predecessors, (6), 6 states have call successors, (6) [2022-02-20 18:09:58,226 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 75 states to 75 states and 96 transitions. [2022-02-20 18:09:58,227 INFO L78 Accepts]: Start accepts. Automaton has 75 states and 96 transitions. Word has length 24 [2022-02-20 18:09:58,227 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:09:58,227 INFO L470 AbstractCegarLoop]: Abstraction has 75 states and 96 transitions. [2022-02-20 18:09:58,227 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 7.666666666666667) internal successors, (23), 2 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,227 INFO L276 IsEmpty]: Start isEmpty. Operand 75 states and 96 transitions. [2022-02-20 18:09:58,228 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 26 [2022-02-20 18:09:58,228 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:09:58,228 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:09:58,228 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:09:58,229 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:09:58,229 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:09:58,229 INFO L85 PathProgramCache]: Analyzing trace with hash 1716566345, now seen corresponding path program 1 times [2022-02-20 18:09:58,230 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:09:58,230 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2047230771] [2022-02-20 18:09:58,230 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:58,230 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:09:58,251 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:58,293 INFO L290 TraceCheckUtils]: 0: Hoare triple {1102#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,293 INFO L290 TraceCheckUtils]: 1: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,294 INFO L290 TraceCheckUtils]: 2: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,294 INFO L290 TraceCheckUtils]: 3: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,295 INFO L290 TraceCheckUtils]: 4: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,295 INFO L290 TraceCheckUtils]: 5: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,296 INFO L290 TraceCheckUtils]: 6: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,296 INFO L290 TraceCheckUtils]: 7: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume !false; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,297 INFO L290 TraceCheckUtils]: 8: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume test_~splverifierCounter~0#1 < 4; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,297 INFO L290 TraceCheckUtils]: 9: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,298 INFO L290 TraceCheckUtils]: 10: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume !(0 != test_~tmp~3#1); {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,298 INFO L290 TraceCheckUtils]: 11: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,299 INFO L290 TraceCheckUtils]: 12: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume !(0 != test_~tmp___0~0#1); {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,299 INFO L290 TraceCheckUtils]: 13: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,299 INFO L290 TraceCheckUtils]: 14: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume 0 != test_~tmp___2~0#1; {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,300 INFO L272 TraceCheckUtils]: 15: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} call timeShift(); {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,301 INFO L290 TraceCheckUtils]: 16: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume !(0 != ~pumpRunning~0); {1104#(= ~waterLevel~0 ~systemActive~0)} is VALID [2022-02-20 18:09:58,301 INFO L290 TraceCheckUtils]: 17: Hoare triple {1104#(= ~waterLevel~0 ~systemActive~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {1105#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:58,302 INFO L290 TraceCheckUtils]: 18: Hoare triple {1105#(not (= ~waterLevel~0 0))} assume { :end_inline_processEnvironment } true; {1105#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:58,302 INFO L290 TraceCheckUtils]: 19: Hoare triple {1105#(not (= ~waterLevel~0 0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {1106#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:09:58,303 INFO L290 TraceCheckUtils]: 20: Hoare triple {1106#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {1107#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))} is VALID [2022-02-20 18:09:58,303 INFO L290 TraceCheckUtils]: 21: Hoare triple {1107#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {1103#false} is VALID [2022-02-20 18:09:58,303 INFO L290 TraceCheckUtils]: 22: Hoare triple {1103#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {1103#false} is VALID [2022-02-20 18:09:58,304 INFO L290 TraceCheckUtils]: 23: Hoare triple {1103#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {1103#false} is VALID [2022-02-20 18:09:58,304 INFO L290 TraceCheckUtils]: 24: Hoare triple {1103#false} assume !false; {1103#false} is VALID [2022-02-20 18:09:58,304 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:09:58,304 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:09:58,305 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2047230771] [2022-02-20 18:09:58,305 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2047230771] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:09:58,305 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:09:58,305 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:09:58,305 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1592051600] [2022-02-20 18:09:58,306 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:09:58,306 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 25 [2022-02-20 18:09:58,306 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:09:58,307 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,326 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:58,326 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:09:58,327 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:09:58,327 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:09:58,327 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:09:58,328 INFO L87 Difference]: Start difference. First operand 75 states and 96 transitions. Second operand has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,624 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:58,625 INFO L93 Difference]: Finished difference Result 243 states and 329 transitions. [2022-02-20 18:09:58,625 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:09:58,625 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 25 [2022-02-20 18:09:58,625 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:09:58,626 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,628 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 201 transitions. [2022-02-20 18:09:58,629 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,631 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 201 transitions. [2022-02-20 18:09:58,632 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 201 transitions. [2022-02-20 18:09:58,775 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 201 edges. 201 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:58,779 INFO L225 Difference]: With dead ends: 243 [2022-02-20 18:09:58,780 INFO L226 Difference]: Without dead ends: 175 [2022-02-20 18:09:58,780 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 7 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:09:58,781 INFO L933 BasicCegarLoop]: 57 mSDtfsCounter, 112 mSDsluCounter, 227 mSDsCounter, 0 mSdLazyCounter, 50 mSolverCounterSat, 15 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 112 SdHoareTripleChecker+Valid, 284 SdHoareTripleChecker+Invalid, 65 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 15 IncrementalHoareTripleChecker+Valid, 50 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:09:58,781 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [112 Valid, 284 Invalid, 65 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [15 Valid, 50 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:09:58,782 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 175 states. [2022-02-20 18:09:58,789 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 175 to 133. [2022-02-20 18:09:58,790 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:09:58,790 INFO L82 GeneralOperation]: Start isEquivalent. First operand 175 states. Second operand has 133 states, 110 states have (on average 1.3454545454545455) internal successors, (148), 119 states have internal predecessors, (148), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (14), 12 states have call predecessors, (14), 10 states have call successors, (14) [2022-02-20 18:09:58,791 INFO L74 IsIncluded]: Start isIncluded. First operand 175 states. Second operand has 133 states, 110 states have (on average 1.3454545454545455) internal successors, (148), 119 states have internal predecessors, (148), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (14), 12 states have call predecessors, (14), 10 states have call successors, (14) [2022-02-20 18:09:58,791 INFO L87 Difference]: Start difference. First operand 175 states. Second operand has 133 states, 110 states have (on average 1.3454545454545455) internal successors, (148), 119 states have internal predecessors, (148), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (14), 12 states have call predecessors, (14), 10 states have call successors, (14) [2022-02-20 18:09:58,796 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:58,796 INFO L93 Difference]: Finished difference Result 175 states and 234 transitions. [2022-02-20 18:09:58,796 INFO L276 IsEmpty]: Start isEmpty. Operand 175 states and 234 transitions. [2022-02-20 18:09:58,797 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:58,797 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:58,798 INFO L74 IsIncluded]: Start isIncluded. First operand has 133 states, 110 states have (on average 1.3454545454545455) internal successors, (148), 119 states have internal predecessors, (148), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (14), 12 states have call predecessors, (14), 10 states have call successors, (14) Second operand 175 states. [2022-02-20 18:09:58,798 INFO L87 Difference]: Start difference. First operand has 133 states, 110 states have (on average 1.3454545454545455) internal successors, (148), 119 states have internal predecessors, (148), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (14), 12 states have call predecessors, (14), 10 states have call successors, (14) Second operand 175 states. [2022-02-20 18:09:58,803 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:58,803 INFO L93 Difference]: Finished difference Result 175 states and 234 transitions. [2022-02-20 18:09:58,803 INFO L276 IsEmpty]: Start isEmpty. Operand 175 states and 234 transitions. [2022-02-20 18:09:58,804 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:58,804 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:58,804 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:09:58,804 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:09:58,805 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 133 states, 110 states have (on average 1.3454545454545455) internal successors, (148), 119 states have internal predecessors, (148), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (14), 12 states have call predecessors, (14), 10 states have call successors, (14) [2022-02-20 18:09:58,808 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 133 states to 133 states and 172 transitions. [2022-02-20 18:09:58,808 INFO L78 Accepts]: Start accepts. Automaton has 133 states and 172 transitions. Word has length 25 [2022-02-20 18:09:58,808 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:09:58,809 INFO L470 AbstractCegarLoop]: Abstraction has 133 states and 172 transitions. [2022-02-20 18:09:58,809 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.0) internal successors, (24), 5 states have internal predecessors, (24), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,809 INFO L276 IsEmpty]: Start isEmpty. Operand 133 states and 172 transitions. [2022-02-20 18:09:58,810 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 28 [2022-02-20 18:09:58,810 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:09:58,810 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:09:58,810 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:09:58,810 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:09:58,811 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:09:58,811 INFO L85 PathProgramCache]: Analyzing trace with hash 1833945412, now seen corresponding path program 1 times [2022-02-20 18:09:58,811 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:09:58,811 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1769074489] [2022-02-20 18:09:58,811 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:58,811 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:09:58,827 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:58,857 INFO L290 TraceCheckUtils]: 0: Hoare triple {1990#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,857 INFO L290 TraceCheckUtils]: 1: Hoare triple {1992#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,858 INFO L290 TraceCheckUtils]: 2: Hoare triple {1992#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,858 INFO L290 TraceCheckUtils]: 3: Hoare triple {1992#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,859 INFO L290 TraceCheckUtils]: 4: Hoare triple {1992#(= ~pumpRunning~0 0)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,859 INFO L290 TraceCheckUtils]: 5: Hoare triple {1992#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,859 INFO L290 TraceCheckUtils]: 6: Hoare triple {1992#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,860 INFO L290 TraceCheckUtils]: 7: Hoare triple {1992#(= ~pumpRunning~0 0)} assume !false; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,860 INFO L290 TraceCheckUtils]: 8: Hoare triple {1992#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,860 INFO L290 TraceCheckUtils]: 9: Hoare triple {1992#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,861 INFO L290 TraceCheckUtils]: 10: Hoare triple {1992#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~3#1); {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,861 INFO L290 TraceCheckUtils]: 11: Hoare triple {1992#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,861 INFO L290 TraceCheckUtils]: 12: Hoare triple {1992#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,862 INFO L290 TraceCheckUtils]: 13: Hoare triple {1992#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,862 INFO L290 TraceCheckUtils]: 14: Hoare triple {1992#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,865 INFO L272 TraceCheckUtils]: 15: Hoare triple {1992#(= ~pumpRunning~0 0)} call timeShift(); {1992#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:58,865 INFO L290 TraceCheckUtils]: 16: Hoare triple {1992#(= ~pumpRunning~0 0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {1991#false} is VALID [2022-02-20 18:09:58,866 INFO L290 TraceCheckUtils]: 17: Hoare triple {1991#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {1991#false} is VALID [2022-02-20 18:09:58,866 INFO L290 TraceCheckUtils]: 18: Hoare triple {1991#false} assume { :end_inline_lowerWaterLevel } true; {1991#false} is VALID [2022-02-20 18:09:58,866 INFO L290 TraceCheckUtils]: 19: Hoare triple {1991#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {1991#false} is VALID [2022-02-20 18:09:58,866 INFO L290 TraceCheckUtils]: 20: Hoare triple {1991#false} assume { :end_inline_processEnvironment } true; {1991#false} is VALID [2022-02-20 18:09:58,866 INFO L290 TraceCheckUtils]: 21: Hoare triple {1991#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {1991#false} is VALID [2022-02-20 18:09:58,867 INFO L290 TraceCheckUtils]: 22: Hoare triple {1991#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {1991#false} is VALID [2022-02-20 18:09:58,867 INFO L290 TraceCheckUtils]: 23: Hoare triple {1991#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {1991#false} is VALID [2022-02-20 18:09:58,867 INFO L290 TraceCheckUtils]: 24: Hoare triple {1991#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {1991#false} is VALID [2022-02-20 18:09:58,867 INFO L290 TraceCheckUtils]: 25: Hoare triple {1991#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {1991#false} is VALID [2022-02-20 18:09:58,867 INFO L290 TraceCheckUtils]: 26: Hoare triple {1991#false} assume !false; {1991#false} is VALID [2022-02-20 18:09:58,868 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:09:58,868 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:09:58,868 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1769074489] [2022-02-20 18:09:58,868 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1769074489] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:09:58,868 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:09:58,868 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:09:58,869 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1574279192] [2022-02-20 18:09:58,869 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:09:58,869 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 27 [2022-02-20 18:09:58,869 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:09:58,870 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,886 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 27 edges. 27 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:58,886 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:09:58,886 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:09:58,887 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:09:58,887 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:09:58,887 INFO L87 Difference]: Start difference. First operand 133 states and 172 transitions. Second operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,933 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:58,933 INFO L93 Difference]: Finished difference Result 249 states and 327 transitions. [2022-02-20 18:09:58,933 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:09:58,933 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 27 [2022-02-20 18:09:58,934 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:09:58,934 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,935 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 100 transitions. [2022-02-20 18:09:58,935 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:58,936 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 100 transitions. [2022-02-20 18:09:58,936 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 100 transitions. [2022-02-20 18:09:59,005 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 100 edges. 100 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:59,007 INFO L225 Difference]: With dead ends: 249 [2022-02-20 18:09:59,007 INFO L226 Difference]: Without dead ends: 123 [2022-02-20 18:09:59,008 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:09:59,009 INFO L933 BasicCegarLoop]: 46 mSDtfsCounter, 33 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 33 SdHoareTripleChecker+Valid, 46 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:09:59,009 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [33 Valid, 46 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:09:59,009 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 123 states. [2022-02-20 18:09:59,015 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 123 to 123. [2022-02-20 18:09:59,015 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:09:59,016 INFO L82 GeneralOperation]: Start isEquivalent. First operand 123 states. Second operand has 123 states, 100 states have (on average 1.28) internal successors, (128), 109 states have internal predecessors, (128), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (12), 12 states have call predecessors, (12), 10 states have call successors, (12) [2022-02-20 18:09:59,016 INFO L74 IsIncluded]: Start isIncluded. First operand 123 states. Second operand has 123 states, 100 states have (on average 1.28) internal successors, (128), 109 states have internal predecessors, (128), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (12), 12 states have call predecessors, (12), 10 states have call successors, (12) [2022-02-20 18:09:59,017 INFO L87 Difference]: Start difference. First operand 123 states. Second operand has 123 states, 100 states have (on average 1.28) internal successors, (128), 109 states have internal predecessors, (128), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (12), 12 states have call predecessors, (12), 10 states have call successors, (12) [2022-02-20 18:09:59,019 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:59,019 INFO L93 Difference]: Finished difference Result 123 states and 150 transitions. [2022-02-20 18:09:59,019 INFO L276 IsEmpty]: Start isEmpty. Operand 123 states and 150 transitions. [2022-02-20 18:09:59,020 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:59,020 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:59,020 INFO L74 IsIncluded]: Start isIncluded. First operand has 123 states, 100 states have (on average 1.28) internal successors, (128), 109 states have internal predecessors, (128), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (12), 12 states have call predecessors, (12), 10 states have call successors, (12) Second operand 123 states. [2022-02-20 18:09:59,020 INFO L87 Difference]: Start difference. First operand has 123 states, 100 states have (on average 1.28) internal successors, (128), 109 states have internal predecessors, (128), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (12), 12 states have call predecessors, (12), 10 states have call successors, (12) Second operand 123 states. [2022-02-20 18:09:59,023 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:59,023 INFO L93 Difference]: Finished difference Result 123 states and 150 transitions. [2022-02-20 18:09:59,023 INFO L276 IsEmpty]: Start isEmpty. Operand 123 states and 150 transitions. [2022-02-20 18:09:59,023 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:59,023 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:59,024 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:09:59,024 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:09:59,024 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 123 states, 100 states have (on average 1.28) internal successors, (128), 109 states have internal predecessors, (128), 10 states have call successors, (10), 10 states have call predecessors, (10), 12 states have return successors, (12), 12 states have call predecessors, (12), 10 states have call successors, (12) [2022-02-20 18:09:59,026 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 123 states to 123 states and 150 transitions. [2022-02-20 18:09:59,027 INFO L78 Accepts]: Start accepts. Automaton has 123 states and 150 transitions. Word has length 27 [2022-02-20 18:09:59,027 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:09:59,027 INFO L470 AbstractCegarLoop]: Abstraction has 123 states and 150 transitions. [2022-02-20 18:09:59,027 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 8.666666666666666) internal successors, (26), 2 states have internal predecessors, (26), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:09:59,027 INFO L276 IsEmpty]: Start isEmpty. Operand 123 states and 150 transitions. [2022-02-20 18:09:59,028 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:09:59,028 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:09:59,033 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:09:59,033 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:09:59,033 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:09:59,034 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:09:59,034 INFO L85 PathProgramCache]: Analyzing trace with hash 957939555, now seen corresponding path program 1 times [2022-02-20 18:09:59,034 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:09:59,034 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1798268317] [2022-02-20 18:09:59,034 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:59,034 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:09:59,067 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,121 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:09:59,124 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,136 INFO L290 TraceCheckUtils]: 0: Hoare triple {2756#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:09:59,136 INFO L290 TraceCheckUtils]: 1: Hoare triple {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} assume true; {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:09:59,143 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} {2749#(= ~waterLevel~0 1)} #177#return; {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,143 INFO L290 TraceCheckUtils]: 0: Hoare triple {2747#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,144 INFO L290 TraceCheckUtils]: 1: Hoare triple {2749#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,144 INFO L290 TraceCheckUtils]: 2: Hoare triple {2749#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,144 INFO L290 TraceCheckUtils]: 3: Hoare triple {2749#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,145 INFO L290 TraceCheckUtils]: 4: Hoare triple {2749#(= ~waterLevel~0 1)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,145 INFO L290 TraceCheckUtils]: 5: Hoare triple {2749#(= ~waterLevel~0 1)} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,146 INFO L290 TraceCheckUtils]: 6: Hoare triple {2749#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,146 INFO L290 TraceCheckUtils]: 7: Hoare triple {2749#(= ~waterLevel~0 1)} assume !false; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,146 INFO L290 TraceCheckUtils]: 8: Hoare triple {2749#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,147 INFO L290 TraceCheckUtils]: 9: Hoare triple {2749#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,147 INFO L290 TraceCheckUtils]: 10: Hoare triple {2749#(= ~waterLevel~0 1)} assume 0 != test_~tmp~3#1; {2749#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:09:59,147 INFO L272 TraceCheckUtils]: 11: Hoare triple {2749#(= ~waterLevel~0 1)} call waterRise(); {2756#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:09:59,148 INFO L290 TraceCheckUtils]: 12: Hoare triple {2756#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:09:59,148 INFO L290 TraceCheckUtils]: 13: Hoare triple {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} assume true; {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:09:59,149 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {2757#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} {2749#(= ~waterLevel~0 1)} #177#return; {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,149 INFO L290 TraceCheckUtils]: 15: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,149 INFO L290 TraceCheckUtils]: 16: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp___0~0#1); {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,150 INFO L290 TraceCheckUtils]: 17: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,150 INFO L290 TraceCheckUtils]: 18: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume 0 != test_~tmp___2~0#1; {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,150 INFO L272 TraceCheckUtils]: 19: Hoare triple {2753#(not (= ~waterLevel~0 0))} call timeShift(); {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,151 INFO L290 TraceCheckUtils]: 20: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume !(0 != ~pumpRunning~0); {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,151 INFO L290 TraceCheckUtils]: 21: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,151 INFO L290 TraceCheckUtils]: 22: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume { :end_inline_processEnvironment } true; {2753#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:09:59,152 INFO L290 TraceCheckUtils]: 23: Hoare triple {2753#(not (= ~waterLevel~0 0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {2754#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:09:59,152 INFO L290 TraceCheckUtils]: 24: Hoare triple {2754#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {2755#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))} is VALID [2022-02-20 18:09:59,153 INFO L290 TraceCheckUtils]: 25: Hoare triple {2755#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {2748#false} is VALID [2022-02-20 18:09:59,153 INFO L290 TraceCheckUtils]: 26: Hoare triple {2748#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {2748#false} is VALID [2022-02-20 18:09:59,153 INFO L290 TraceCheckUtils]: 27: Hoare triple {2748#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {2748#false} is VALID [2022-02-20 18:09:59,153 INFO L290 TraceCheckUtils]: 28: Hoare triple {2748#false} assume !false; {2748#false} is VALID [2022-02-20 18:09:59,153 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:09:59,153 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:09:59,154 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1798268317] [2022-02-20 18:09:59,154 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1798268317] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:09:59,154 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:09:59,154 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:09:59,154 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1544732294] [2022-02-20 18:09:59,154 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:09:59,155 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.25) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:09:59,155 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:09:59,156 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 3.25) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:09:59,174 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:59,174 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:09:59,174 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:09:59,174 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:09:59,175 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:09:59,175 INFO L87 Difference]: Start difference. First operand 123 states and 150 transitions. Second operand has 8 states, 8 states have (on average 3.25) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:09:59,508 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:59,509 INFO L93 Difference]: Finished difference Result 355 states and 445 transitions. [2022-02-20 18:09:59,509 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 14 states. [2022-02-20 18:09:59,510 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.25) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:09:59,510 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:09:59,510 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.25) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:09:59,513 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 173 transitions. [2022-02-20 18:09:59,513 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.25) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:09:59,516 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 14 states to 14 states and 173 transitions. [2022-02-20 18:09:59,517 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 14 states and 173 transitions. [2022-02-20 18:09:59,623 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 173 edges. 173 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:09:59,633 INFO L225 Difference]: With dead ends: 355 [2022-02-20 18:09:59,634 INFO L226 Difference]: Without dead ends: 239 [2022-02-20 18:09:59,635 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 14 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 27 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=69, Invalid=171, Unknown=0, NotChecked=0, Total=240 [2022-02-20 18:09:59,638 INFO L933 BasicCegarLoop]: 46 mSDtfsCounter, 125 mSDsluCounter, 203 mSDsCounter, 0 mSdLazyCounter, 107 mSolverCounterSat, 17 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 127 SdHoareTripleChecker+Valid, 249 SdHoareTripleChecker+Invalid, 124 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 17 IncrementalHoareTripleChecker+Valid, 107 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:09:59,643 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [127 Valid, 249 Invalid, 124 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [17 Valid, 107 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:09:59,655 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 239 states. [2022-02-20 18:09:59,666 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 239 to 180. [2022-02-20 18:09:59,666 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:09:59,667 INFO L82 GeneralOperation]: Start isEquivalent. First operand 239 states. Second operand has 180 states, 145 states have (on average 1.2689655172413794) internal successors, (184), 158 states have internal predecessors, (184), 16 states have call successors, (16), 16 states have call predecessors, (16), 18 states have return successors, (18), 16 states have call predecessors, (18), 16 states have call successors, (18) [2022-02-20 18:09:59,667 INFO L74 IsIncluded]: Start isIncluded. First operand 239 states. Second operand has 180 states, 145 states have (on average 1.2689655172413794) internal successors, (184), 158 states have internal predecessors, (184), 16 states have call successors, (16), 16 states have call predecessors, (16), 18 states have return successors, (18), 16 states have call predecessors, (18), 16 states have call successors, (18) [2022-02-20 18:09:59,668 INFO L87 Difference]: Start difference. First operand 239 states. Second operand has 180 states, 145 states have (on average 1.2689655172413794) internal successors, (184), 158 states have internal predecessors, (184), 16 states have call successors, (16), 16 states have call predecessors, (16), 18 states have return successors, (18), 16 states have call predecessors, (18), 16 states have call successors, (18) [2022-02-20 18:09:59,689 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:59,689 INFO L93 Difference]: Finished difference Result 239 states and 294 transitions. [2022-02-20 18:09:59,689 INFO L276 IsEmpty]: Start isEmpty. Operand 239 states and 294 transitions. [2022-02-20 18:09:59,690 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:59,690 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:59,690 INFO L74 IsIncluded]: Start isIncluded. First operand has 180 states, 145 states have (on average 1.2689655172413794) internal successors, (184), 158 states have internal predecessors, (184), 16 states have call successors, (16), 16 states have call predecessors, (16), 18 states have return successors, (18), 16 states have call predecessors, (18), 16 states have call successors, (18) Second operand 239 states. [2022-02-20 18:09:59,691 INFO L87 Difference]: Start difference. First operand has 180 states, 145 states have (on average 1.2689655172413794) internal successors, (184), 158 states have internal predecessors, (184), 16 states have call successors, (16), 16 states have call predecessors, (16), 18 states have return successors, (18), 16 states have call predecessors, (18), 16 states have call successors, (18) Second operand 239 states. [2022-02-20 18:09:59,696 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:09:59,696 INFO L93 Difference]: Finished difference Result 239 states and 294 transitions. [2022-02-20 18:09:59,696 INFO L276 IsEmpty]: Start isEmpty. Operand 239 states and 294 transitions. [2022-02-20 18:09:59,696 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:09:59,696 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:09:59,696 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:09:59,696 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:09:59,697 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 180 states, 145 states have (on average 1.2689655172413794) internal successors, (184), 158 states have internal predecessors, (184), 16 states have call successors, (16), 16 states have call predecessors, (16), 18 states have return successors, (18), 16 states have call predecessors, (18), 16 states have call successors, (18) [2022-02-20 18:09:59,701 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 180 states to 180 states and 218 transitions. [2022-02-20 18:09:59,701 INFO L78 Accepts]: Start accepts. Automaton has 180 states and 218 transitions. Word has length 29 [2022-02-20 18:09:59,701 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:09:59,701 INFO L470 AbstractCegarLoop]: Abstraction has 180 states and 218 transitions. [2022-02-20 18:09:59,701 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 3.25) internal successors, (26), 6 states have internal predecessors, (26), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:09:59,701 INFO L276 IsEmpty]: Start isEmpty. Operand 180 states and 218 transitions. [2022-02-20 18:09:59,702 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 52 [2022-02-20 18:09:59,702 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:09:59,702 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:09:59,702 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:09:59,702 INFO L402 AbstractCegarLoop]: === Iteration 7 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:09:59,716 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:09:59,716 INFO L85 PathProgramCache]: Analyzing trace with hash -426576330, now seen corresponding path program 1 times [2022-02-20 18:09:59,716 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:09:59,716 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [120100048] [2022-02-20 18:09:59,717 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:59,717 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:09:59,739 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,793 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:09:59,797 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,802 INFO L290 TraceCheckUtils]: 0: Hoare triple {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {3982#true} is VALID [2022-02-20 18:09:59,802 INFO L290 TraceCheckUtils]: 1: Hoare triple {3982#true} assume true; {3982#true} is VALID [2022-02-20 18:09:59,803 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3982#true} {3984#(= ~pumpRunning~0 0)} #177#return; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,803 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:09:59,806 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,810 INFO L290 TraceCheckUtils]: 0: Hoare triple {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,810 INFO L290 TraceCheckUtils]: 1: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,811 INFO L290 TraceCheckUtils]: 2: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,811 INFO L290 TraceCheckUtils]: 3: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,811 INFO L290 TraceCheckUtils]: 4: Hoare triple {3984#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,814 INFO L290 TraceCheckUtils]: 5: Hoare triple {3984#(= ~pumpRunning~0 0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,815 INFO L290 TraceCheckUtils]: 6: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,815 INFO L290 TraceCheckUtils]: 7: Hoare triple {3984#(= ~pumpRunning~0 0)} assume true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,816 INFO L284 TraceCheckUtils]: 8: Hoare quadruple {3984#(= ~pumpRunning~0 0)} {3984#(= ~pumpRunning~0 0)} #181#return; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,816 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 33 [2022-02-20 18:09:59,817 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,819 INFO L290 TraceCheckUtils]: 0: Hoare triple {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {3982#true} is VALID [2022-02-20 18:09:59,819 INFO L290 TraceCheckUtils]: 1: Hoare triple {3982#true} assume true; {3982#true} is VALID [2022-02-20 18:09:59,820 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {3982#true} {3984#(= ~pumpRunning~0 0)} #177#return; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,820 INFO L290 TraceCheckUtils]: 0: Hoare triple {3982#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,821 INFO L290 TraceCheckUtils]: 1: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,821 INFO L290 TraceCheckUtils]: 2: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,821 INFO L290 TraceCheckUtils]: 3: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,822 INFO L290 TraceCheckUtils]: 4: Hoare triple {3984#(= ~pumpRunning~0 0)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,822 INFO L290 TraceCheckUtils]: 5: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,822 INFO L290 TraceCheckUtils]: 6: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,823 INFO L290 TraceCheckUtils]: 7: Hoare triple {3984#(= ~pumpRunning~0 0)} assume !false; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,823 INFO L290 TraceCheckUtils]: 8: Hoare triple {3984#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,823 INFO L290 TraceCheckUtils]: 9: Hoare triple {3984#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,824 INFO L290 TraceCheckUtils]: 10: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~3#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,825 INFO L272 TraceCheckUtils]: 11: Hoare triple {3984#(= ~pumpRunning~0 0)} call waterRise(); {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:09:59,825 INFO L290 TraceCheckUtils]: 12: Hoare triple {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {3982#true} is VALID [2022-02-20 18:09:59,825 INFO L290 TraceCheckUtils]: 13: Hoare triple {3982#true} assume true; {3982#true} is VALID [2022-02-20 18:09:59,826 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {3982#true} {3984#(= ~pumpRunning~0 0)} #177#return; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,827 INFO L290 TraceCheckUtils]: 15: Hoare triple {3984#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,827 INFO L290 TraceCheckUtils]: 16: Hoare triple {3984#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,828 INFO L290 TraceCheckUtils]: 17: Hoare triple {3984#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,829 INFO L290 TraceCheckUtils]: 18: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,830 INFO L272 TraceCheckUtils]: 19: Hoare triple {3984#(= ~pumpRunning~0 0)} call timeShift(); {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:09:59,830 INFO L290 TraceCheckUtils]: 20: Hoare triple {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,830 INFO L290 TraceCheckUtils]: 21: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,831 INFO L290 TraceCheckUtils]: 22: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,831 INFO L290 TraceCheckUtils]: 23: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,831 INFO L290 TraceCheckUtils]: 24: Hoare triple {3984#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,832 INFO L290 TraceCheckUtils]: 25: Hoare triple {3984#(= ~pumpRunning~0 0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,832 INFO L290 TraceCheckUtils]: 26: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,833 INFO L290 TraceCheckUtils]: 27: Hoare triple {3984#(= ~pumpRunning~0 0)} assume true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,834 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {3984#(= ~pumpRunning~0 0)} {3984#(= ~pumpRunning~0 0)} #181#return; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,834 INFO L290 TraceCheckUtils]: 29: Hoare triple {3984#(= ~pumpRunning~0 0)} assume !false; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,835 INFO L290 TraceCheckUtils]: 30: Hoare triple {3984#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,835 INFO L290 TraceCheckUtils]: 31: Hoare triple {3984#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,836 INFO L290 TraceCheckUtils]: 32: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~3#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,836 INFO L272 TraceCheckUtils]: 33: Hoare triple {3984#(= ~pumpRunning~0 0)} call waterRise(); {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:09:59,836 INFO L290 TraceCheckUtils]: 34: Hoare triple {4002#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {3982#true} is VALID [2022-02-20 18:09:59,836 INFO L290 TraceCheckUtils]: 35: Hoare triple {3982#true} assume true; {3982#true} is VALID [2022-02-20 18:09:59,837 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {3982#true} {3984#(= ~pumpRunning~0 0)} #177#return; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,845 INFO L290 TraceCheckUtils]: 37: Hoare triple {3984#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,846 INFO L290 TraceCheckUtils]: 38: Hoare triple {3984#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,847 INFO L290 TraceCheckUtils]: 39: Hoare triple {3984#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,851 INFO L290 TraceCheckUtils]: 40: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,852 INFO L272 TraceCheckUtils]: 41: Hoare triple {3984#(= ~pumpRunning~0 0)} call timeShift(); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,852 INFO L290 TraceCheckUtils]: 42: Hoare triple {3984#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,852 INFO L290 TraceCheckUtils]: 43: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,853 INFO L290 TraceCheckUtils]: 44: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,853 INFO L290 TraceCheckUtils]: 45: Hoare triple {3984#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,853 INFO L290 TraceCheckUtils]: 46: Hoare triple {3984#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {3984#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:09:59,854 INFO L290 TraceCheckUtils]: 47: Hoare triple {3984#(= ~pumpRunning~0 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {4000#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:09:59,854 INFO L290 TraceCheckUtils]: 48: Hoare triple {4000#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {4001#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~1#1| 0)} is VALID [2022-02-20 18:09:59,855 INFO L290 TraceCheckUtils]: 49: Hoare triple {4001#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~1#1| 0)} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {3983#false} is VALID [2022-02-20 18:09:59,855 INFO L290 TraceCheckUtils]: 50: Hoare triple {3983#false} assume !false; {3983#false} is VALID [2022-02-20 18:09:59,855 INFO L134 CoverageAnalysis]: Checked inductivity of 19 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 18 trivial. 0 not checked. [2022-02-20 18:09:59,855 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:09:59,855 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [120100048] [2022-02-20 18:09:59,856 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [120100048] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:09:59,856 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1911605018] [2022-02-20 18:09:59,856 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:09:59,856 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:09:59,856 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:09:59,858 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:09:59,859 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:09:59,935 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,937 INFO L263 TraceCheckSpWp]: Trace formula consists of 344 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 18:09:59,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:09:59,962 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:00,366 INFO L290 TraceCheckUtils]: 0: Hoare triple {3982#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,366 INFO L290 TraceCheckUtils]: 1: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,367 INFO L290 TraceCheckUtils]: 2: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,367 INFO L290 TraceCheckUtils]: 3: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,367 INFO L290 TraceCheckUtils]: 4: Hoare triple {4006#(<= 1 ~waterLevel~0)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,368 INFO L290 TraceCheckUtils]: 5: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,368 INFO L290 TraceCheckUtils]: 6: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,368 INFO L290 TraceCheckUtils]: 7: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume !false; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,369 INFO L290 TraceCheckUtils]: 8: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,369 INFO L290 TraceCheckUtils]: 9: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,369 INFO L290 TraceCheckUtils]: 10: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume 0 != test_~tmp~3#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,370 INFO L272 TraceCheckUtils]: 11: Hoare triple {4006#(<= 1 ~waterLevel~0)} call waterRise(); {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,370 INFO L290 TraceCheckUtils]: 12: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {4044#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:10:00,371 INFO L290 TraceCheckUtils]: 13: Hoare triple {4044#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} assume true; {4044#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:10:00,371 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {4044#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} {4006#(<= 1 ~waterLevel~0)} #177#return; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,372 INFO L290 TraceCheckUtils]: 15: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,372 INFO L290 TraceCheckUtils]: 16: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,372 INFO L290 TraceCheckUtils]: 17: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,372 INFO L290 TraceCheckUtils]: 18: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,373 INFO L272 TraceCheckUtils]: 19: Hoare triple {4051#(<= 2 ~waterLevel~0)} call timeShift(); {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,373 INFO L290 TraceCheckUtils]: 20: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,374 INFO L290 TraceCheckUtils]: 21: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,374 INFO L290 TraceCheckUtils]: 22: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,374 INFO L290 TraceCheckUtils]: 23: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,375 INFO L290 TraceCheckUtils]: 24: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,375 INFO L290 TraceCheckUtils]: 25: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,375 INFO L290 TraceCheckUtils]: 26: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,375 INFO L290 TraceCheckUtils]: 27: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume true; {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,376 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} {4051#(<= 2 ~waterLevel~0)} #181#return; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,376 INFO L290 TraceCheckUtils]: 29: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume !false; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,377 INFO L290 TraceCheckUtils]: 30: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,377 INFO L290 TraceCheckUtils]: 31: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,377 INFO L290 TraceCheckUtils]: 32: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp~3#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,378 INFO L272 TraceCheckUtils]: 33: Hoare triple {4051#(<= 2 ~waterLevel~0)} call waterRise(); {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:00,378 INFO L290 TraceCheckUtils]: 34: Hoare triple {4040#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {4112#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:00,379 INFO L290 TraceCheckUtils]: 35: Hoare triple {4112#(< |old(~waterLevel~0)| 2)} assume true; {4112#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:00,379 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4112#(< |old(~waterLevel~0)| 2)} {4051#(<= 2 ~waterLevel~0)} #177#return; {3983#false} is VALID [2022-02-20 18:10:00,379 INFO L290 TraceCheckUtils]: 37: Hoare triple {3983#false} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {3983#false} is VALID [2022-02-20 18:10:00,379 INFO L290 TraceCheckUtils]: 38: Hoare triple {3983#false} assume !(0 != test_~tmp___0~0#1); {3983#false} is VALID [2022-02-20 18:10:00,379 INFO L290 TraceCheckUtils]: 39: Hoare triple {3983#false} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {3983#false} is VALID [2022-02-20 18:10:00,380 INFO L290 TraceCheckUtils]: 40: Hoare triple {3983#false} assume 0 != test_~tmp___2~0#1; {3983#false} is VALID [2022-02-20 18:10:00,380 INFO L272 TraceCheckUtils]: 41: Hoare triple {3983#false} call timeShift(); {3983#false} is VALID [2022-02-20 18:10:00,380 INFO L290 TraceCheckUtils]: 42: Hoare triple {3983#false} assume !(0 != ~pumpRunning~0); {3983#false} is VALID [2022-02-20 18:10:00,380 INFO L290 TraceCheckUtils]: 43: Hoare triple {3983#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {3983#false} is VALID [2022-02-20 18:10:00,380 INFO L290 TraceCheckUtils]: 44: Hoare triple {3983#false} assume { :end_inline_processEnvironment } true; {3983#false} is VALID [2022-02-20 18:10:00,380 INFO L290 TraceCheckUtils]: 45: Hoare triple {3983#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {3983#false} is VALID [2022-02-20 18:10:00,380 INFO L290 TraceCheckUtils]: 46: Hoare triple {3983#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {3983#false} is VALID [2022-02-20 18:10:00,381 INFO L290 TraceCheckUtils]: 47: Hoare triple {3983#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {3983#false} is VALID [2022-02-20 18:10:00,381 INFO L290 TraceCheckUtils]: 48: Hoare triple {3983#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {3983#false} is VALID [2022-02-20 18:10:00,381 INFO L290 TraceCheckUtils]: 49: Hoare triple {3983#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {3983#false} is VALID [2022-02-20 18:10:00,381 INFO L290 TraceCheckUtils]: 50: Hoare triple {3983#false} assume !false; {3983#false} is VALID [2022-02-20 18:10:00,381 INFO L134 CoverageAnalysis]: Checked inductivity of 19 backedges. 16 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-02-20 18:10:00,381 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:00,865 INFO L290 TraceCheckUtils]: 50: Hoare triple {3983#false} assume !false; {3983#false} is VALID [2022-02-20 18:10:00,865 INFO L290 TraceCheckUtils]: 49: Hoare triple {3983#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline___automaton_fail } true; {3983#false} is VALID [2022-02-20 18:10:00,865 INFO L290 TraceCheckUtils]: 48: Hoare triple {3983#false} __utac_acc__Specification4_spec__1_#t~ret47#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret47#1 && __utac_acc__Specification4_spec__1_#t~ret47#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~1#1 := __utac_acc__Specification4_spec__1_#t~ret47#1;havoc __utac_acc__Specification4_spec__1_#t~ret47#1; {3983#false} is VALID [2022-02-20 18:10:00,866 INFO L290 TraceCheckUtils]: 47: Hoare triple {3983#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~6#1;havoc isPumpRunning_~retValue_acc~6#1;isPumpRunning_~retValue_acc~6#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~6#1; {3983#false} is VALID [2022-02-20 18:10:00,866 INFO L290 TraceCheckUtils]: 46: Hoare triple {3983#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {3983#false} is VALID [2022-02-20 18:10:00,866 INFO L290 TraceCheckUtils]: 45: Hoare triple {3983#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {3983#false} is VALID [2022-02-20 18:10:00,866 INFO L290 TraceCheckUtils]: 44: Hoare triple {3983#false} assume { :end_inline_processEnvironment } true; {3983#false} is VALID [2022-02-20 18:10:00,866 INFO L290 TraceCheckUtils]: 43: Hoare triple {3983#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {3983#false} is VALID [2022-02-20 18:10:00,866 INFO L290 TraceCheckUtils]: 42: Hoare triple {3983#false} assume !(0 != ~pumpRunning~0); {3983#false} is VALID [2022-02-20 18:10:00,867 INFO L272 TraceCheckUtils]: 41: Hoare triple {3983#false} call timeShift(); {3983#false} is VALID [2022-02-20 18:10:00,867 INFO L290 TraceCheckUtils]: 40: Hoare triple {3983#false} assume 0 != test_~tmp___2~0#1; {3983#false} is VALID [2022-02-20 18:10:00,867 INFO L290 TraceCheckUtils]: 39: Hoare triple {3983#false} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {3983#false} is VALID [2022-02-20 18:10:00,867 INFO L290 TraceCheckUtils]: 38: Hoare triple {3983#false} assume !(0 != test_~tmp___0~0#1); {3983#false} is VALID [2022-02-20 18:10:00,867 INFO L290 TraceCheckUtils]: 37: Hoare triple {3983#false} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {3983#false} is VALID [2022-02-20 18:10:00,868 INFO L284 TraceCheckUtils]: 36: Hoare quadruple {4112#(< |old(~waterLevel~0)| 2)} {4051#(<= 2 ~waterLevel~0)} #177#return; {3983#false} is VALID [2022-02-20 18:10:00,869 INFO L290 TraceCheckUtils]: 35: Hoare triple {4112#(< |old(~waterLevel~0)| 2)} assume true; {4112#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:00,869 INFO L290 TraceCheckUtils]: 34: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {4112#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:00,869 INFO L272 TraceCheckUtils]: 33: Hoare triple {4051#(<= 2 ~waterLevel~0)} call waterRise(); {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,870 INFO L290 TraceCheckUtils]: 32: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp~3#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,870 INFO L290 TraceCheckUtils]: 31: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,870 INFO L290 TraceCheckUtils]: 30: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,871 INFO L290 TraceCheckUtils]: 29: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume !false; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,871 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} {4051#(<= 2 ~waterLevel~0)} #181#return; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,872 INFO L290 TraceCheckUtils]: 27: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume true; {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,872 INFO L290 TraceCheckUtils]: 26: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,872 INFO L290 TraceCheckUtils]: 25: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,873 INFO L290 TraceCheckUtils]: 24: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} __utac_acc__Specification4_spec__1_#t~ret46#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,873 INFO L290 TraceCheckUtils]: 23: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_#t~ret47#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~1#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~1#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~8#1;havoc getWaterLevel_~retValue_acc~8#1;getWaterLevel_~retValue_acc~8#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~8#1; {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,873 INFO L290 TraceCheckUtils]: 22: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :end_inline_processEnvironment } true; {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,874 INFO L290 TraceCheckUtils]: 21: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true; {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,874 INFO L290 TraceCheckUtils]: 20: Hoare triple {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 != ~pumpRunning~0); {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,874 INFO L272 TraceCheckUtils]: 19: Hoare triple {4051#(<= 2 ~waterLevel~0)} call timeShift(); {4212#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:00,875 INFO L290 TraceCheckUtils]: 18: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,875 INFO L290 TraceCheckUtils]: 17: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet30#1 && test_#t~nondet30#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet30#1;havoc test_#t~nondet30#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,875 INFO L290 TraceCheckUtils]: 16: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,876 INFO L290 TraceCheckUtils]: 15: Hoare triple {4051#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet29#1 && test_#t~nondet29#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet29#1;havoc test_#t~nondet29#1; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,876 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {4273#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} {4006#(<= 1 ~waterLevel~0)} #177#return; {4051#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,877 INFO L290 TraceCheckUtils]: 13: Hoare triple {4273#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} assume true; {4273#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} is VALID [2022-02-20 18:10:00,877 INFO L290 TraceCheckUtils]: 12: Hoare triple {4280#(or (< |old(~waterLevel~0)| 1) (<= 1 ~waterLevel~0))} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {4273#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} is VALID [2022-02-20 18:10:00,878 INFO L272 TraceCheckUtils]: 11: Hoare triple {4006#(<= 1 ~waterLevel~0)} call waterRise(); {4280#(or (< |old(~waterLevel~0)| 1) (<= 1 ~waterLevel~0))} is VALID [2022-02-20 18:10:00,878 INFO L290 TraceCheckUtils]: 10: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume 0 != test_~tmp~3#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,878 INFO L290 TraceCheckUtils]: 9: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet28#1 && test_#t~nondet28#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet28#1;havoc test_#t~nondet28#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,879 INFO L290 TraceCheckUtils]: 8: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,879 INFO L290 TraceCheckUtils]: 7: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume !false; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,879 INFO L290 TraceCheckUtils]: 6: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet28#1, test_#t~nondet29#1, test_#t~nondet30#1, test_#t~nondet31#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,880 INFO L290 TraceCheckUtils]: 5: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume 0 != main_~tmp~5#1;assume { :begin_inline_setup } true; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,880 INFO L290 TraceCheckUtils]: 4: Hoare triple {4006#(<= 1 ~waterLevel~0)} main_#t~ret48#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret48#1 && main_#t~ret48#1 <= 2147483647;main_~tmp~5#1 := main_#t~ret48#1;havoc main_#t~ret48#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,880 INFO L290 TraceCheckUtils]: 3: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,881 INFO L290 TraceCheckUtils]: 2: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,881 INFO L290 TraceCheckUtils]: 1: Hoare triple {4006#(<= 1 ~waterLevel~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret48#1, main_~retValue_acc~9#1, main_~tmp~5#1;havoc main_~retValue_acc~9#1;havoc main_~tmp~5#1;assume { :begin_inline_select_helpers } true; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,883 INFO L290 TraceCheckUtils]: 0: Hoare triple {3982#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(3, 17);call write~init~int(79, 17, 0, 1);call write~init~int(110, 17, 1, 1);call write~init~int(0, 17, 2, 1);call #Ultimate.allocInit(4, 18);call write~init~int(79, 18, 0, 1);call write~init~int(102, 18, 1, 1);call write~init~int(102, 18, 2, 1);call write~init~int(0, 18, 3, 1);call #Ultimate.allocInit(7, 19);call write~init~int(44, 19, 0, 1);call write~init~int(80, 19, 1, 1);call write~init~int(117, 19, 2, 1);call write~init~int(109, 19, 3, 1);call write~init~int(112, 19, 4, 1);call write~init~int(58, 19, 5, 1);call write~init~int(0, 19, 6, 1);call #Ultimate.allocInit(3, 20);call write~init~int(79, 20, 0, 1);call write~init~int(110, 20, 1, 1);call write~init~int(0, 20, 2, 1);call #Ultimate.allocInit(4, 21);call write~init~int(79, 21, 0, 1);call write~init~int(102, 21, 1, 1);call write~init~int(102, 21, 2, 1);call write~init~int(0, 21, 3, 1);call #Ultimate.allocInit(3, 22);call write~init~int(41, 22, 0, 1);call write~init~int(32, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(2, 23);call write~init~int(10, 23, 0, 1);call write~init~int(0, 23, 1, 1);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~cleanupTimeShifts~0 := 4; {4006#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:00,884 INFO L134 CoverageAnalysis]: Checked inductivity of 19 backedges. 16 proven. 3 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:00,884 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1911605018] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:00,885 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:10:00,885 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [6, 6, 7] total 14 [2022-02-20 18:10:00,885 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [379051752] [2022-02-20 18:10:00,885 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:00,887 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 6.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (10), 6 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 51 [2022-02-20 18:10:00,889 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:00,889 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 14 states, 14 states have (on average 6.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (10), 6 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:00,981 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 101 edges. 101 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:00,982 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 14 states [2022-02-20 18:10:00,982 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:00,982 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 14 interpolants. [2022-02-20 18:10:00,982 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=42, Invalid=140, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:10:00,983 INFO L87 Difference]: Start difference. First operand 180 states and 218 transitions. Second operand has 14 states, 14 states have (on average 6.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (10), 6 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:01,617 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:01,617 INFO L93 Difference]: Finished difference Result 237 states and 290 transitions. [2022-02-20 18:10:01,617 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:10:01,617 INFO L78 Accepts]: Start accepts. Automaton has has 14 states, 14 states have (on average 6.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (10), 6 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) Word has length 51 [2022-02-20 18:10:01,618 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:01,618 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 14 states, 14 states have (on average 6.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (10), 6 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:01,619 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 123 transitions. [2022-02-20 18:10:01,619 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 14 states, 14 states have (on average 6.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (10), 6 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:01,621 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 123 transitions. [2022-02-20 18:10:01,621 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 123 transitions. [2022-02-20 18:10:01,757 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:01,757 INFO L225 Difference]: With dead ends: 237 [2022-02-20 18:10:01,757 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:10:01,758 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 116 GetRequests, 98 SyntacticMatches, 1 SemanticMatches, 17 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 29 ImplicationChecksByTransitivity, 0.2s TimeCoverageRelationStatistics Valid=91, Invalid=251, Unknown=0, NotChecked=0, Total=342 [2022-02-20 18:10:01,758 INFO L933 BasicCegarLoop]: 65 mSDtfsCounter, 125 mSDsluCounter, 264 mSDsCounter, 0 mSdLazyCounter, 114 mSolverCounterSat, 34 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 125 SdHoareTripleChecker+Valid, 329 SdHoareTripleChecker+Invalid, 148 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 34 IncrementalHoareTripleChecker+Valid, 114 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:01,759 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [125 Valid, 329 Invalid, 148 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [34 Valid, 114 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:01,759 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:10:01,759 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:10:01,759 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:01,759 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:01,759 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:01,759 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:01,760 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:01,760 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:01,760 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:01,760 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:01,760 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:01,761 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:01,761 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:01,761 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:01,761 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:01,761 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:01,761 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:01,761 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:01,761 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:01,761 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:01,762 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:01,762 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:10:01,762 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 51 [2022-02-20 18:10:01,762 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:01,762 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:10:01,762 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 14 states, 14 states have (on average 6.0) internal successors, (84), 12 states have internal predecessors, (84), 4 states have call successors, (10), 6 states have call predecessors, (10), 7 states have return successors, (7), 3 states have call predecessors, (7), 3 states have call successors, (7) [2022-02-20 18:10:01,763 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:01,763 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:01,764 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:01,800 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:01,978 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable6,2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:10:01,981 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:10:02,619 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 692 703) the Hoare annotation is: true [2022-02-20 18:10:02,619 INFO L858 garLoopResultBuilder]: For program point L696-1(lines 692 703) no Hoare annotation was computed. [2022-02-20 18:10:02,619 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 692 703) no Hoare annotation was computed. [2022-02-20 18:10:02,619 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 773 802) no Hoare annotation was computed. [2022-02-20 18:10:02,619 INFO L861 garLoopResultBuilder]: At program point L798(lines 773 802) the Hoare annotation is: true [2022-02-20 18:10:02,619 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 773 802) the Hoare annotation is: true [2022-02-20 18:10:02,619 INFO L858 garLoopResultBuilder]: For program point L794(line 794) no Hoare annotation was computed. [2022-02-20 18:10:02,619 INFO L858 garLoopResultBuilder]: For program point L787(lines 787 791) no Hoare annotation was computed. [2022-02-20 18:10:02,619 INFO L861 garLoopResultBuilder]: At program point L787-1(lines 787 791) the Hoare annotation is: true [2022-02-20 18:10:02,619 INFO L858 garLoopResultBuilder]: For program point L784(line 784) no Hoare annotation was computed. [2022-02-20 18:10:02,619 INFO L861 garLoopResultBuilder]: At program point L783-2(lines 783 797) the Hoare annotation is: true [2022-02-20 18:10:02,620 INFO L861 garLoopResultBuilder]: At program point L779(line 779) the Hoare annotation is: true [2022-02-20 18:10:02,620 INFO L858 garLoopResultBuilder]: For program point L779-1(line 779) no Hoare annotation was computed. [2022-02-20 18:10:02,620 INFO L854 garLoopResultBuilder]: At program point L609(lines 604 612) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:02,620 INFO L854 garLoopResultBuilder]: At program point L574(lines 570 576) the Hoare annotation is: (let ((.cse0 (not (= ~pumpRunning~0 0)))) (and (or .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) (= ~waterLevel~0 1)))) [2022-02-20 18:10:02,620 INFO L858 garLoopResultBuilder]: For program point L758(lines 758 764) no Hoare annotation was computed. [2022-02-20 18:10:02,620 INFO L858 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-02-20 18:10:02,620 INFO L858 garLoopResultBuilder]: For program point L754(lines 754 767) no Hoare annotation was computed. [2022-02-20 18:10:02,620 INFO L854 garLoopResultBuilder]: At program point L754-1(lines 746 770) the Hoare annotation is: (let ((.cse0 (not (= ~pumpRunning~0 0))) (.cse1 (not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))) (.cse2 (not (= |timeShift_getWaterLevel_#res#1| 0)))) (and (or .cse0 (and .cse1 .cse2 (= |old(~waterLevel~0)| ~waterLevel~0)) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) (and .cse1 .cse2 (= ~waterLevel~0 1))))) [2022-02-20 18:10:02,620 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 546 569) no Hoare annotation was computed. [2022-02-20 18:10:02,620 INFO L858 garLoopResultBuilder]: For program point L550-1(lines 549 568) no Hoare annotation was computed. [2022-02-20 18:10:02,620 INFO L858 garLoopResultBuilder]: For program point L672(lines 672 676) no Hoare annotation was computed. [2022-02-20 18:10:02,621 INFO L854 garLoopResultBuilder]: At program point L672-2(lines 668 679) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:02,621 INFO L854 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:02,621 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 546 569) the Hoare annotation is: (let ((.cse0 (not (= ~pumpRunning~0 0)))) (and (or .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) (= ~waterLevel~0 1)))) [2022-02-20 18:10:02,621 INFO L858 garLoopResultBuilder]: For program point L557-1(lines 557 563) no Hoare annotation was computed. [2022-02-20 18:10:02,621 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 546 569) no Hoare annotation was computed. [2022-02-20 18:10:02,621 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L854 garLoopResultBuilder]: At program point L741(lines 736 744) the Hoare annotation is: (let ((.cse1 (not (= ~pumpRunning~0 0))) (.cse0 (not (= |timeShift_getWaterLevel_#res#1| 0)))) (and (or (and .cse0 (= ~waterLevel~0 1)) .cse1 (not (= |old(~waterLevel~0)| 1))) (or .cse1 (and .cse0 (= |old(~waterLevel~0)| ~waterLevel~0)) (not (<= 2 |old(~waterLevel~0)|))))) [2022-02-20 18:10:02,622 INFO L854 garLoopResultBuilder]: At program point L514-2(lines 508 521) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (= ~waterLevel~0 1)) (and .cse0 (<= 2 ~waterLevel~0) .cse1))) [2022-02-20 18:10:02,622 INFO L858 garLoopResultBuilder]: For program point L498(lines 498 504) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L858 garLoopResultBuilder]: For program point L498-1(lines 498 504) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L854 garLoopResultBuilder]: At program point L523(lines 478 525) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (= ~waterLevel~0 1)) (and .cse0 (<= 2 ~waterLevel~0) .cse1))) [2022-02-20 18:10:02,622 INFO L854 garLoopResultBuilder]: At program point L490(line 490) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (= ~waterLevel~0 1)) (and .cse0 (<= 2 ~waterLevel~0) .cse1))) [2022-02-20 18:10:02,622 INFO L861 garLoopResultBuilder]: At program point L841(lines 834 843) the Hoare annotation is: true [2022-02-20 18:10:02,622 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L858 garLoopResultBuilder]: For program point L854(lines 854 861) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L858 garLoopResultBuilder]: For program point L854-2(lines 854 861) no Hoare annotation was computed. [2022-02-20 18:10:02,622 INFO L854 garLoopResultBuilder]: At program point L590(lines 585 592) the Hoare annotation is: false [2022-02-20 18:10:02,622 INFO L854 garLoopResultBuilder]: At program point L458(lines 453 461) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (= ~waterLevel~0 ~systemActive~0)) [2022-02-20 18:10:02,623 INFO L854 garLoopResultBuilder]: At program point L450(lines 446 452) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (= ~waterLevel~0 ~systemActive~0)) [2022-02-20 18:10:02,623 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:10:02,623 INFO L858 garLoopResultBuilder]: For program point L479(lines 478 525) no Hoare annotation was computed. [2022-02-20 18:10:02,623 INFO L861 garLoopResultBuilder]: At program point L863(lines 844 866) the Hoare annotation is: true [2022-02-20 18:10:02,623 INFO L858 garLoopResultBuilder]: For program point L508(lines 508 521) no Hoare annotation was computed. [2022-02-20 18:10:02,623 INFO L854 garLoopResultBuilder]: At program point L661(lines 649 663) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (= ~waterLevel~0 1)) (and .cse0 (<= 2 ~waterLevel~0) .cse1))) [2022-02-20 18:10:02,624 INFO L854 garLoopResultBuilder]: At program point L500(line 500) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0))) (or (and .cse0 .cse1 (= ~waterLevel~0 1)) (and .cse0 (<= 2 ~waterLevel~0) .cse1))) [2022-02-20 18:10:02,624 INFO L861 garLoopResultBuilder]: At program point L529(lines 468 533) the Hoare annotation is: true [2022-02-20 18:10:02,624 INFO L858 garLoopResultBuilder]: For program point L653(lines 653 659) no Hoare annotation was computed. [2022-02-20 18:10:02,624 INFO L858 garLoopResultBuilder]: For program point L653-2(lines 653 659) no Hoare annotation was computed. [2022-02-20 18:10:02,624 INFO L858 garLoopResultBuilder]: For program point L488(lines 488 494) no Hoare annotation was computed. [2022-02-20 18:10:02,624 INFO L858 garLoopResultBuilder]: For program point L488-1(lines 488 494) no Hoare annotation was computed. [2022-02-20 18:10:02,624 INFO L858 garLoopResultBuilder]: For program point L480(lines 480 484) no Hoare annotation was computed. [2022-02-20 18:10:02,625 INFO L854 garLoopResultBuilder]: At program point L831(lines 827 833) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (= ~waterLevel~0 ~systemActive~0)) [2022-02-20 18:10:02,625 INFO L854 garLoopResultBuilder]: At program point L443(lines 439 445) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= ~waterLevel~0 1) (= ~waterLevel~0 ~systemActive~0)) [2022-02-20 18:10:02,625 INFO L854 garLoopResultBuilder]: At program point L526(lines 477 527) the Hoare annotation is: false [2022-02-20 18:10:02,625 INFO L858 garLoopResultBuilder]: For program point L514(lines 514 520) no Hoare annotation was computed. [2022-02-20 18:10:02,625 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 680 691) no Hoare annotation was computed. [2022-02-20 18:10:02,625 INFO L858 garLoopResultBuilder]: For program point L684-1(lines 680 691) no Hoare annotation was computed. [2022-02-20 18:10:02,625 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 680 691) the Hoare annotation is: (let ((.cse0 (not (= ~pumpRunning~0 0)))) (and (or .cse0 (= |old(~waterLevel~0)| ~waterLevel~0) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) (= ~waterLevel~0 1)))) [2022-02-20 18:10:02,628 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:02,629 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:02,631 WARN L170 areAnnotationChecker]: L696-1 has no Hoare annotation [2022-02-20 18:10:02,631 WARN L170 areAnnotationChecker]: L696-1 has no Hoare annotation [2022-02-20 18:10:02,631 WARN L170 areAnnotationChecker]: L672 has no Hoare annotation [2022-02-20 18:10:02,631 WARN L170 areAnnotationChecker]: L550-1 has no Hoare annotation [2022-02-20 18:10:02,632 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:10:02,632 WARN L170 areAnnotationChecker]: L684-1 has no Hoare annotation [2022-02-20 18:10:02,632 WARN L170 areAnnotationChecker]: L684-1 has no Hoare annotation [2022-02-20 18:10:02,632 WARN L170 areAnnotationChecker]: L696-1 has no Hoare annotation [2022-02-20 18:10:02,632 WARN L170 areAnnotationChecker]: L779-1 has no Hoare annotation [2022-02-20 18:10:02,633 WARN L170 areAnnotationChecker]: L672 has no Hoare annotation [2022-02-20 18:10:02,633 WARN L170 areAnnotationChecker]: L672 has no Hoare annotation [2022-02-20 18:10:02,633 WARN L170 areAnnotationChecker]: L550-1 has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: L550-1 has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: L684-1 has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: L779-1 has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: L550-1 has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: L557-1 has no Hoare annotation [2022-02-20 18:10:02,634 WARN L170 areAnnotationChecker]: L557-1 has no Hoare annotation [2022-02-20 18:10:02,635 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:10:02,635 WARN L170 areAnnotationChecker]: L498-1 has no Hoare annotation [2022-02-20 18:10:02,635 WARN L170 areAnnotationChecker]: L784 has no Hoare annotation [2022-02-20 18:10:02,635 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:10:02,636 WARN L170 areAnnotationChecker]: L488-1 has no Hoare annotation [2022-02-20 18:10:02,636 WARN L170 areAnnotationChecker]: L508 has no Hoare annotation [2022-02-20 18:10:02,636 WARN L170 areAnnotationChecker]: L508 has no Hoare annotation [2022-02-20 18:10:02,636 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:02,636 WARN L170 areAnnotationChecker]: L784 has no Hoare annotation [2022-02-20 18:10:02,636 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:10:02,636 WARN L170 areAnnotationChecker]: L754 has no Hoare annotation [2022-02-20 18:10:02,637 WARN L170 areAnnotationChecker]: L854 has no Hoare annotation [2022-02-20 18:10:02,637 WARN L170 areAnnotationChecker]: L498 has no Hoare annotation [2022-02-20 18:10:02,637 WARN L170 areAnnotationChecker]: L498 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L514 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L514 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L787 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L787 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L758 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L854 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L854 has no Hoare annotation [2022-02-20 18:10:02,638 WARN L170 areAnnotationChecker]: L498-1 has no Hoare annotation [2022-02-20 18:10:02,640 WARN L170 areAnnotationChecker]: L479 has no Hoare annotation [2022-02-20 18:10:02,640 WARN L170 areAnnotationChecker]: L653 has no Hoare annotation [2022-02-20 18:10:02,640 WARN L170 areAnnotationChecker]: L653 has no Hoare annotation [2022-02-20 18:10:02,640 WARN L170 areAnnotationChecker]: L794 has no Hoare annotation [2022-02-20 18:10:02,641 WARN L170 areAnnotationChecker]: L758 has no Hoare annotation [2022-02-20 18:10:02,641 WARN L170 areAnnotationChecker]: L758 has no Hoare annotation [2022-02-20 18:10:02,641 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:02,641 WARN L170 areAnnotationChecker]: L854-2 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L479 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L479 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L653-2 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L653-2 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L854-2 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L794 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:10:02,642 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:02,643 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:02,643 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:02,643 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:02,643 WARN L170 areAnnotationChecker]: L480 has no Hoare annotation [2022-02-20 18:10:02,644 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:02,645 WARN L170 areAnnotationChecker]: L488 has no Hoare annotation [2022-02-20 18:10:02,645 WARN L170 areAnnotationChecker]: L488 has no Hoare annotation [2022-02-20 18:10:02,645 WARN L170 areAnnotationChecker]: L488-1 has no Hoare annotation [2022-02-20 18:10:02,646 INFO L163 areAnnotationChecker]: CFG has 17 edges. 17 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:10:02,656 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:10:02 BoogieIcfgContainer [2022-02-20 18:10:02,657 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:10:02,657 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:10:02,657 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:10:02,658 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:10:02,658 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:09:57" (3/4) ... [2022-02-20 18:10:02,660 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:10:02,663 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:10:02,664 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:10:02,664 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:10:02,664 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:10:02,668 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 46 nodes and edges [2022-02-20 18:10:02,668 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:10:02,668 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:10:02,668 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:10:02,669 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:10:02,669 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:02,669 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:02,684 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(pumpRunning == 0) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:02,685 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(pumpRunning == 0) || \old(waterLevel) == waterLevel) || !(2 <= \old(waterLevel))) && ((!(pumpRunning == 0) || !(\old(waterLevel) == 1)) || waterLevel == 1) [2022-02-20 18:10:02,685 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\result == 0) && waterLevel == 1) || !(pumpRunning == 0)) || !(\old(waterLevel) == 1)) && ((!(pumpRunning == 0) || (!(\result == 0) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) [2022-02-20 18:10:02,686 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(pumpRunning == 0) || ((!(tmp == 0) && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) && ((!(pumpRunning == 0) || !(\old(waterLevel) == 1)) || ((!(tmp == 0) && !(\result == 0)) && waterLevel == 1)) [2022-02-20 18:10:02,686 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(pumpRunning == 0) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:02,686 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(pumpRunning == 0) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:02,705 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:10:02,705 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:10:02,706 INFO L158 Benchmark]: Toolchain (without parser) took 6880.74ms. Allocated memory was 138.4MB in the beginning and 245.4MB in the end (delta: 107.0MB). Free memory was 107.6MB in the beginning and 202.7MB in the end (delta: -95.1MB). Peak memory consumption was 11.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:02,706 INFO L158 Benchmark]: CDTParser took 0.32ms. Allocated memory is still 90.2MB. Free memory is still 45.4MB. There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:02,706 INFO L158 Benchmark]: CACSL2BoogieTranslator took 609.62ms. Allocated memory is still 138.4MB. Free memory was 107.3MB in the beginning and 101.9MB in the end (delta: 5.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:02,707 INFO L158 Benchmark]: Boogie Procedure Inliner took 97.01ms. Allocated memory is still 138.4MB. Free memory was 101.9MB in the beginning and 99.4MB in the end (delta: 2.5MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:02,707 INFO L158 Benchmark]: Boogie Preprocessor took 51.10ms. Allocated memory is still 138.4MB. Free memory was 99.4MB in the beginning and 97.9MB in the end (delta: 1.4MB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:02,707 INFO L158 Benchmark]: RCFGBuilder took 446.94ms. Allocated memory is still 138.4MB. Free memory was 97.9MB in the beginning and 80.9MB in the end (delta: 17.0MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. [2022-02-20 18:10:02,707 INFO L158 Benchmark]: TraceAbstraction took 5621.39ms. Allocated memory was 138.4MB in the beginning and 245.4MB in the end (delta: 107.0MB). Free memory was 80.5MB in the beginning and 206.9MB in the end (delta: -126.4MB). Peak memory consumption was 85.8MB. Max. memory is 16.1GB. [2022-02-20 18:10:02,708 INFO L158 Benchmark]: Witness Printer took 47.95ms. Allocated memory is still 245.4MB. Free memory was 206.9MB in the beginning and 202.7MB in the end (delta: 4.2MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:02,709 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.32ms. Allocated memory is still 90.2MB. Free memory is still 45.4MB. There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 609.62ms. Allocated memory is still 138.4MB. Free memory was 107.3MB in the beginning and 101.9MB in the end (delta: 5.3MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 97.01ms. Allocated memory is still 138.4MB. Free memory was 101.9MB in the beginning and 99.4MB in the end (delta: 2.5MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 51.10ms. Allocated memory is still 138.4MB. Free memory was 99.4MB in the beginning and 97.9MB in the end (delta: 1.4MB). There was no memory consumed. Max. memory is 16.1GB. * RCFGBuilder took 446.94ms. Allocated memory is still 138.4MB. Free memory was 97.9MB in the beginning and 80.9MB in the end (delta: 17.0MB). Peak memory consumption was 16.8MB. Max. memory is 16.1GB. * TraceAbstraction took 5621.39ms. Allocated memory was 138.4MB in the beginning and 245.4MB in the end (delta: 107.0MB). Free memory was 80.5MB in the beginning and 206.9MB in the end (delta: -126.4MB). Peak memory consumption was 85.8MB. Max. memory is 16.1GB. * Witness Printer took 47.95ms. Allocated memory is still 245.4MB. Free memory was 206.9MB in the beginning and 202.7MB in the end (delta: 4.2MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 5 procedures, 62 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 5.5s, OverallIterations: 7, TraceHistogramMax: 2, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.4s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.6s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 452 SdHoareTripleChecker+Valid, 0.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 447 mSDsluCounter, 1173 SdHoareTripleChecker+Invalid, 0.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 772 mSDsCounter, 67 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 279 IncrementalHoareTripleChecker+Invalid, 346 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 67 mSolverCounterUnsat, 401 mSDtfsCounter, 279 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 152 GetRequests, 108 SyntacticMatches, 1 SemanticMatches, 43 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 63 ImplicationChecksByTransitivity, 0.3s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=180occurred in iteration=6, InterpolantAutomatonStates: 41, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 7 MinimizatonAttempts, 106 StatesRemovedByMinimization, 3 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 28 LocationsWithAnnotation, 226 PreInvPairs, 260 NumberOfFragments, 336 HoareAnnotationTreeSize, 226 FomulaSimplifications, 259 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 28 FomulaSimplificationsInter, 2006 FormulaSimplificationTreeSizeReductionInter, 0.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.4s InterpolantComputationTime, 246 NumberOfCodeBlocks, 246 NumberOfCodeBlocksAsserted, 8 NumberOfCheckSat, 288 ConstructedInterpolants, 0 QuantifiedInterpolants, 769 SizeOfPredicates, 0 NumberOfNonLiveVariables, 344 ConjunctsInSsa, 9 ConjunctsInUnsatCore, 9 InterpolantComputations, 6 PerfectInterpolantSequences, 51/57 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 736]: Loop Invariant Derived loop invariant: (((!(\result == 0) && waterLevel == 1) || !(pumpRunning == 0)) || !(\old(waterLevel) == 1)) && ((!(pumpRunning == 0) || (!(\result == 0) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 668]: Loop Invariant Derived loop invariant: !(pumpRunning == 0) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 844]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 468]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 453]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && waterLevel == systemActive - InvariantResult [Line: 827]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && waterLevel == systemActive - InvariantResult [Line: 783]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 446]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && waterLevel == systemActive - InvariantResult [Line: 649]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && splverifierCounter == 0) && waterLevel == 1) || ((pumpRunning == 0 && 2 <= waterLevel) && splverifierCounter == 0) - InvariantResult [Line: 439]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && waterLevel == 1) && waterLevel == systemActive - InvariantResult [Line: 477]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 834]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 478]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && splverifierCounter == 0) && waterLevel == 1) || ((pumpRunning == 0 && 2 <= waterLevel) && splverifierCounter == 0) - InvariantResult [Line: 570]: Loop Invariant Derived loop invariant: ((!(pumpRunning == 0) || \old(waterLevel) == waterLevel) || !(2 <= \old(waterLevel))) && ((!(pumpRunning == 0) || !(\old(waterLevel) == 1)) || waterLevel == 1) - InvariantResult [Line: 585]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: !(pumpRunning == 0) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 746]: Loop Invariant Derived loop invariant: ((!(pumpRunning == 0) || ((!(tmp == 0) && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) && ((!(pumpRunning == 0) || !(\old(waterLevel) == 1)) || ((!(tmp == 0) && !(\result == 0)) && waterLevel == 1)) - InvariantResult [Line: 604]: Loop Invariant Derived loop invariant: !(pumpRunning == 0) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 773]: Loop Invariant Derived loop invariant: 1 RESULT: Ultimate proved your program to be correct! [2022-02-20 18:10:02,738 INFO L552 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Ended with exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE