./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_product21.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product21.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash daf06f15c6a50440fa28ebda61a14a306dbf33e7f2231abb8ab4ae318f81a0b9 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:12,504 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:12,506 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:12,536 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:12,539 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:12,542 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:12,545 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:12,550 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:12,553 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:12,558 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:12,559 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:12,560 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:12,561 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:12,563 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:12,565 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:12,566 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:12,567 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:12,568 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:12,572 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:12,575 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:12,576 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:12,577 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:12,578 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:12,579 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:12,583 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:12,584 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:12,584 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:12,586 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:12,586 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:12,587 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:12,587 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:12,588 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:12,589 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:12,590 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:12,591 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:12,591 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:12,592 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:12,592 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:12,592 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:12,593 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:12,594 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:12,595 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:10:12,630 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:12,631 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:12,631 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:12,631 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:12,632 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:12,632 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:12,633 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:12,633 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:12,633 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:12,633 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:12,634 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:12,634 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:10:12,634 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:12,635 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:12,635 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:12,635 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:12,635 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:12,635 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:12,636 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:12,636 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:12,636 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:12,636 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:12,636 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:12,636 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:12,637 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:12,637 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:12,637 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:12,637 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:12,637 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:10:12,638 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:10:12,638 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:12,638 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:12,638 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:12,638 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> daf06f15c6a50440fa28ebda61a14a306dbf33e7f2231abb8ab4ae318f81a0b9 [2022-02-20 18:10:12,875 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:12,906 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:12,909 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:12,910 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:12,910 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:12,911 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product21.cil.c [2022-02-20 18:10:12,964 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6590d65b9/55af4c8eb3eb437f8efcb1c050ab84c1/FLAG113572dea [2022-02-20 18:10:13,451 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:13,453 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product21.cil.c [2022-02-20 18:10:13,467 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6590d65b9/55af4c8eb3eb437f8efcb1c050ab84c1/FLAG113572dea [2022-02-20 18:10:13,794 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/6590d65b9/55af4c8eb3eb437f8efcb1c050ab84c1 [2022-02-20 18:10:13,796 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:13,797 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:13,798 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:13,798 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:13,805 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:13,806 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:13" (1/1) ... [2022-02-20 18:10:13,807 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@433b5107 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:13, skipping insertion in model container [2022-02-20 18:10:13,807 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:13" (1/1) ... [2022-02-20 18:10:13,814 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:13,854 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:14,031 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product21.cil.c[5064,5077] [2022-02-20 18:10:14,111 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:14,134 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:14,175 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product21.cil.c[5064,5077] [2022-02-20 18:10:14,228 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:14,244 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:14,245 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14 WrapperNode [2022-02-20 18:10:14,245 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:14,246 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:14,246 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:14,246 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:14,254 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,270 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,301 INFO L137 Inliner]: procedures = 53, calls = 153, calls flagged for inlining = 21, calls inlined = 18, statements flattened = 243 [2022-02-20 18:10:14,302 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:14,303 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:14,303 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:14,303 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:14,310 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,311 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,313 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,313 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,321 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,342 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,343 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,345 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:14,346 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:14,346 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:14,346 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:14,347 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,353 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:14,362 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:14,376 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:14,388 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:14,414 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:14,414 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:14,415 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:14,415 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:14,415 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:14,415 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:14,415 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:14,415 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:14,416 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:14,417 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:10:14,417 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:10:14,417 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:10:14,417 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:10:14,417 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:10:14,417 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:14,418 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:14,418 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:14,418 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:14,529 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:14,545 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:14,976 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:14,983 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:14,983 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:14,985 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:14 BoogieIcfgContainer [2022-02-20 18:10:14,985 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:14,986 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:14,986 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:14,992 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:14,993 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:13" (1/3) ... [2022-02-20 18:10:14,993 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7bcf0d24 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:14, skipping insertion in model container [2022-02-20 18:10:14,994 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (2/3) ... [2022-02-20 18:10:14,994 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@7bcf0d24 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:14, skipping insertion in model container [2022-02-20 18:10:14,994 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:14" (3/3) ... [2022-02-20 18:10:14,996 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product21.cil.c [2022-02-20 18:10:15,000 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:15,001 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:15,048 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:15,059 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:15,059 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:15,087 INFO L276 IsEmpty]: Start isEmpty. Operand has 82 states, 61 states have (on average 1.3934426229508197) internal successors, (85), 69 states have internal predecessors, (85), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:10:15,093 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:15,093 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:15,094 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:15,094 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:15,098 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:15,099 INFO L85 PathProgramCache]: Analyzing trace with hash -558003498, now seen corresponding path program 1 times [2022-02-20 18:10:15,106 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:15,107 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [2055342038] [2022-02-20 18:10:15,107 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:15,108 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:15,260 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:15,320 INFO L290 TraceCheckUtils]: 0: Hoare triple {85#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {85#true} is VALID [2022-02-20 18:10:15,321 INFO L290 TraceCheckUtils]: 1: Hoare triple {85#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {85#true} is VALID [2022-02-20 18:10:15,321 INFO L290 TraceCheckUtils]: 2: Hoare triple {85#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {85#true} is VALID [2022-02-20 18:10:15,321 INFO L290 TraceCheckUtils]: 3: Hoare triple {85#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {85#true} is VALID [2022-02-20 18:10:15,321 INFO L290 TraceCheckUtils]: 4: Hoare triple {85#true} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {85#true} is VALID [2022-02-20 18:10:15,322 INFO L290 TraceCheckUtils]: 5: Hoare triple {85#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {85#true} is VALID [2022-02-20 18:10:15,322 INFO L290 TraceCheckUtils]: 6: Hoare triple {85#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {85#true} is VALID [2022-02-20 18:10:15,323 INFO L290 TraceCheckUtils]: 7: Hoare triple {85#true} assume !true; {86#false} is VALID [2022-02-20 18:10:15,323 INFO L272 TraceCheckUtils]: 8: Hoare triple {86#false} call cleanup(); {86#false} is VALID [2022-02-20 18:10:15,323 INFO L290 TraceCheckUtils]: 9: Hoare triple {86#false} havoc ~i~0;havoc ~__cil_tmp2~0; {86#false} is VALID [2022-02-20 18:10:15,324 INFO L272 TraceCheckUtils]: 10: Hoare triple {86#false} call timeShift(); {86#false} is VALID [2022-02-20 18:10:15,324 INFO L290 TraceCheckUtils]: 11: Hoare triple {86#false} assume !(0 != ~pumpRunning~0); {86#false} is VALID [2022-02-20 18:10:15,324 INFO L290 TraceCheckUtils]: 12: Hoare triple {86#false} assume !(0 != ~systemActive~0); {86#false} is VALID [2022-02-20 18:10:15,325 INFO L290 TraceCheckUtils]: 13: Hoare triple {86#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret45#1, __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_~tmp~8#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~8#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {86#false} is VALID [2022-02-20 18:10:15,325 INFO L290 TraceCheckUtils]: 14: Hoare triple {86#false} __utac_acc__Specification4_spec__1_#t~ret45#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret45#1 && __utac_acc__Specification4_spec__1_#t~ret45#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~8#1 := __utac_acc__Specification4_spec__1_#t~ret45#1;havoc __utac_acc__Specification4_spec__1_#t~ret45#1; {86#false} is VALID [2022-02-20 18:10:15,325 INFO L290 TraceCheckUtils]: 15: Hoare triple {86#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {86#false} is VALID [2022-02-20 18:10:15,325 INFO L290 TraceCheckUtils]: 16: Hoare triple {86#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {86#false} is VALID [2022-02-20 18:10:15,326 INFO L290 TraceCheckUtils]: 17: Hoare triple {86#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {86#false} is VALID [2022-02-20 18:10:15,326 INFO L290 TraceCheckUtils]: 18: Hoare triple {86#false} assume !false; {86#false} is VALID [2022-02-20 18:10:15,327 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:15,327 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:15,328 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [2055342038] [2022-02-20 18:10:15,328 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [2055342038] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:15,329 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:15,329 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:15,330 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1079974790] [2022-02-20 18:10:15,331 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:15,336 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:15,337 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:15,340 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,362 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:15,362 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:15,362 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:15,380 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:15,381 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:15,384 INFO L87 Difference]: Start difference. First operand has 82 states, 61 states have (on average 1.3934426229508197) internal successors, (85), 69 states have internal predecessors, (85), 12 states have call successors, (12), 7 states have call predecessors, (12), 7 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,504 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:15,504 INFO L93 Difference]: Finished difference Result 156 states and 213 transitions. [2022-02-20 18:10:15,505 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:15,505 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:15,505 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:15,506 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,518 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 213 transitions. [2022-02-20 18:10:15,518 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,525 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 213 transitions. [2022-02-20 18:10:15,525 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 213 transitions. [2022-02-20 18:10:15,697 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 213 edges. 213 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:15,707 INFO L225 Difference]: With dead ends: 156 [2022-02-20 18:10:15,707 INFO L226 Difference]: Without dead ends: 73 [2022-02-20 18:10:15,711 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:15,714 INFO L933 BasicCegarLoop]: 103 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 103 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:15,715 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 103 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:15,728 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 73 states. [2022-02-20 18:10:15,743 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 73 to 73. [2022-02-20 18:10:15,743 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:15,744 INFO L82 GeneralOperation]: Start isEquivalent. First operand 73 states. Second operand has 73 states, 54 states have (on average 1.3148148148148149) internal successors, (71), 61 states have internal predecessors, (71), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 7 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:10:15,745 INFO L74 IsIncluded]: Start isIncluded. First operand 73 states. Second operand has 73 states, 54 states have (on average 1.3148148148148149) internal successors, (71), 61 states have internal predecessors, (71), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 7 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:10:15,746 INFO L87 Difference]: Start difference. First operand 73 states. Second operand has 73 states, 54 states have (on average 1.3148148148148149) internal successors, (71), 61 states have internal predecessors, (71), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 7 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:10:15,752 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:15,753 INFO L93 Difference]: Finished difference Result 73 states and 94 transitions. [2022-02-20 18:10:15,753 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 94 transitions. [2022-02-20 18:10:15,754 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:15,754 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:15,755 INFO L74 IsIncluded]: Start isIncluded. First operand has 73 states, 54 states have (on average 1.3148148148148149) internal successors, (71), 61 states have internal predecessors, (71), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 7 states have call predecessors, (11), 11 states have call successors, (11) Second operand 73 states. [2022-02-20 18:10:15,756 INFO L87 Difference]: Start difference. First operand has 73 states, 54 states have (on average 1.3148148148148149) internal successors, (71), 61 states have internal predecessors, (71), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 7 states have call predecessors, (11), 11 states have call successors, (11) Second operand 73 states. [2022-02-20 18:10:15,761 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:15,762 INFO L93 Difference]: Finished difference Result 73 states and 94 transitions. [2022-02-20 18:10:15,762 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 94 transitions. [2022-02-20 18:10:15,763 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:15,763 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:15,763 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:15,763 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:15,764 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 73 states, 54 states have (on average 1.3148148148148149) internal successors, (71), 61 states have internal predecessors, (71), 12 states have call successors, (12), 7 states have call predecessors, (12), 6 states have return successors, (11), 7 states have call predecessors, (11), 11 states have call successors, (11) [2022-02-20 18:10:15,768 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 73 states to 73 states and 94 transitions. [2022-02-20 18:10:15,769 INFO L78 Accepts]: Start accepts. Automaton has 73 states and 94 transitions. Word has length 19 [2022-02-20 18:10:15,770 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:15,770 INFO L470 AbstractCegarLoop]: Abstraction has 73 states and 94 transitions. [2022-02-20 18:10:15,770 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,770 INFO L276 IsEmpty]: Start isEmpty. Operand 73 states and 94 transitions. [2022-02-20 18:10:15,771 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:15,772 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:15,772 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:15,772 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:10:15,772 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:15,773 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:15,773 INFO L85 PathProgramCache]: Analyzing trace with hash 349467644, now seen corresponding path program 1 times [2022-02-20 18:10:15,774 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:15,774 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1019913621] [2022-02-20 18:10:15,774 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:15,774 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:15,808 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:15,867 INFO L290 TraceCheckUtils]: 0: Hoare triple {571#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {571#true} is VALID [2022-02-20 18:10:15,868 INFO L290 TraceCheckUtils]: 1: Hoare triple {571#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {571#true} is VALID [2022-02-20 18:10:15,868 INFO L290 TraceCheckUtils]: 2: Hoare triple {571#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {571#true} is VALID [2022-02-20 18:10:15,868 INFO L290 TraceCheckUtils]: 3: Hoare triple {571#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {571#true} is VALID [2022-02-20 18:10:15,868 INFO L290 TraceCheckUtils]: 4: Hoare triple {571#true} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {571#true} is VALID [2022-02-20 18:10:15,869 INFO L290 TraceCheckUtils]: 5: Hoare triple {571#true} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {571#true} is VALID [2022-02-20 18:10:15,869 INFO L290 TraceCheckUtils]: 6: Hoare triple {571#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {573#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:15,870 INFO L290 TraceCheckUtils]: 7: Hoare triple {573#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {573#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:15,870 INFO L290 TraceCheckUtils]: 8: Hoare triple {573#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {572#false} is VALID [2022-02-20 18:10:15,871 INFO L272 TraceCheckUtils]: 9: Hoare triple {572#false} call cleanup(); {572#false} is VALID [2022-02-20 18:10:15,871 INFO L290 TraceCheckUtils]: 10: Hoare triple {572#false} havoc ~i~0;havoc ~__cil_tmp2~0; {572#false} is VALID [2022-02-20 18:10:15,871 INFO L272 TraceCheckUtils]: 11: Hoare triple {572#false} call timeShift(); {572#false} is VALID [2022-02-20 18:10:15,871 INFO L290 TraceCheckUtils]: 12: Hoare triple {572#false} assume !(0 != ~pumpRunning~0); {572#false} is VALID [2022-02-20 18:10:15,872 INFO L290 TraceCheckUtils]: 13: Hoare triple {572#false} assume !(0 != ~systemActive~0); {572#false} is VALID [2022-02-20 18:10:15,872 INFO L290 TraceCheckUtils]: 14: Hoare triple {572#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret45#1, __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_~tmp~8#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~8#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {572#false} is VALID [2022-02-20 18:10:15,872 INFO L290 TraceCheckUtils]: 15: Hoare triple {572#false} __utac_acc__Specification4_spec__1_#t~ret45#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret45#1 && __utac_acc__Specification4_spec__1_#t~ret45#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~8#1 := __utac_acc__Specification4_spec__1_#t~ret45#1;havoc __utac_acc__Specification4_spec__1_#t~ret45#1; {572#false} is VALID [2022-02-20 18:10:15,872 INFO L290 TraceCheckUtils]: 16: Hoare triple {572#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {572#false} is VALID [2022-02-20 18:10:15,873 INFO L290 TraceCheckUtils]: 17: Hoare triple {572#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {572#false} is VALID [2022-02-20 18:10:15,873 INFO L290 TraceCheckUtils]: 18: Hoare triple {572#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {572#false} is VALID [2022-02-20 18:10:15,873 INFO L290 TraceCheckUtils]: 19: Hoare triple {572#false} assume !false; {572#false} is VALID [2022-02-20 18:10:15,873 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:15,874 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:15,874 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1019913621] [2022-02-20 18:10:15,874 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1019913621] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:15,874 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:15,874 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:15,875 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [227589420] [2022-02-20 18:10:15,875 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:15,876 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:15,877 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:15,877 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,895 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:15,896 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:15,896 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:15,897 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:15,898 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:15,898 INFO L87 Difference]: Start difference. First operand 73 states and 94 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,008 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,015 INFO L93 Difference]: Finished difference Result 112 states and 144 transitions. [2022-02-20 18:10:16,015 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:16,016 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:16,016 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:16,016 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,024 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 144 transitions. [2022-02-20 18:10:16,024 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,042 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 144 transitions. [2022-02-20 18:10:16,042 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 144 transitions. [2022-02-20 18:10:16,193 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 144 edges. 144 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:16,196 INFO L225 Difference]: With dead ends: 112 [2022-02-20 18:10:16,196 INFO L226 Difference]: Without dead ends: 64 [2022-02-20 18:10:16,197 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:16,198 INFO L933 BasicCegarLoop]: 81 mSDtfsCounter, 12 mSDsluCounter, 65 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 146 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:16,199 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 146 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:16,200 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2022-02-20 18:10:16,205 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 64. [2022-02-20 18:10:16,205 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:16,206 INFO L82 GeneralOperation]: Start isEquivalent. First operand 64 states. Second operand has 64 states, 48 states have (on average 1.3333333333333333) internal successors, (64), 55 states have internal predecessors, (64), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,207 INFO L74 IsIncluded]: Start isIncluded. First operand 64 states. Second operand has 64 states, 48 states have (on average 1.3333333333333333) internal successors, (64), 55 states have internal predecessors, (64), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,207 INFO L87 Difference]: Start difference. First operand 64 states. Second operand has 64 states, 48 states have (on average 1.3333333333333333) internal successors, (64), 55 states have internal predecessors, (64), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,211 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,211 INFO L93 Difference]: Finished difference Result 64 states and 82 transitions. [2022-02-20 18:10:16,211 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 82 transitions. [2022-02-20 18:10:16,212 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,212 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,212 INFO L74 IsIncluded]: Start isIncluded. First operand has 64 states, 48 states have (on average 1.3333333333333333) internal successors, (64), 55 states have internal predecessors, (64), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) Second operand 64 states. [2022-02-20 18:10:16,213 INFO L87 Difference]: Start difference. First operand has 64 states, 48 states have (on average 1.3333333333333333) internal successors, (64), 55 states have internal predecessors, (64), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) Second operand 64 states. [2022-02-20 18:10:16,216 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,217 INFO L93 Difference]: Finished difference Result 64 states and 82 transitions. [2022-02-20 18:10:16,217 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 82 transitions. [2022-02-20 18:10:16,218 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,218 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,218 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:16,218 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:16,219 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 64 states, 48 states have (on average 1.3333333333333333) internal successors, (64), 55 states have internal predecessors, (64), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,222 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 82 transitions. [2022-02-20 18:10:16,222 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 82 transitions. Word has length 20 [2022-02-20 18:10:16,222 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:16,223 INFO L470 AbstractCegarLoop]: Abstraction has 64 states and 82 transitions. [2022-02-20 18:10:16,223 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,223 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 82 transitions. [2022-02-20 18:10:16,224 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:10:16,224 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:16,224 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:16,224 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:10:16,225 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:16,225 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:16,225 INFO L85 PathProgramCache]: Analyzing trace with hash 1950570308, now seen corresponding path program 1 times [2022-02-20 18:10:16,226 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:16,226 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [448690033] [2022-02-20 18:10:16,226 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:16,226 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:16,252 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:16,313 INFO L290 TraceCheckUtils]: 0: Hoare triple {962#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {964#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:16,313 INFO L290 TraceCheckUtils]: 1: Hoare triple {964#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {964#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:16,314 INFO L290 TraceCheckUtils]: 2: Hoare triple {964#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {964#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:16,314 INFO L290 TraceCheckUtils]: 3: Hoare triple {964#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {965#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:10:16,315 INFO L290 TraceCheckUtils]: 4: Hoare triple {965#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {966#(= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)} is VALID [2022-02-20 18:10:16,316 INFO L290 TraceCheckUtils]: 5: Hoare triple {966#(= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,316 INFO L290 TraceCheckUtils]: 6: Hoare triple {967#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,317 INFO L290 TraceCheckUtils]: 7: Hoare triple {967#(not (= 0 ~systemActive~0))} assume !false; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,318 INFO L290 TraceCheckUtils]: 8: Hoare triple {967#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,319 INFO L290 TraceCheckUtils]: 9: Hoare triple {967#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,319 INFO L290 TraceCheckUtils]: 10: Hoare triple {967#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~3#1); {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,324 INFO L290 TraceCheckUtils]: 11: Hoare triple {967#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,324 INFO L290 TraceCheckUtils]: 12: Hoare triple {967#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~1#1); {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,325 INFO L290 TraceCheckUtils]: 13: Hoare triple {967#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,325 INFO L290 TraceCheckUtils]: 14: Hoare triple {967#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___2~0#1; {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,326 INFO L272 TraceCheckUtils]: 15: Hoare triple {967#(not (= 0 ~systemActive~0))} call timeShift(); {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,326 INFO L290 TraceCheckUtils]: 16: Hoare triple {967#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {967#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,327 INFO L290 TraceCheckUtils]: 17: Hoare triple {967#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {963#false} is VALID [2022-02-20 18:10:16,327 INFO L290 TraceCheckUtils]: 18: Hoare triple {963#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret45#1, __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_~tmp~8#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~8#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {963#false} is VALID [2022-02-20 18:10:16,327 INFO L290 TraceCheckUtils]: 19: Hoare triple {963#false} __utac_acc__Specification4_spec__1_#t~ret45#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret45#1 && __utac_acc__Specification4_spec__1_#t~ret45#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~8#1 := __utac_acc__Specification4_spec__1_#t~ret45#1;havoc __utac_acc__Specification4_spec__1_#t~ret45#1; {963#false} is VALID [2022-02-20 18:10:16,327 INFO L290 TraceCheckUtils]: 20: Hoare triple {963#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {963#false} is VALID [2022-02-20 18:10:16,327 INFO L290 TraceCheckUtils]: 21: Hoare triple {963#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {963#false} is VALID [2022-02-20 18:10:16,327 INFO L290 TraceCheckUtils]: 22: Hoare triple {963#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {963#false} is VALID [2022-02-20 18:10:16,328 INFO L290 TraceCheckUtils]: 23: Hoare triple {963#false} assume !false; {963#false} is VALID [2022-02-20 18:10:16,328 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:16,328 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:16,328 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [448690033] [2022-02-20 18:10:16,329 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [448690033] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:16,329 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:16,329 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:16,329 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2001184472] [2022-02-20 18:10:16,329 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:16,330 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:16,330 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:16,330 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,357 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:16,357 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:16,357 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:16,358 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:16,358 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:16,358 INFO L87 Difference]: Start difference. First operand 64 states and 82 transitions. Second operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,652 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,652 INFO L93 Difference]: Finished difference Result 121 states and 158 transitions. [2022-02-20 18:10:16,652 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:16,652 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:16,653 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:16,653 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,656 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 158 transitions. [2022-02-20 18:10:16,656 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,667 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 158 transitions. [2022-02-20 18:10:16,667 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 158 transitions. [2022-02-20 18:10:16,793 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 158 edges. 158 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:16,796 INFO L225 Difference]: With dead ends: 121 [2022-02-20 18:10:16,796 INFO L226 Difference]: Without dead ends: 64 [2022-02-20 18:10:16,800 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:16,808 INFO L933 BasicCegarLoop]: 75 mSDtfsCounter, 157 mSDsluCounter, 88 mSDsCounter, 0 mSdLazyCounter, 41 mSolverCounterSat, 27 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 157 SdHoareTripleChecker+Valid, 163 SdHoareTripleChecker+Invalid, 68 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 27 IncrementalHoareTripleChecker+Valid, 41 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:16,809 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [157 Valid, 163 Invalid, 68 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [27 Valid, 41 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:16,811 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 64 states. [2022-02-20 18:10:16,821 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 64 to 64. [2022-02-20 18:10:16,823 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:16,824 INFO L82 GeneralOperation]: Start isEquivalent. First operand 64 states. Second operand has 64 states, 48 states have (on average 1.3125) internal successors, (63), 55 states have internal predecessors, (63), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,824 INFO L74 IsIncluded]: Start isIncluded. First operand 64 states. Second operand has 64 states, 48 states have (on average 1.3125) internal successors, (63), 55 states have internal predecessors, (63), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,825 INFO L87 Difference]: Start difference. First operand 64 states. Second operand has 64 states, 48 states have (on average 1.3125) internal successors, (63), 55 states have internal predecessors, (63), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,828 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,830 INFO L93 Difference]: Finished difference Result 64 states and 81 transitions. [2022-02-20 18:10:16,831 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 81 transitions. [2022-02-20 18:10:16,832 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,833 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,834 INFO L74 IsIncluded]: Start isIncluded. First operand has 64 states, 48 states have (on average 1.3125) internal successors, (63), 55 states have internal predecessors, (63), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) Second operand 64 states. [2022-02-20 18:10:16,834 INFO L87 Difference]: Start difference. First operand has 64 states, 48 states have (on average 1.3125) internal successors, (63), 55 states have internal predecessors, (63), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) Second operand 64 states. [2022-02-20 18:10:16,838 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,840 INFO L93 Difference]: Finished difference Result 64 states and 81 transitions. [2022-02-20 18:10:16,840 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 81 transitions. [2022-02-20 18:10:16,841 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,844 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,844 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:16,844 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:16,845 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 64 states, 48 states have (on average 1.3125) internal successors, (63), 55 states have internal predecessors, (63), 9 states have call successors, (9), 6 states have call predecessors, (9), 6 states have return successors, (9), 5 states have call predecessors, (9), 9 states have call successors, (9) [2022-02-20 18:10:16,847 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 64 states to 64 states and 81 transitions. [2022-02-20 18:10:16,850 INFO L78 Accepts]: Start accepts. Automaton has 64 states and 81 transitions. Word has length 24 [2022-02-20 18:10:16,850 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:16,850 INFO L470 AbstractCegarLoop]: Abstraction has 64 states and 81 transitions. [2022-02-20 18:10:16,850 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,851 INFO L276 IsEmpty]: Start isEmpty. Operand 64 states and 81 transitions. [2022-02-20 18:10:16,852 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 35 [2022-02-20 18:10:16,852 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:16,852 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:16,852 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:10:16,853 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:16,854 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:16,855 INFO L85 PathProgramCache]: Analyzing trace with hash -1483904855, now seen corresponding path program 1 times [2022-02-20 18:10:16,855 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:16,856 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1668170103] [2022-02-20 18:10:16,856 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:16,856 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:16,887 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:16,951 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:10:16,954 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:16,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:10:16,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:16,960 INFO L290 TraceCheckUtils]: 0: Hoare triple {1370#true} assume true; {1370#true} is VALID [2022-02-20 18:10:16,960 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1370#true} {1370#true} #234#return; {1370#true} is VALID [2022-02-20 18:10:16,961 INFO L290 TraceCheckUtils]: 0: Hoare triple {1382#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {1370#true} is VALID [2022-02-20 18:10:16,961 INFO L290 TraceCheckUtils]: 1: Hoare triple {1370#true} assume !(0 != ~pumpRunning~0); {1370#true} is VALID [2022-02-20 18:10:16,961 INFO L272 TraceCheckUtils]: 2: Hoare triple {1370#true} call processEnvironment__wrappee__base(); {1370#true} is VALID [2022-02-20 18:10:16,961 INFO L290 TraceCheckUtils]: 3: Hoare triple {1370#true} assume true; {1370#true} is VALID [2022-02-20 18:10:16,961 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {1370#true} {1370#true} #234#return; {1370#true} is VALID [2022-02-20 18:10:16,961 INFO L290 TraceCheckUtils]: 5: Hoare triple {1370#true} assume true; {1370#true} is VALID [2022-02-20 18:10:16,962 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {1370#true} {1372#(= ~waterLevel~0 1)} #220#return; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {1370#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,963 INFO L290 TraceCheckUtils]: 1: Hoare triple {1372#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,963 INFO L290 TraceCheckUtils]: 2: Hoare triple {1372#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,964 INFO L290 TraceCheckUtils]: 3: Hoare triple {1372#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,964 INFO L290 TraceCheckUtils]: 4: Hoare triple {1372#(= ~waterLevel~0 1)} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,964 INFO L290 TraceCheckUtils]: 5: Hoare triple {1372#(= ~waterLevel~0 1)} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,965 INFO L290 TraceCheckUtils]: 6: Hoare triple {1372#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,965 INFO L290 TraceCheckUtils]: 7: Hoare triple {1372#(= ~waterLevel~0 1)} assume !false; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,966 INFO L290 TraceCheckUtils]: 8: Hoare triple {1372#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,966 INFO L290 TraceCheckUtils]: 9: Hoare triple {1372#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,966 INFO L290 TraceCheckUtils]: 10: Hoare triple {1372#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~3#1); {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,967 INFO L290 TraceCheckUtils]: 11: Hoare triple {1372#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,967 INFO L290 TraceCheckUtils]: 12: Hoare triple {1372#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~1#1); {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,967 INFO L290 TraceCheckUtils]: 13: Hoare triple {1372#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,968 INFO L290 TraceCheckUtils]: 14: Hoare triple {1372#(= ~waterLevel~0 1)} assume 0 != test_~tmp___2~0#1; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,968 INFO L272 TraceCheckUtils]: 15: Hoare triple {1372#(= ~waterLevel~0 1)} call timeShift(); {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,969 INFO L290 TraceCheckUtils]: 16: Hoare triple {1372#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,969 INFO L290 TraceCheckUtils]: 17: Hoare triple {1372#(= ~waterLevel~0 1)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,969 INFO L290 TraceCheckUtils]: 18: Hoare triple {1372#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,970 INFO L272 TraceCheckUtils]: 19: Hoare triple {1372#(= ~waterLevel~0 1)} call processEnvironment__wrappee__lowWaterSensor(); {1382#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:10:16,970 INFO L290 TraceCheckUtils]: 20: Hoare triple {1382#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {1370#true} is VALID [2022-02-20 18:10:16,970 INFO L290 TraceCheckUtils]: 21: Hoare triple {1370#true} assume !(0 != ~pumpRunning~0); {1370#true} is VALID [2022-02-20 18:10:16,971 INFO L272 TraceCheckUtils]: 22: Hoare triple {1370#true} call processEnvironment__wrappee__base(); {1370#true} is VALID [2022-02-20 18:10:16,971 INFO L290 TraceCheckUtils]: 23: Hoare triple {1370#true} assume true; {1370#true} is VALID [2022-02-20 18:10:16,971 INFO L284 TraceCheckUtils]: 24: Hoare quadruple {1370#true} {1370#true} #234#return; {1370#true} is VALID [2022-02-20 18:10:16,971 INFO L290 TraceCheckUtils]: 25: Hoare triple {1370#true} assume true; {1370#true} is VALID [2022-02-20 18:10:16,971 INFO L284 TraceCheckUtils]: 26: Hoare quadruple {1370#true} {1372#(= ~waterLevel~0 1)} #220#return; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,972 INFO L290 TraceCheckUtils]: 27: Hoare triple {1372#(= ~waterLevel~0 1)} assume { :end_inline_processEnvironment } true; {1372#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,972 INFO L290 TraceCheckUtils]: 28: Hoare triple {1372#(= ~waterLevel~0 1)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret45#1, __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_~tmp~8#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~8#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {1380#(= |timeShift_getWaterLevel_#res#1| 1)} is VALID [2022-02-20 18:10:16,973 INFO L290 TraceCheckUtils]: 29: Hoare triple {1380#(= |timeShift_getWaterLevel_#res#1| 1)} __utac_acc__Specification4_spec__1_#t~ret45#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret45#1 && __utac_acc__Specification4_spec__1_#t~ret45#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~8#1 := __utac_acc__Specification4_spec__1_#t~ret45#1;havoc __utac_acc__Specification4_spec__1_#t~ret45#1; {1381#(= (+ (- 1) |timeShift___utac_acc__Specification4_spec__1_~tmp~8#1|) 0)} is VALID [2022-02-20 18:10:16,973 INFO L290 TraceCheckUtils]: 30: Hoare triple {1381#(= (+ (- 1) |timeShift___utac_acc__Specification4_spec__1_~tmp~8#1|) 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1371#false} is VALID [2022-02-20 18:10:16,974 INFO L290 TraceCheckUtils]: 31: Hoare triple {1371#false} __utac_acc__Specification4_spec__1_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {1371#false} is VALID [2022-02-20 18:10:16,974 INFO L290 TraceCheckUtils]: 32: Hoare triple {1371#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {1371#false} is VALID [2022-02-20 18:10:16,974 INFO L290 TraceCheckUtils]: 33: Hoare triple {1371#false} assume !false; {1371#false} is VALID [2022-02-20 18:10:16,974 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:16,974 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:16,975 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1668170103] [2022-02-20 18:10:16,975 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1668170103] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:16,975 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:16,975 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:10:16,975 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1682538116] [2022-02-20 18:10:16,975 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:16,976 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 34 [2022-02-20 18:10:16,976 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:16,976 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:17,001 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 34 edges. 34 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,002 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:17,002 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:17,002 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:17,002 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:17,003 INFO L87 Difference]: Start difference. First operand 64 states and 81 transitions. Second operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:17,539 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,539 INFO L93 Difference]: Finished difference Result 193 states and 253 transitions. [2022-02-20 18:10:17,539 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 9 states. [2022-02-20 18:10:17,540 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) Word has length 34 [2022-02-20 18:10:17,540 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:17,540 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:17,544 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 253 transitions. [2022-02-20 18:10:17,545 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:17,549 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 9 states to 9 states and 253 transitions. [2022-02-20 18:10:17,549 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 9 states and 253 transitions. [2022-02-20 18:10:17,733 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 253 edges. 253 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,737 INFO L225 Difference]: With dead ends: 193 [2022-02-20 18:10:17,737 INFO L226 Difference]: Without dead ends: 136 [2022-02-20 18:10:17,738 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 15 GetRequests, 6 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=40, Invalid=70, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:10:17,739 INFO L933 BasicCegarLoop]: 77 mSDtfsCounter, 117 mSDsluCounter, 227 mSDsCounter, 0 mSdLazyCounter, 139 mSolverCounterSat, 37 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 120 SdHoareTripleChecker+Valid, 304 SdHoareTripleChecker+Invalid, 176 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 37 IncrementalHoareTripleChecker+Valid, 139 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:17,739 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [120 Valid, 304 Invalid, 176 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [37 Valid, 139 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:17,740 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 136 states. [2022-02-20 18:10:17,751 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 136 to 114. [2022-02-20 18:10:17,751 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:17,752 INFO L82 GeneralOperation]: Start isEquivalent. First operand 136 states. Second operand has 114 states, 84 states have (on average 1.3095238095238095) internal successors, (110), 96 states have internal predecessors, (110), 18 states have call successors, (18), 12 states have call predecessors, (18), 11 states have return successors, (19), 9 states have call predecessors, (19), 18 states have call successors, (19) [2022-02-20 18:10:17,752 INFO L74 IsIncluded]: Start isIncluded. First operand 136 states. Second operand has 114 states, 84 states have (on average 1.3095238095238095) internal successors, (110), 96 states have internal predecessors, (110), 18 states have call successors, (18), 12 states have call predecessors, (18), 11 states have return successors, (19), 9 states have call predecessors, (19), 18 states have call successors, (19) [2022-02-20 18:10:17,753 INFO L87 Difference]: Start difference. First operand 136 states. Second operand has 114 states, 84 states have (on average 1.3095238095238095) internal successors, (110), 96 states have internal predecessors, (110), 18 states have call successors, (18), 12 states have call predecessors, (18), 11 states have return successors, (19), 9 states have call predecessors, (19), 18 states have call successors, (19) [2022-02-20 18:10:17,758 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,758 INFO L93 Difference]: Finished difference Result 136 states and 173 transitions. [2022-02-20 18:10:17,758 INFO L276 IsEmpty]: Start isEmpty. Operand 136 states and 173 transitions. [2022-02-20 18:10:17,759 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,759 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,760 INFO L74 IsIncluded]: Start isIncluded. First operand has 114 states, 84 states have (on average 1.3095238095238095) internal successors, (110), 96 states have internal predecessors, (110), 18 states have call successors, (18), 12 states have call predecessors, (18), 11 states have return successors, (19), 9 states have call predecessors, (19), 18 states have call successors, (19) Second operand 136 states. [2022-02-20 18:10:17,760 INFO L87 Difference]: Start difference. First operand has 114 states, 84 states have (on average 1.3095238095238095) internal successors, (110), 96 states have internal predecessors, (110), 18 states have call successors, (18), 12 states have call predecessors, (18), 11 states have return successors, (19), 9 states have call predecessors, (19), 18 states have call successors, (19) Second operand 136 states. [2022-02-20 18:10:17,765 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,765 INFO L93 Difference]: Finished difference Result 136 states and 173 transitions. [2022-02-20 18:10:17,766 INFO L276 IsEmpty]: Start isEmpty. Operand 136 states and 173 transitions. [2022-02-20 18:10:17,766 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,766 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,766 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:17,766 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:17,767 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 114 states, 84 states have (on average 1.3095238095238095) internal successors, (110), 96 states have internal predecessors, (110), 18 states have call successors, (18), 12 states have call predecessors, (18), 11 states have return successors, (19), 9 states have call predecessors, (19), 18 states have call successors, (19) [2022-02-20 18:10:17,771 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 114 states to 114 states and 147 transitions. [2022-02-20 18:10:17,771 INFO L78 Accepts]: Start accepts. Automaton has 114 states and 147 transitions. Word has length 34 [2022-02-20 18:10:17,771 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:17,772 INFO L470 AbstractCegarLoop]: Abstraction has 114 states and 147 transitions. [2022-02-20 18:10:17,772 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 2 states have call successors, (3), 3 states have call predecessors, (3), 1 states have return successors, (2), 2 states have call predecessors, (2), 2 states have call successors, (2) [2022-02-20 18:10:17,772 INFO L276 IsEmpty]: Start isEmpty. Operand 114 states and 147 transitions. [2022-02-20 18:10:17,773 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 39 [2022-02-20 18:10:17,773 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:17,773 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:17,773 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:10:17,773 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:17,774 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:17,774 INFO L85 PathProgramCache]: Analyzing trace with hash 1136708431, now seen corresponding path program 1 times [2022-02-20 18:10:17,774 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:17,775 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [99632053] [2022-02-20 18:10:17,775 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:17,775 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:17,802 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,857 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:17,863 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,869 INFO L290 TraceCheckUtils]: 0: Hoare triple {2128#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2113#true} is VALID [2022-02-20 18:10:17,870 INFO L290 TraceCheckUtils]: 1: Hoare triple {2113#true} assume true; {2113#true} is VALID [2022-02-20 18:10:17,871 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2113#true} {2115#(= ~pumpRunning~0 0)} #222#return; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,875 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 23 [2022-02-20 18:10:17,881 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,890 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 2 [2022-02-20 18:10:17,891 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,894 INFO L290 TraceCheckUtils]: 0: Hoare triple {2113#true} assume true; {2113#true} is VALID [2022-02-20 18:10:17,894 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {2113#true} {2115#(= ~pumpRunning~0 0)} #234#return; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,895 INFO L290 TraceCheckUtils]: 0: Hoare triple {2129#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {2113#true} is VALID [2022-02-20 18:10:17,896 INFO L290 TraceCheckUtils]: 1: Hoare triple {2113#true} assume !(0 != ~pumpRunning~0); {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,896 INFO L272 TraceCheckUtils]: 2: Hoare triple {2115#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {2113#true} is VALID [2022-02-20 18:10:17,896 INFO L290 TraceCheckUtils]: 3: Hoare triple {2113#true} assume true; {2113#true} is VALID [2022-02-20 18:10:17,897 INFO L284 TraceCheckUtils]: 4: Hoare quadruple {2113#true} {2115#(= ~pumpRunning~0 0)} #234#return; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,897 INFO L290 TraceCheckUtils]: 5: Hoare triple {2115#(= ~pumpRunning~0 0)} assume true; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,898 INFO L284 TraceCheckUtils]: 6: Hoare quadruple {2115#(= ~pumpRunning~0 0)} {2115#(= ~pumpRunning~0 0)} #220#return; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,898 INFO L290 TraceCheckUtils]: 0: Hoare triple {2113#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(30, 12);call #Ultimate.allocInit(9, 13);call #Ultimate.allocInit(21, 14);call #Ultimate.allocInit(30, 15);call #Ultimate.allocInit(9, 16);call #Ultimate.allocInit(21, 17);call #Ultimate.allocInit(30, 18);call #Ultimate.allocInit(9, 19);call #Ultimate.allocInit(25, 20);call #Ultimate.allocInit(30, 21);call #Ultimate.allocInit(9, 22);call #Ultimate.allocInit(25, 23);call #Ultimate.allocInit(13, 24);call #Ultimate.allocInit(7, 25);call write~init~int(44, 25, 0, 1);call write~init~int(77, 25, 1, 1);call write~init~int(101, 25, 2, 1);call write~init~int(116, 25, 3, 1);call write~init~int(104, 25, 4, 1);call write~init~int(58, 25, 5, 1);call write~init~int(0, 25, 6, 1);call #Ultimate.allocInit(5, 26);call write~init~int(67, 26, 0, 1);call write~init~int(82, 26, 1, 1);call write~init~int(73, 26, 2, 1);call write~init~int(84, 26, 3, 1);call write~init~int(0, 26, 4, 1);call #Ultimate.allocInit(3, 27);call write~init~int(79, 27, 0, 1);call write~init~int(75, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(41, 28, 0, 1);call write~init~int(0, 28, 1, 1);~pumpRunning~0 := 0;~systemActive~0 := 1;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,899 INFO L290 TraceCheckUtils]: 1: Hoare triple {2115#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret44#1, main_~retValue_acc~8#1, main_~tmp~7#1;havoc main_~retValue_acc~8#1;havoc main_~tmp~7#1;assume { :begin_inline_select_helpers } true; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,899 INFO L290 TraceCheckUtils]: 2: Hoare triple {2115#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,899 INFO L290 TraceCheckUtils]: 3: Hoare triple {2115#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,900 INFO L290 TraceCheckUtils]: 4: Hoare triple {2115#(= ~pumpRunning~0 0)} main_#t~ret44#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret44#1 && main_#t~ret44#1 <= 2147483647;main_~tmp~7#1 := main_#t~ret44#1;havoc main_#t~ret44#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,900 INFO L290 TraceCheckUtils]: 5: Hoare triple {2115#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~7#1;assume { :begin_inline_setup } true; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,901 INFO L290 TraceCheckUtils]: 6: Hoare triple {2115#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet16#1, test_#t~nondet17#1, test_#t~nondet18#1, test_#t~nondet19#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~1#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~1#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,901 INFO L290 TraceCheckUtils]: 7: Hoare triple {2115#(= ~pumpRunning~0 0)} assume !false; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,901 INFO L290 TraceCheckUtils]: 8: Hoare triple {2115#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,902 INFO L290 TraceCheckUtils]: 9: Hoare triple {2115#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet16#1 && test_#t~nondet16#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet16#1;havoc test_#t~nondet16#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,902 INFO L290 TraceCheckUtils]: 10: Hoare triple {2115#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~3#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,903 INFO L272 TraceCheckUtils]: 11: Hoare triple {2115#(= ~pumpRunning~0 0)} call waterRise(); {2128#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:17,903 INFO L290 TraceCheckUtils]: 12: Hoare triple {2128#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2113#true} is VALID [2022-02-20 18:10:17,903 INFO L290 TraceCheckUtils]: 13: Hoare triple {2113#true} assume true; {2113#true} is VALID [2022-02-20 18:10:17,904 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {2113#true} {2115#(= ~pumpRunning~0 0)} #222#return; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,904 INFO L290 TraceCheckUtils]: 15: Hoare triple {2115#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet17#1 && test_#t~nondet17#1 <= 2147483647;test_~tmp___0~1#1 := test_#t~nondet17#1;havoc test_#t~nondet17#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,904 INFO L290 TraceCheckUtils]: 16: Hoare triple {2115#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~1#1); {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,905 INFO L290 TraceCheckUtils]: 17: Hoare triple {2115#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet18#1 && test_#t~nondet18#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet18#1;havoc test_#t~nondet18#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,905 INFO L290 TraceCheckUtils]: 18: Hoare triple {2115#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,906 INFO L272 TraceCheckUtils]: 19: Hoare triple {2115#(= ~pumpRunning~0 0)} call timeShift(); {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,906 INFO L290 TraceCheckUtils]: 20: Hoare triple {2115#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,906 INFO L290 TraceCheckUtils]: 21: Hoare triple {2115#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret5#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,907 INFO L290 TraceCheckUtils]: 22: Hoare triple {2115#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,907 INFO L272 TraceCheckUtils]: 23: Hoare triple {2115#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__lowWaterSensor(); {2129#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} is VALID [2022-02-20 18:10:17,907 INFO L290 TraceCheckUtils]: 24: Hoare triple {2129#(= ~pumpRunning~0 |old(~pumpRunning~0)|)} havoc ~tmp~0#1; {2113#true} is VALID [2022-02-20 18:10:17,908 INFO L290 TraceCheckUtils]: 25: Hoare triple {2113#true} assume !(0 != ~pumpRunning~0); {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,908 INFO L272 TraceCheckUtils]: 26: Hoare triple {2115#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {2113#true} is VALID [2022-02-20 18:10:17,908 INFO L290 TraceCheckUtils]: 27: Hoare triple {2113#true} assume true; {2113#true} is VALID [2022-02-20 18:10:17,918 INFO L284 TraceCheckUtils]: 28: Hoare quadruple {2113#true} {2115#(= ~pumpRunning~0 0)} #234#return; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,918 INFO L290 TraceCheckUtils]: 29: Hoare triple {2115#(= ~pumpRunning~0 0)} assume true; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,919 INFO L284 TraceCheckUtils]: 30: Hoare quadruple {2115#(= ~pumpRunning~0 0)} {2115#(= ~pumpRunning~0 0)} #220#return; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,919 INFO L290 TraceCheckUtils]: 31: Hoare triple {2115#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,919 INFO L290 TraceCheckUtils]: 32: Hoare triple {2115#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret45#1, __utac_acc__Specification4_spec__1_#t~ret46#1, __utac_acc__Specification4_spec__1_~tmp~8#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~8#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~10#1;havoc getWaterLevel_~retValue_acc~10#1;getWaterLevel_~retValue_acc~10#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~10#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,920 INFO L290 TraceCheckUtils]: 33: Hoare triple {2115#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret45#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret45#1 && __utac_acc__Specification4_spec__1_#t~ret45#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~8#1 := __utac_acc__Specification4_spec__1_#t~ret45#1;havoc __utac_acc__Specification4_spec__1_#t~ret45#1; {2115#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,920 INFO L290 TraceCheckUtils]: 34: Hoare triple {2115#(= ~pumpRunning~0 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~8#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {2126#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:10:17,921 INFO L290 TraceCheckUtils]: 35: Hoare triple {2126#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification4_spec__1_#t~ret46#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret46#1 && __utac_acc__Specification4_spec__1_#t~ret46#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret46#1;havoc __utac_acc__Specification4_spec__1_#t~ret46#1; {2127#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:17,921 INFO L290 TraceCheckUtils]: 36: Hoare triple {2127#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {2114#false} is VALID [2022-02-20 18:10:17,921 INFO L290 TraceCheckUtils]: 37: Hoare triple {2114#false} assume !false; {2114#false} is VALID [2022-02-20 18:10:17,922 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:17,922 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:17,922 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [99632053] [2022-02-20 18:10:17,922 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [99632053] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:17,922 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:17,922 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [7] imperfect sequences [] total 7 [2022-02-20 18:10:17,922 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [996526071] [2022-02-20 18:10:17,923 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:17,923 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 38 [2022-02-20 18:10:17,923 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:17,924 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:10:17,953 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 38 edges. 38 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,954 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 7 states [2022-02-20 18:10:17,954 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:17,954 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 7 interpolants. [2022-02-20 18:10:17,954 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=11, Invalid=31, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:17,955 INFO L87 Difference]: Start difference. First operand 114 states and 147 transitions. Second operand has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:10:18,249 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,249 INFO L93 Difference]: Finished difference Result 191 states and 249 transitions. [2022-02-20 18:10:18,249 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:10:18,250 INFO L78 Accepts]: Start accepts. Automaton has has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) Word has length 38 [2022-02-20 18:10:18,250 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:18,250 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:10:18,253 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 137 transitions. [2022-02-20 18:10:18,253 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:10:18,255 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 137 transitions. [2022-02-20 18:10:18,256 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 137 transitions. [2022-02-20 18:10:18,377 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 137 edges. 137 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:18,377 INFO L225 Difference]: With dead ends: 191 [2022-02-20 18:10:18,377 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:10:18,378 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 18 GetRequests, 9 SyntacticMatches, 0 SemanticMatches, 9 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 3 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=39, Invalid=71, Unknown=0, NotChecked=0, Total=110 [2022-02-20 18:10:18,379 INFO L933 BasicCegarLoop]: 41 mSDtfsCounter, 69 mSDsluCounter, 98 mSDsCounter, 0 mSdLazyCounter, 75 mSolverCounterSat, 20 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 70 SdHoareTripleChecker+Valid, 139 SdHoareTripleChecker+Invalid, 95 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 20 IncrementalHoareTripleChecker+Valid, 75 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:18,380 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [70 Valid, 139 Invalid, 95 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [20 Valid, 75 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:18,380 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:10:18,380 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:10:18,380 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:18,381 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,381 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,381 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,381 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,381 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:18,381 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:18,382 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,382 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,382 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:18,382 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:18,382 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,382 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:18,382 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:18,383 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,383 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,383 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:18,383 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:18,383 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,383 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:10:18,384 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 38 [2022-02-20 18:10:18,384 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:18,384 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:10:18,384 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 7 states, 7 states have (on average 4.428571428571429) internal successors, (31), 5 states have internal predecessors, (31), 1 states have call successors, (4), 4 states have call predecessors, (4), 2 states have return successors, (3), 1 states have call predecessors, (3), 1 states have call successors, (3) [2022-02-20 18:10:18,384 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:18,384 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,387 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:18,391 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:10:18,393 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:10:18,935 INFO L861 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 154 161) the Hoare annotation is: true [2022-02-20 18:10:18,935 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 154 161) no Hoare annotation was computed. [2022-02-20 18:10:18,935 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 154 161) no Hoare annotation was computed. [2022-02-20 18:10:18,936 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 87 93) no Hoare annotation was computed. [2022-02-20 18:10:18,936 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 87 93) the Hoare annotation is: true [2022-02-20 18:10:18,936 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 868 879) the Hoare annotation is: true [2022-02-20 18:10:18,936 INFO L858 garLoopResultBuilder]: For program point L872-1(lines 868 879) no Hoare annotation was computed. [2022-02-20 18:10:18,936 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 868 879) no Hoare annotation was computed. [2022-02-20 18:10:18,936 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 720 749) no Hoare annotation was computed. [2022-02-20 18:10:18,936 INFO L858 garLoopResultBuilder]: For program point L734(lines 734 738) no Hoare annotation was computed. [2022-02-20 18:10:18,936 INFO L861 garLoopResultBuilder]: At program point L734-1(lines 734 738) the Hoare annotation is: true [2022-02-20 18:10:18,936 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 720 749) the Hoare annotation is: true [2022-02-20 18:10:18,936 INFO L858 garLoopResultBuilder]: For program point L731(line 731) no Hoare annotation was computed. [2022-02-20 18:10:18,936 INFO L861 garLoopResultBuilder]: At program point L730-2(lines 730 744) the Hoare annotation is: true [2022-02-20 18:10:18,936 INFO L861 garLoopResultBuilder]: At program point L726(line 726) the Hoare annotation is: true [2022-02-20 18:10:18,937 INFO L858 garLoopResultBuilder]: For program point L726-1(line 726) no Hoare annotation was computed. [2022-02-20 18:10:18,937 INFO L861 garLoopResultBuilder]: At program point L745(lines 720 749) the Hoare annotation is: true [2022-02-20 18:10:18,937 INFO L858 garLoopResultBuilder]: For program point L741(line 741) no Hoare annotation was computed. [2022-02-20 18:10:18,937 INFO L858 garLoopResultBuilder]: For program point L828(lines 828 834) no Hoare annotation was computed. [2022-02-20 18:10:18,937 INFO L858 garLoopResultBuilder]: For program point L824(lines 824 837) no Hoare annotation was computed. [2022-02-20 18:10:18,937 INFO L854 garLoopResultBuilder]: At program point L824-1(lines 816 840) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and (= |timeShift___utac_acc__Specification4_spec__1_~tmp~8#1| 1) (= |timeShift_getWaterLevel_#res#1| 1))))) [2022-02-20 18:10:18,937 INFO L854 garLoopResultBuilder]: At program point L135(line 135) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,937 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 63 86) no Hoare annotation was computed. [2022-02-20 18:10:18,937 INFO L854 garLoopResultBuilder]: At program point L131(line 131) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,937 INFO L854 garLoopResultBuilder]: At program point L140(line 140) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,938 INFO L854 garLoopResultBuilder]: At program point L140-1(lines 121 145) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,941 INFO L854 garLoopResultBuilder]: At program point L169(lines 162 172) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,941 INFO L858 garLoopResultBuilder]: For program point L74-1(lines 74 80) no Hoare annotation was computed. [2022-02-20 18:10:18,941 INFO L858 garLoopResultBuilder]: For program point L310(line 310) no Hoare annotation was computed. [2022-02-20 18:10:18,941 INFO L854 garLoopResultBuilder]: At program point L917(lines 912 920) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (= |timeShift_getWaterLevel_#res#1| 1)) (or .cse0 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) .cse1))) [2022-02-20 18:10:18,941 INFO L854 garLoopResultBuilder]: At program point L178(lines 173 181) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (and (= ~pumpRunning~0 0) (= |timeShift_isPumpRunning_#res#1| 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1))) [2022-02-20 18:10:18,941 INFO L858 garLoopResultBuilder]: For program point L67-1(lines 66 85) no Hoare annotation was computed. [2022-02-20 18:10:18,941 INFO L858 garLoopResultBuilder]: For program point L129(lines 129 137) no Hoare annotation was computed. [2022-02-20 18:10:18,942 INFO L858 garLoopResultBuilder]: For program point L125(lines 125 142) no Hoare annotation was computed. [2022-02-20 18:10:18,942 INFO L854 garLoopResultBuilder]: At program point L311(lines 306 313) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,942 INFO L854 garLoopResultBuilder]: At program point L885(lines 880 888) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,942 INFO L858 garLoopResultBuilder]: For program point L848(lines 848 852) no Hoare annotation was computed. [2022-02-20 18:10:18,942 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 63 86) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,942 INFO L854 garLoopResultBuilder]: At program point L848-2(lines 844 855) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,942 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 63 86) no Hoare annotation was computed. [2022-02-20 18:10:18,942 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 310) no Hoare annotation was computed. [2022-02-20 18:10:18,942 INFO L858 garLoopResultBuilder]: For program point L287(lines 287 291) no Hoare annotation was computed. [2022-02-20 18:10:18,942 INFO L854 garLoopResultBuilder]: At program point L287-2(lines 281 292) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)) [2022-02-20 18:10:18,943 INFO L858 garLoopResultBuilder]: For program point L271(lines 271 277) no Hoare annotation was computed. [2022-02-20 18:10:18,943 INFO L858 garLoopResultBuilder]: For program point L271-1(lines 271 277) no Hoare annotation was computed. [2022-02-20 18:10:18,943 INFO L861 garLoopResultBuilder]: At program point L300(lines 241 304) the Hoare annotation is: true [2022-02-20 18:10:18,943 INFO L854 garLoopResultBuilder]: At program point L263(line 263) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)) [2022-02-20 18:10:18,944 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,945 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,945 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,946 INFO L861 garLoopResultBuilder]: At program point L788(lines 781 790) the Hoare annotation is: true [2022-02-20 18:10:18,946 INFO L854 garLoopResultBuilder]: At program point L714(lines 709 717) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:18,946 INFO L854 garLoopResultBuilder]: At program point L297(lines 250 298) the Hoare annotation is: false [2022-02-20 18:10:18,946 INFO L854 garLoopResultBuilder]: At program point L706(lines 702 708) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:18,946 INFO L858 garLoopResultBuilder]: For program point L801(lines 801 808) no Hoare annotation was computed. [2022-02-20 18:10:18,946 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,947 INFO L858 garLoopResultBuilder]: For program point L801-2(lines 801 808) no Hoare annotation was computed. [2022-02-20 18:10:18,947 INFO L858 garLoopResultBuilder]: For program point L252(lines 251 296) no Hoare annotation was computed. [2022-02-20 18:10:18,947 INFO L858 garLoopResultBuilder]: For program point L281(lines 281 292) no Hoare annotation was computed. [2022-02-20 18:10:18,947 INFO L854 garLoopResultBuilder]: At program point L273(line 273) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)) [2022-02-20 18:10:18,947 INFO L861 garLoopResultBuilder]: At program point L810(lines 791 813) the Hoare annotation is: true [2022-02-20 18:10:18,948 INFO L854 garLoopResultBuilder]: At program point L294(lines 251 296) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0) (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)) [2022-02-20 18:10:18,948 INFO L858 garLoopResultBuilder]: For program point L261(lines 261 267) no Hoare annotation was computed. [2022-02-20 18:10:18,948 INFO L858 garLoopResultBuilder]: For program point L261-1(lines 261 267) no Hoare annotation was computed. [2022-02-20 18:10:18,948 INFO L858 garLoopResultBuilder]: For program point L253(lines 253 257) no Hoare annotation was computed. [2022-02-20 18:10:18,948 INFO L854 garLoopResultBuilder]: At program point L699(lines 695 701) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:18,948 INFO L854 garLoopResultBuilder]: At program point L778(lines 774 780) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~7#1| ~systemActive~0)) [2022-02-20 18:10:18,949 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 856 867) no Hoare annotation was computed. [2022-02-20 18:10:18,949 INFO L858 garLoopResultBuilder]: For program point L860-1(lines 856 867) no Hoare annotation was computed. [2022-02-20 18:10:18,951 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 856 867) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (not (= 1 ~systemActive~0)) (= |old(~waterLevel~0)| ~waterLevel~0)) [2022-02-20 18:10:18,951 INFO L858 garLoopResultBuilder]: For program point L227-2(lines 227 231) no Hoare annotation was computed. [2022-02-20 18:10:18,952 INFO L854 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 95 119) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,952 INFO L854 garLoopResultBuilder]: At program point L114(line 114) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,952 INFO L858 garLoopResultBuilder]: For program point L114-1(lines 95 119) no Hoare annotation was computed. [2022-02-20 18:10:18,952 INFO L854 garLoopResultBuilder]: At program point L926(lines 921 929) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,952 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 95 119) no Hoare annotation was computed. [2022-02-20 18:10:18,952 INFO L854 garLoopResultBuilder]: At program point L109(line 109) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,953 INFO L854 garLoopResultBuilder]: At program point L233(lines 218 236) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,953 INFO L854 garLoopResultBuilder]: At program point L105(line 105) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0))) [2022-02-20 18:10:18,953 INFO L858 garLoopResultBuilder]: For program point L103(lines 103 111) no Hoare annotation was computed. [2022-02-20 18:10:18,953 INFO L858 garLoopResultBuilder]: For program point L99(lines 99 116) no Hoare annotation was computed. [2022-02-20 18:10:18,953 INFO L858 garLoopResultBuilder]: For program point L227(lines 227 231) no Hoare annotation was computed. [2022-02-20 18:10:18,958 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1] [2022-02-20 18:10:18,960 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:18,964 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:10:18,964 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:18,964 WARN L170 areAnnotationChecker]: L872-1 has no Hoare annotation [2022-02-20 18:10:18,964 WARN L170 areAnnotationChecker]: L872-1 has no Hoare annotation [2022-02-20 18:10:18,964 WARN L170 areAnnotationChecker]: L848 has no Hoare annotation [2022-02-20 18:10:18,964 WARN L170 areAnnotationChecker]: L67-1 has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: L860-1 has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: L860-1 has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: L99 has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: L872-1 has no Hoare annotation [2022-02-20 18:10:18,965 WARN L170 areAnnotationChecker]: L726-1 has no Hoare annotation [2022-02-20 18:10:18,966 WARN L170 areAnnotationChecker]: L848 has no Hoare annotation [2022-02-20 18:10:18,966 WARN L170 areAnnotationChecker]: L848 has no Hoare annotation [2022-02-20 18:10:18,966 WARN L170 areAnnotationChecker]: L67-1 has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: L67-1 has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: L860-1 has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: L99 has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: L99 has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:10:18,967 WARN L170 areAnnotationChecker]: L114-1 has no Hoare annotation [2022-02-20 18:10:18,968 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:10:18,968 WARN L170 areAnnotationChecker]: L726-1 has no Hoare annotation [2022-02-20 18:10:18,968 WARN L170 areAnnotationChecker]: L67-1 has no Hoare annotation [2022-02-20 18:10:18,968 WARN L170 areAnnotationChecker]: L125 has no Hoare annotation [2022-02-20 18:10:18,968 WARN L170 areAnnotationChecker]: L125 has no Hoare annotation [2022-02-20 18:10:18,968 WARN L170 areAnnotationChecker]: L74-1 has no Hoare annotation [2022-02-20 18:10:18,969 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:10:18,969 WARN L170 areAnnotationChecker]: L227 has no Hoare annotation [2022-02-20 18:10:18,969 WARN L170 areAnnotationChecker]: L114-1 has no Hoare annotation [2022-02-20 18:10:18,970 WARN L170 areAnnotationChecker]: L74-1 has no Hoare annotation [2022-02-20 18:10:18,970 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:10:18,970 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:10:18,970 WARN L170 areAnnotationChecker]: L271-1 has no Hoare annotation [2022-02-20 18:10:18,970 WARN L170 areAnnotationChecker]: L731 has no Hoare annotation [2022-02-20 18:10:18,971 WARN L170 areAnnotationChecker]: L824 has no Hoare annotation [2022-02-20 18:10:18,972 WARN L170 areAnnotationChecker]: L261-1 has no Hoare annotation [2022-02-20 18:10:18,972 WARN L170 areAnnotationChecker]: L227 has no Hoare annotation [2022-02-20 18:10:18,972 WARN L170 areAnnotationChecker]: L227 has no Hoare annotation [2022-02-20 18:10:18,972 WARN L170 areAnnotationChecker]: L281 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L281 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L731 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L129 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L824 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L824 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L801 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L271 has no Hoare annotation [2022-02-20 18:10:18,973 WARN L170 areAnnotationChecker]: L271 has no Hoare annotation [2022-02-20 18:10:18,974 WARN L170 areAnnotationChecker]: L227-2 has no Hoare annotation [2022-02-20 18:10:18,974 WARN L170 areAnnotationChecker]: L287 has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: L287 has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: L734 has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: L734 has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: L129 has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: L129 has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: L828 has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:18,975 WARN L170 areAnnotationChecker]: L801 has no Hoare annotation [2022-02-20 18:10:18,976 WARN L170 areAnnotationChecker]: L801 has no Hoare annotation [2022-02-20 18:10:18,976 WARN L170 areAnnotationChecker]: L271-1 has no Hoare annotation [2022-02-20 18:10:18,976 WARN L170 areAnnotationChecker]: L103 has no Hoare annotation [2022-02-20 18:10:18,976 WARN L170 areAnnotationChecker]: L252 has no Hoare annotation [2022-02-20 18:10:18,977 WARN L170 areAnnotationChecker]: L741 has no Hoare annotation [2022-02-20 18:10:18,978 WARN L170 areAnnotationChecker]: L828 has no Hoare annotation [2022-02-20 18:10:18,979 WARN L170 areAnnotationChecker]: L828 has no Hoare annotation [2022-02-20 18:10:18,979 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:18,980 WARN L170 areAnnotationChecker]: L801-2 has no Hoare annotation [2022-02-20 18:10:18,980 WARN L170 areAnnotationChecker]: L103 has no Hoare annotation [2022-02-20 18:10:18,980 WARN L170 areAnnotationChecker]: L103 has no Hoare annotation [2022-02-20 18:10:18,980 WARN L170 areAnnotationChecker]: L252 has no Hoare annotation [2022-02-20 18:10:18,980 WARN L170 areAnnotationChecker]: L252 has no Hoare annotation [2022-02-20 18:10:18,980 WARN L170 areAnnotationChecker]: L801-2 has no Hoare annotation [2022-02-20 18:10:18,980 WARN L170 areAnnotationChecker]: L741 has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: L310 has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: L310 has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: L114-1 has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: L114-1 has no Hoare annotation [2022-02-20 18:10:18,981 WARN L170 areAnnotationChecker]: L253 has no Hoare annotation [2022-02-20 18:10:18,982 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:18,982 WARN L170 areAnnotationChecker]: L261 has no Hoare annotation [2022-02-20 18:10:18,982 WARN L170 areAnnotationChecker]: L261 has no Hoare annotation [2022-02-20 18:10:18,982 WARN L170 areAnnotationChecker]: L261-1 has no Hoare annotation [2022-02-20 18:10:18,983 INFO L163 areAnnotationChecker]: CFG has 23 edges. 23 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:10:19,014 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:10:19 BoogieIcfgContainer [2022-02-20 18:10:19,015 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:10:19,015 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:10:19,015 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:10:19,016 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:10:19,016 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:14" (3/4) ... [2022-02-20 18:10:19,019 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:10:19,023 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:10:19,024 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:10:19,024 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:10:19,024 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:10:19,024 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:10:19,024 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:10:19,024 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:10:19,031 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 52 nodes and edges [2022-02-20 18:10:19,032 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:10:19,032 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:10:19,032 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:10:19,033 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:10:19,033 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:19,033 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:19,053 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 [2022-02-20 18:10:19,054 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive [2022-02-20 18:10:19,054 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == systemActive [2022-02-20 18:10:19,054 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || !(1 == systemActive) [2022-02-20 18:10:19,055 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive) [2022-02-20 18:10:19,056 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || \result == 1) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) [2022-02-20 18:10:19,056 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || !(1 == systemActive) [2022-02-20 18:10:19,056 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (tmp == 1 && \result == 1)) [2022-02-20 18:10:19,056 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || !(1 == systemActive) [2022-02-20 18:10:19,057 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || !(1 == systemActive) [2022-02-20 18:10:19,057 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) [2022-02-20 18:10:19,057 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || !(1 == systemActive) [2022-02-20 18:10:19,057 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || !(1 == systemActive) [2022-02-20 18:10:19,090 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:10:19,091 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:10:19,092 INFO L158 Benchmark]: Toolchain (without parser) took 5294.90ms. Allocated memory was 100.7MB in the beginning and 121.6MB in the end (delta: 21.0MB). Free memory was 78.6MB in the beginning and 59.7MB in the end (delta: 18.9MB). Peak memory consumption was 38.0MB. Max. memory is 16.1GB. [2022-02-20 18:10:19,092 INFO L158 Benchmark]: CDTParser took 0.20ms. Allocated memory is still 73.4MB. Free memory was 53.5MB in the beginning and 53.5MB in the end (delta: 35.9kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:19,092 INFO L158 Benchmark]: CACSL2BoogieTranslator took 447.28ms. Allocated memory is still 100.7MB. Free memory was 78.5MB in the beginning and 64.9MB in the end (delta: 13.6MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. [2022-02-20 18:10:19,093 INFO L158 Benchmark]: Boogie Procedure Inliner took 56.22ms. Allocated memory is still 100.7MB. Free memory was 64.7MB in the beginning and 62.0MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:19,093 INFO L158 Benchmark]: Boogie Preprocessor took 42.41ms. Allocated memory is still 100.7MB. Free memory was 62.0MB in the beginning and 60.3MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:19,093 INFO L158 Benchmark]: RCFGBuilder took 639.00ms. Allocated memory is still 100.7MB. Free memory was 60.3MB in the beginning and 63.2MB in the end (delta: -2.9MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. [2022-02-20 18:10:19,093 INFO L158 Benchmark]: TraceAbstraction took 4028.54ms. Allocated memory was 100.7MB in the beginning and 121.6MB in the end (delta: 21.0MB). Free memory was 62.3MB in the beginning and 65.0MB in the end (delta: -2.7MB). Peak memory consumption was 43.8MB. Max. memory is 16.1GB. [2022-02-20 18:10:19,094 INFO L158 Benchmark]: Witness Printer took 75.27ms. Allocated memory is still 121.6MB. Free memory was 65.0MB in the beginning and 59.7MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:19,096 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.20ms. Allocated memory is still 73.4MB. Free memory was 53.5MB in the beginning and 53.5MB in the end (delta: 35.9kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 447.28ms. Allocated memory is still 100.7MB. Free memory was 78.5MB in the beginning and 64.9MB in the end (delta: 13.6MB). Peak memory consumption was 14.7MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 56.22ms. Allocated memory is still 100.7MB. Free memory was 64.7MB in the beginning and 62.0MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 42.41ms. Allocated memory is still 100.7MB. Free memory was 62.0MB in the beginning and 60.3MB in the end (delta: 1.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 639.00ms. Allocated memory is still 100.7MB. Free memory was 60.3MB in the beginning and 63.2MB in the end (delta: -2.9MB). Peak memory consumption was 10.5MB. Max. memory is 16.1GB. * TraceAbstraction took 4028.54ms. Allocated memory was 100.7MB in the beginning and 121.6MB in the end (delta: 21.0MB). Free memory was 62.3MB in the beginning and 65.0MB in the end (delta: -2.7MB). Peak memory consumption was 43.8MB. Max. memory is 16.1GB. * Witness Printer took 75.27ms. Allocated memory is still 121.6MB. Free memory was 65.0MB in the beginning and 59.7MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 310]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 82 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.9s, OverallIterations: 5, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.5s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 362 SdHoareTripleChecker+Valid, 0.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 355 mSDsluCounter, 855 SdHoareTripleChecker+Invalid, 0.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 478 mSDsCounter, 84 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 256 IncrementalHoareTripleChecker+Invalid, 340 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 84 mSolverCounterUnsat, 377 mSDtfsCounter, 256 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 45 GetRequests, 20 SyntacticMatches, 0 SemanticMatches, 25 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 6 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=114occurred in iteration=4, InterpolantAutomatonStates: 26, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 5 MinimizatonAttempts, 22 StatesRemovedByMinimization, 1 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 39 LocationsWithAnnotation, 278 PreInvPairs, 300 NumberOfFragments, 402 HoareAnnotationTreeSize, 278 FomulaSimplifications, 40 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 39 FomulaSimplificationsInter, 625 FormulaSimplificationTreeSizeReductionInter, 0.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.4s InterpolantComputationTime, 135 NumberOfCodeBlocks, 135 NumberOfCodeBlocksAsserted, 5 NumberOfCheckSat, 130 ConstructedInterpolants, 0 QuantifiedInterpolants, 292 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 5 InterpolantComputations, 5 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 720]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 912]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || \result == 1) && ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) - InvariantResult [Line: 921]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || !(1 == systemActive) - InvariantResult [Line: 791]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 844]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || !(1 == systemActive) - InvariantResult [Line: 218]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || !(1 == systemActive) - InvariantResult [Line: 709]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 - InvariantResult [Line: 702]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 695]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 162]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || !(1 == systemActive) - InvariantResult [Line: 121]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive) - InvariantResult [Line: 251]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == systemActive - InvariantResult [Line: 306]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || !(1 == systemActive) - InvariantResult [Line: 774]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive - InvariantResult [Line: 730]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 781]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 816]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (tmp == 1 && \result == 1)) - InvariantResult [Line: 250]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 880]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || !(1 == systemActive) - InvariantResult [Line: 241]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 173]: Loop Invariant Derived loop invariant: ((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) RESULT: Ultimate proved your program to be correct! [2022-02-20 18:10:19,136 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE