./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_product23.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product23.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 0dcc4ef6dcb698eb4a1aa5e679ef93d9117968bf5497c48d873f573e0e790860 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:13,306 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:13,307 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:13,328 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:13,328 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:13,329 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:13,330 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:13,331 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:13,332 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:13,333 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:13,333 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:13,334 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:13,335 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:13,337 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:13,338 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:13,340 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:13,341 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:13,345 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:13,346 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:13,347 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:13,352 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:13,353 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:13,353 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:13,354 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:13,358 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:13,359 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:13,359 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:13,359 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:13,360 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:13,360 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:13,360 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:13,361 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:13,361 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:13,362 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:13,362 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:13,363 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:13,363 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:13,363 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:13,363 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:13,364 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:13,364 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:13,367 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:10:13,388 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:13,391 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:13,391 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:13,392 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:13,392 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:13,392 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:13,393 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:13,393 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:13,393 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:13,393 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:13,394 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:13,394 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:10:13,394 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:13,394 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:13,394 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:13,394 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:13,395 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:13,395 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:13,395 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:13,395 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:13,395 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:13,395 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:13,395 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:13,396 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:13,396 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:13,396 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:13,396 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:13,397 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:13,397 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:10:13,397 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:10:13,397 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:13,397 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:13,398 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:13,398 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 0dcc4ef6dcb698eb4a1aa5e679ef93d9117968bf5497c48d873f573e0e790860 [2022-02-20 18:10:13,602 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:13,618 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:13,620 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:13,621 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:13,621 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:13,622 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product23.cil.c [2022-02-20 18:10:13,676 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5a5454042/afd9850335974ca98ac7f8db7a962dd1/FLAGdcf220a1e [2022-02-20 18:10:14,058 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:14,059 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product23.cil.c [2022-02-20 18:10:14,069 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5a5454042/afd9850335974ca98ac7f8db7a962dd1/FLAGdcf220a1e [2022-02-20 18:10:14,078 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/5a5454042/afd9850335974ca98ac7f8db7a962dd1 [2022-02-20 18:10:14,080 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:14,081 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:14,083 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:14,083 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:14,085 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:14,086 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,087 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@7845a628 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14, skipping insertion in model container [2022-02-20 18:10:14,087 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,091 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:14,139 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:14,235 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product23.cil.c[1605,1618] [2022-02-20 18:10:14,341 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:14,363 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:14,378 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product23.cil.c[1605,1618] [2022-02-20 18:10:14,428 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:14,441 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:14,441 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14 WrapperNode [2022-02-20 18:10:14,441 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:14,443 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:14,443 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:14,443 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:14,449 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,462 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,490 INFO L137 Inliner]: procedures = 54, calls = 155, calls flagged for inlining = 22, calls inlined = 19, statements flattened = 248 [2022-02-20 18:10:14,491 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:14,492 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:14,492 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:14,492 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:14,499 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,499 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,501 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,502 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,508 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,513 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,520 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,522 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:14,535 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:14,535 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:14,536 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:14,536 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (1/1) ... [2022-02-20 18:10:14,548 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:14,558 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:14,571 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:14,574 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:14,602 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:14,602 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:14,602 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:14,602 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:14,602 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:14,603 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:14,603 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:14,603 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:14,603 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:14,604 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:10:14,604 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:10:14,604 INFO L130 BoogieDeclarations]: Found specification of procedure deactivatePump [2022-02-20 18:10:14,604 INFO L138 BoogieDeclarations]: Found implementation of procedure deactivatePump [2022-02-20 18:10:14,604 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:10:14,605 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:14,605 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:14,605 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:14,605 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:14,678 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:14,687 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:14,936 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:14,941 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:14,942 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:14,943 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:14 BoogieIcfgContainer [2022-02-20 18:10:14,943 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:14,945 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:14,945 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:14,947 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:14,947 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:14" (1/3) ... [2022-02-20 18:10:14,948 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@545efe73 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:14, skipping insertion in model container [2022-02-20 18:10:14,948 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:14" (2/3) ... [2022-02-20 18:10:14,949 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@545efe73 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:14, skipping insertion in model container [2022-02-20 18:10:14,949 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:14" (3/3) ... [2022-02-20 18:10:14,950 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product23.cil.c [2022-02-20 18:10:14,955 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:14,955 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:14,998 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:15,008 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:15,008 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:15,059 INFO L276 IsEmpty]: Start isEmpty. Operand has 86 states, 64 states have (on average 1.390625) internal successors, (89), 73 states have internal predecessors, (89), 13 states have call successors, (13), 7 states have call predecessors, (13), 7 states have return successors, (13), 9 states have call predecessors, (13), 13 states have call successors, (13) [2022-02-20 18:10:15,064 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:15,064 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:15,064 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:15,065 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:15,068 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:15,068 INFO L85 PathProgramCache]: Analyzing trace with hash 1885367060, now seen corresponding path program 1 times [2022-02-20 18:10:15,075 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:15,075 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [955020612] [2022-02-20 18:10:15,075 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:15,076 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:15,170 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:15,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {89#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {89#true} is VALID [2022-02-20 18:10:15,238 INFO L290 TraceCheckUtils]: 1: Hoare triple {89#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {89#true} is VALID [2022-02-20 18:10:15,239 INFO L290 TraceCheckUtils]: 2: Hoare triple {89#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {89#true} is VALID [2022-02-20 18:10:15,239 INFO L290 TraceCheckUtils]: 3: Hoare triple {89#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {89#true} is VALID [2022-02-20 18:10:15,240 INFO L290 TraceCheckUtils]: 4: Hoare triple {89#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {89#true} is VALID [2022-02-20 18:10:15,240 INFO L290 TraceCheckUtils]: 5: Hoare triple {89#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {89#true} is VALID [2022-02-20 18:10:15,241 INFO L290 TraceCheckUtils]: 6: Hoare triple {89#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {89#true} is VALID [2022-02-20 18:10:15,242 INFO L290 TraceCheckUtils]: 7: Hoare triple {89#true} assume false; {90#false} is VALID [2022-02-20 18:10:15,242 INFO L272 TraceCheckUtils]: 8: Hoare triple {90#false} call cleanup(); {90#false} is VALID [2022-02-20 18:10:15,242 INFO L290 TraceCheckUtils]: 9: Hoare triple {90#false} havoc ~i~0;havoc ~__cil_tmp2~0; {90#false} is VALID [2022-02-20 18:10:15,243 INFO L272 TraceCheckUtils]: 10: Hoare triple {90#false} call timeShift(); {90#false} is VALID [2022-02-20 18:10:15,243 INFO L290 TraceCheckUtils]: 11: Hoare triple {90#false} assume !(0 != ~pumpRunning~0); {90#false} is VALID [2022-02-20 18:10:15,243 INFO L290 TraceCheckUtils]: 12: Hoare triple {90#false} assume !(0 != ~systemActive~0); {90#false} is VALID [2022-02-20 18:10:15,243 INFO L290 TraceCheckUtils]: 13: Hoare triple {90#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret49#1, __utac_acc__Specification4_spec__1_#t~ret50#1, __utac_acc__Specification4_spec__1_~tmp~7#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~7#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~4#1;havoc getWaterLevel_~retValue_acc~4#1;getWaterLevel_~retValue_acc~4#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~4#1; {90#false} is VALID [2022-02-20 18:10:15,244 INFO L290 TraceCheckUtils]: 14: Hoare triple {90#false} __utac_acc__Specification4_spec__1_#t~ret49#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret49#1 && __utac_acc__Specification4_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~7#1 := __utac_acc__Specification4_spec__1_#t~ret49#1;havoc __utac_acc__Specification4_spec__1_#t~ret49#1; {90#false} is VALID [2022-02-20 18:10:15,244 INFO L290 TraceCheckUtils]: 15: Hoare triple {90#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {90#false} is VALID [2022-02-20 18:10:15,244 INFO L290 TraceCheckUtils]: 16: Hoare triple {90#false} __utac_acc__Specification4_spec__1_#t~ret50#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret50#1 && __utac_acc__Specification4_spec__1_#t~ret50#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret50#1;havoc __utac_acc__Specification4_spec__1_#t~ret50#1; {90#false} is VALID [2022-02-20 18:10:15,244 INFO L290 TraceCheckUtils]: 17: Hoare triple {90#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {90#false} is VALID [2022-02-20 18:10:15,245 INFO L290 TraceCheckUtils]: 18: Hoare triple {90#false} assume !false; {90#false} is VALID [2022-02-20 18:10:15,246 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:15,246 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:15,246 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [955020612] [2022-02-20 18:10:15,247 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [955020612] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:15,247 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:15,247 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:15,249 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1639459047] [2022-02-20 18:10:15,250 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:15,254 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:15,255 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:15,257 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,285 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:15,286 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:15,286 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:15,309 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:15,310 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:15,313 INFO L87 Difference]: Start difference. First operand has 86 states, 64 states have (on average 1.390625) internal successors, (89), 73 states have internal predecessors, (89), 13 states have call successors, (13), 7 states have call predecessors, (13), 7 states have return successors, (13), 9 states have call predecessors, (13), 13 states have call successors, (13) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,426 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:15,426 INFO L93 Difference]: Finished difference Result 164 states and 225 transitions. [2022-02-20 18:10:15,426 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:15,426 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:15,426 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:15,430 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,440 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 225 transitions. [2022-02-20 18:10:15,440 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,447 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 225 transitions. [2022-02-20 18:10:15,447 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 225 transitions. [2022-02-20 18:10:15,600 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 225 edges. 225 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:15,615 INFO L225 Difference]: With dead ends: 164 [2022-02-20 18:10:15,615 INFO L226 Difference]: Without dead ends: 77 [2022-02-20 18:10:15,618 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:15,622 INFO L933 BasicCegarLoop]: 109 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 109 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:15,624 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 109 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:15,635 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 77 states. [2022-02-20 18:10:15,652 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 77 to 77. [2022-02-20 18:10:15,652 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:15,654 INFO L82 GeneralOperation]: Start isEquivalent. First operand 77 states. Second operand has 77 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 65 states have internal predecessors, (75), 13 states have call successors, (13), 7 states have call predecessors, (13), 6 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:10:15,658 INFO L74 IsIncluded]: Start isIncluded. First operand 77 states. Second operand has 77 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 65 states have internal predecessors, (75), 13 states have call successors, (13), 7 states have call predecessors, (13), 6 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:10:15,659 INFO L87 Difference]: Start difference. First operand 77 states. Second operand has 77 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 65 states have internal predecessors, (75), 13 states have call successors, (13), 7 states have call predecessors, (13), 6 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:10:15,670 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:15,670 INFO L93 Difference]: Finished difference Result 77 states and 100 transitions. [2022-02-20 18:10:15,670 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 100 transitions. [2022-02-20 18:10:15,673 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:15,673 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:15,674 INFO L74 IsIncluded]: Start isIncluded. First operand has 77 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 65 states have internal predecessors, (75), 13 states have call successors, (13), 7 states have call predecessors, (13), 6 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) Second operand 77 states. [2022-02-20 18:10:15,675 INFO L87 Difference]: Start difference. First operand has 77 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 65 states have internal predecessors, (75), 13 states have call successors, (13), 7 states have call predecessors, (13), 6 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) Second operand 77 states. [2022-02-20 18:10:15,688 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:15,688 INFO L93 Difference]: Finished difference Result 77 states and 100 transitions. [2022-02-20 18:10:15,688 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 100 transitions. [2022-02-20 18:10:15,689 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:15,689 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:15,689 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:15,689 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:15,690 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 77 states, 57 states have (on average 1.3157894736842106) internal successors, (75), 65 states have internal predecessors, (75), 13 states have call successors, (13), 7 states have call predecessors, (13), 6 states have return successors, (12), 8 states have call predecessors, (12), 12 states have call successors, (12) [2022-02-20 18:10:15,693 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 77 states to 77 states and 100 transitions. [2022-02-20 18:10:15,694 INFO L78 Accepts]: Start accepts. Automaton has 77 states and 100 transitions. Word has length 19 [2022-02-20 18:10:15,694 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:15,694 INFO L470 AbstractCegarLoop]: Abstraction has 77 states and 100 transitions. [2022-02-20 18:10:15,695 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,695 INFO L276 IsEmpty]: Start isEmpty. Operand 77 states and 100 transitions. [2022-02-20 18:10:15,696 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:15,696 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:15,696 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:15,696 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:10:15,696 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:15,698 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:15,698 INFO L85 PathProgramCache]: Analyzing trace with hash -633787630, now seen corresponding path program 1 times [2022-02-20 18:10:15,698 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:15,698 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [945542592] [2022-02-20 18:10:15,698 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:15,698 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:15,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:15,782 INFO L290 TraceCheckUtils]: 0: Hoare triple {601#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {601#true} is VALID [2022-02-20 18:10:15,782 INFO L290 TraceCheckUtils]: 1: Hoare triple {601#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {601#true} is VALID [2022-02-20 18:10:15,782 INFO L290 TraceCheckUtils]: 2: Hoare triple {601#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {601#true} is VALID [2022-02-20 18:10:15,782 INFO L290 TraceCheckUtils]: 3: Hoare triple {601#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {601#true} is VALID [2022-02-20 18:10:15,782 INFO L290 TraceCheckUtils]: 4: Hoare triple {601#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {601#true} is VALID [2022-02-20 18:10:15,783 INFO L290 TraceCheckUtils]: 5: Hoare triple {601#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {601#true} is VALID [2022-02-20 18:10:15,783 INFO L290 TraceCheckUtils]: 6: Hoare triple {601#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {603#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:15,784 INFO L290 TraceCheckUtils]: 7: Hoare triple {603#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {603#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:15,785 INFO L290 TraceCheckUtils]: 8: Hoare triple {603#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {602#false} is VALID [2022-02-20 18:10:15,785 INFO L272 TraceCheckUtils]: 9: Hoare triple {602#false} call cleanup(); {602#false} is VALID [2022-02-20 18:10:15,785 INFO L290 TraceCheckUtils]: 10: Hoare triple {602#false} havoc ~i~0;havoc ~__cil_tmp2~0; {602#false} is VALID [2022-02-20 18:10:15,785 INFO L272 TraceCheckUtils]: 11: Hoare triple {602#false} call timeShift(); {602#false} is VALID [2022-02-20 18:10:15,785 INFO L290 TraceCheckUtils]: 12: Hoare triple {602#false} assume !(0 != ~pumpRunning~0); {602#false} is VALID [2022-02-20 18:10:15,786 INFO L290 TraceCheckUtils]: 13: Hoare triple {602#false} assume !(0 != ~systemActive~0); {602#false} is VALID [2022-02-20 18:10:15,786 INFO L290 TraceCheckUtils]: 14: Hoare triple {602#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret49#1, __utac_acc__Specification4_spec__1_#t~ret50#1, __utac_acc__Specification4_spec__1_~tmp~7#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~7#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~4#1;havoc getWaterLevel_~retValue_acc~4#1;getWaterLevel_~retValue_acc~4#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~4#1; {602#false} is VALID [2022-02-20 18:10:15,786 INFO L290 TraceCheckUtils]: 15: Hoare triple {602#false} __utac_acc__Specification4_spec__1_#t~ret49#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret49#1 && __utac_acc__Specification4_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~7#1 := __utac_acc__Specification4_spec__1_#t~ret49#1;havoc __utac_acc__Specification4_spec__1_#t~ret49#1; {602#false} is VALID [2022-02-20 18:10:15,786 INFO L290 TraceCheckUtils]: 16: Hoare triple {602#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {602#false} is VALID [2022-02-20 18:10:15,786 INFO L290 TraceCheckUtils]: 17: Hoare triple {602#false} __utac_acc__Specification4_spec__1_#t~ret50#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret50#1 && __utac_acc__Specification4_spec__1_#t~ret50#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret50#1;havoc __utac_acc__Specification4_spec__1_#t~ret50#1; {602#false} is VALID [2022-02-20 18:10:15,786 INFO L290 TraceCheckUtils]: 18: Hoare triple {602#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {602#false} is VALID [2022-02-20 18:10:15,786 INFO L290 TraceCheckUtils]: 19: Hoare triple {602#false} assume !false; {602#false} is VALID [2022-02-20 18:10:15,787 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:15,787 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:15,787 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [945542592] [2022-02-20 18:10:15,787 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [945542592] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:15,787 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:15,788 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:15,788 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1219478505] [2022-02-20 18:10:15,788 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:15,789 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:15,789 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:15,789 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,854 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:15,854 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:15,854 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:15,855 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:15,855 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:15,855 INFO L87 Difference]: Start difference. First operand 77 states and 100 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,961 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:15,962 INFO L93 Difference]: Finished difference Result 116 states and 150 transitions. [2022-02-20 18:10:15,962 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:15,962 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:15,962 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:15,963 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,967 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 150 transitions. [2022-02-20 18:10:15,968 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:15,970 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 150 transitions. [2022-02-20 18:10:15,970 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 150 transitions. [2022-02-20 18:10:16,056 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 150 edges. 150 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:16,058 INFO L225 Difference]: With dead ends: 116 [2022-02-20 18:10:16,059 INFO L226 Difference]: Without dead ends: 68 [2022-02-20 18:10:16,059 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:16,060 INFO L933 BasicCegarLoop]: 87 mSDtfsCounter, 16 mSDsluCounter, 66 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 20 SdHoareTripleChecker+Valid, 153 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:16,060 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [20 Valid, 153 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:16,061 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 68 states. [2022-02-20 18:10:16,065 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 68 to 68. [2022-02-20 18:10:16,065 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:16,065 INFO L82 GeneralOperation]: Start isEquivalent. First operand 68 states. Second operand has 68 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 59 states have internal predecessors, (68), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 6 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:16,065 INFO L74 IsIncluded]: Start isIncluded. First operand 68 states. Second operand has 68 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 59 states have internal predecessors, (68), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 6 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:16,066 INFO L87 Difference]: Start difference. First operand 68 states. Second operand has 68 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 59 states have internal predecessors, (68), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 6 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:16,068 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,068 INFO L93 Difference]: Finished difference Result 68 states and 88 transitions. [2022-02-20 18:10:16,068 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 88 transitions. [2022-02-20 18:10:16,068 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,068 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,069 INFO L74 IsIncluded]: Start isIncluded. First operand has 68 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 59 states have internal predecessors, (68), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 6 states have call predecessors, (10), 10 states have call successors, (10) Second operand 68 states. [2022-02-20 18:10:16,069 INFO L87 Difference]: Start difference. First operand has 68 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 59 states have internal predecessors, (68), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 6 states have call predecessors, (10), 10 states have call successors, (10) Second operand 68 states. [2022-02-20 18:10:16,071 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,071 INFO L93 Difference]: Finished difference Result 68 states and 88 transitions. [2022-02-20 18:10:16,071 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 88 transitions. [2022-02-20 18:10:16,072 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,072 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,072 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:16,072 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:16,072 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 68 states, 51 states have (on average 1.3333333333333333) internal successors, (68), 59 states have internal predecessors, (68), 10 states have call successors, (10), 6 states have call predecessors, (10), 6 states have return successors, (10), 6 states have call predecessors, (10), 10 states have call successors, (10) [2022-02-20 18:10:16,074 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 68 states to 68 states and 88 transitions. [2022-02-20 18:10:16,074 INFO L78 Accepts]: Start accepts. Automaton has 68 states and 88 transitions. Word has length 20 [2022-02-20 18:10:16,074 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:16,074 INFO L470 AbstractCegarLoop]: Abstraction has 68 states and 88 transitions. [2022-02-20 18:10:16,074 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,074 INFO L276 IsEmpty]: Start isEmpty. Operand 68 states and 88 transitions. [2022-02-20 18:10:16,075 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:10:16,075 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:16,075 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:16,075 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:10:16,076 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:16,076 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:16,076 INFO L85 PathProgramCache]: Analyzing trace with hash 1735953232, now seen corresponding path program 1 times [2022-02-20 18:10:16,076 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:16,076 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [945472504] [2022-02-20 18:10:16,076 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:16,076 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:16,099 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:16,158 INFO L290 TraceCheckUtils]: 0: Hoare triple {1012#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {1014#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:16,159 INFO L290 TraceCheckUtils]: 1: Hoare triple {1014#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1014#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:16,159 INFO L290 TraceCheckUtils]: 2: Hoare triple {1014#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1014#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:16,160 INFO L290 TraceCheckUtils]: 3: Hoare triple {1014#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1015#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:10:16,160 INFO L290 TraceCheckUtils]: 4: Hoare triple {1015#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1016#(= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)} is VALID [2022-02-20 18:10:16,161 INFO L290 TraceCheckUtils]: 5: Hoare triple {1016#(= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,161 INFO L290 TraceCheckUtils]: 6: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,161 INFO L290 TraceCheckUtils]: 7: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume !false; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,162 INFO L290 TraceCheckUtils]: 8: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,162 INFO L290 TraceCheckUtils]: 9: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,163 INFO L290 TraceCheckUtils]: 10: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~3#1); {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,165 INFO L290 TraceCheckUtils]: 11: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,168 INFO L290 TraceCheckUtils]: 12: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~0#1); {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,168 INFO L290 TraceCheckUtils]: 13: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,169 INFO L290 TraceCheckUtils]: 14: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___2~0#1; {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,170 INFO L272 TraceCheckUtils]: 15: Hoare triple {1017#(not (= 0 ~systemActive~0))} call timeShift(); {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,172 INFO L290 TraceCheckUtils]: 16: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {1017#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:16,172 INFO L290 TraceCheckUtils]: 17: Hoare triple {1017#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {1013#false} is VALID [2022-02-20 18:10:16,172 INFO L290 TraceCheckUtils]: 18: Hoare triple {1013#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret49#1, __utac_acc__Specification4_spec__1_#t~ret50#1, __utac_acc__Specification4_spec__1_~tmp~7#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~7#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~4#1;havoc getWaterLevel_~retValue_acc~4#1;getWaterLevel_~retValue_acc~4#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~4#1; {1013#false} is VALID [2022-02-20 18:10:16,172 INFO L290 TraceCheckUtils]: 19: Hoare triple {1013#false} __utac_acc__Specification4_spec__1_#t~ret49#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret49#1 && __utac_acc__Specification4_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~7#1 := __utac_acc__Specification4_spec__1_#t~ret49#1;havoc __utac_acc__Specification4_spec__1_#t~ret49#1; {1013#false} is VALID [2022-02-20 18:10:16,176 INFO L290 TraceCheckUtils]: 20: Hoare triple {1013#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {1013#false} is VALID [2022-02-20 18:10:16,176 INFO L290 TraceCheckUtils]: 21: Hoare triple {1013#false} __utac_acc__Specification4_spec__1_#t~ret50#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret50#1 && __utac_acc__Specification4_spec__1_#t~ret50#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret50#1;havoc __utac_acc__Specification4_spec__1_#t~ret50#1; {1013#false} is VALID [2022-02-20 18:10:16,176 INFO L290 TraceCheckUtils]: 22: Hoare triple {1013#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {1013#false} is VALID [2022-02-20 18:10:16,177 INFO L290 TraceCheckUtils]: 23: Hoare triple {1013#false} assume !false; {1013#false} is VALID [2022-02-20 18:10:16,177 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:16,177 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:16,177 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [945472504] [2022-02-20 18:10:16,177 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [945472504] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:16,177 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:16,177 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:16,177 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1373465569] [2022-02-20 18:10:16,177 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:16,178 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:16,178 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:16,178 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,196 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:16,196 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:16,196 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:16,196 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:16,196 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:16,197 INFO L87 Difference]: Start difference. First operand 68 states and 88 transitions. Second operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,633 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,633 INFO L93 Difference]: Finished difference Result 227 states and 301 transitions. [2022-02-20 18:10:16,634 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:10:16,634 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:16,634 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:16,634 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,638 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 301 transitions. [2022-02-20 18:10:16,639 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,643 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 301 transitions. [2022-02-20 18:10:16,643 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 301 transitions. [2022-02-20 18:10:16,854 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 301 edges. 301 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:16,859 INFO L225 Difference]: With dead ends: 227 [2022-02-20 18:10:16,859 INFO L226 Difference]: Without dead ends: 166 [2022-02-20 18:10:16,862 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:16,863 INFO L933 BasicCegarLoop]: 106 mSDtfsCounter, 183 mSDsluCounter, 327 mSDsCounter, 0 mSdLazyCounter, 97 mSolverCounterSat, 14 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 183 SdHoareTripleChecker+Valid, 433 SdHoareTripleChecker+Invalid, 111 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 14 IncrementalHoareTripleChecker+Valid, 97 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:16,864 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [183 Valid, 433 Invalid, 111 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [14 Valid, 97 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:16,865 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 166 states. [2022-02-20 18:10:16,874 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 166 to 160. [2022-02-20 18:10:16,874 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:16,875 INFO L82 GeneralOperation]: Start isEquivalent. First operand 166 states. Second operand has 160 states, 119 states have (on average 1.3697478991596639) internal successors, (163), 137 states have internal predecessors, (163), 24 states have call successors, (24), 16 states have call predecessors, (24), 16 states have return successors, (25), 14 states have call predecessors, (25), 24 states have call successors, (25) [2022-02-20 18:10:16,876 INFO L74 IsIncluded]: Start isIncluded. First operand 166 states. Second operand has 160 states, 119 states have (on average 1.3697478991596639) internal successors, (163), 137 states have internal predecessors, (163), 24 states have call successors, (24), 16 states have call predecessors, (24), 16 states have return successors, (25), 14 states have call predecessors, (25), 24 states have call successors, (25) [2022-02-20 18:10:16,876 INFO L87 Difference]: Start difference. First operand 166 states. Second operand has 160 states, 119 states have (on average 1.3697478991596639) internal successors, (163), 137 states have internal predecessors, (163), 24 states have call successors, (24), 16 states have call predecessors, (24), 16 states have return successors, (25), 14 states have call predecessors, (25), 24 states have call successors, (25) [2022-02-20 18:10:16,881 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,882 INFO L93 Difference]: Finished difference Result 166 states and 216 transitions. [2022-02-20 18:10:16,883 INFO L276 IsEmpty]: Start isEmpty. Operand 166 states and 216 transitions. [2022-02-20 18:10:16,883 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,883 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,885 INFO L74 IsIncluded]: Start isIncluded. First operand has 160 states, 119 states have (on average 1.3697478991596639) internal successors, (163), 137 states have internal predecessors, (163), 24 states have call successors, (24), 16 states have call predecessors, (24), 16 states have return successors, (25), 14 states have call predecessors, (25), 24 states have call successors, (25) Second operand 166 states. [2022-02-20 18:10:16,886 INFO L87 Difference]: Start difference. First operand has 160 states, 119 states have (on average 1.3697478991596639) internal successors, (163), 137 states have internal predecessors, (163), 24 states have call successors, (24), 16 states have call predecessors, (24), 16 states have return successors, (25), 14 states have call predecessors, (25), 24 states have call successors, (25) Second operand 166 states. [2022-02-20 18:10:16,891 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:16,891 INFO L93 Difference]: Finished difference Result 166 states and 216 transitions. [2022-02-20 18:10:16,891 INFO L276 IsEmpty]: Start isEmpty. Operand 166 states and 216 transitions. [2022-02-20 18:10:16,892 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:16,892 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:16,892 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:16,892 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:16,893 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 160 states, 119 states have (on average 1.3697478991596639) internal successors, (163), 137 states have internal predecessors, (163), 24 states have call successors, (24), 16 states have call predecessors, (24), 16 states have return successors, (25), 14 states have call predecessors, (25), 24 states have call successors, (25) [2022-02-20 18:10:16,899 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 160 states to 160 states and 212 transitions. [2022-02-20 18:10:16,899 INFO L78 Accepts]: Start accepts. Automaton has 160 states and 212 transitions. Word has length 24 [2022-02-20 18:10:16,899 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:16,900 INFO L470 AbstractCegarLoop]: Abstraction has 160 states and 212 transitions. [2022-02-20 18:10:16,900 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,900 INFO L276 IsEmpty]: Start isEmpty. Operand 160 states and 212 transitions. [2022-02-20 18:10:16,900 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 29 [2022-02-20 18:10:16,901 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:16,901 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:16,901 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:10:16,901 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:16,902 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:16,902 INFO L85 PathProgramCache]: Analyzing trace with hash -908810234, now seen corresponding path program 1 times [2022-02-20 18:10:16,902 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:16,902 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1525738828] [2022-02-20 18:10:16,902 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:16,902 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:16,936 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:16,980 INFO L290 TraceCheckUtils]: 0: Hoare triple {1910#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,981 INFO L290 TraceCheckUtils]: 1: Hoare triple {1912#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,981 INFO L290 TraceCheckUtils]: 2: Hoare triple {1912#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,981 INFO L290 TraceCheckUtils]: 3: Hoare triple {1912#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,982 INFO L290 TraceCheckUtils]: 4: Hoare triple {1912#(= ~waterLevel~0 1)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,982 INFO L290 TraceCheckUtils]: 5: Hoare triple {1912#(= ~waterLevel~0 1)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,982 INFO L290 TraceCheckUtils]: 6: Hoare triple {1912#(= ~waterLevel~0 1)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,983 INFO L290 TraceCheckUtils]: 7: Hoare triple {1912#(= ~waterLevel~0 1)} assume !false; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,983 INFO L290 TraceCheckUtils]: 8: Hoare triple {1912#(= ~waterLevel~0 1)} assume test_~splverifierCounter~0#1 < 4; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,983 INFO L290 TraceCheckUtils]: 9: Hoare triple {1912#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,984 INFO L290 TraceCheckUtils]: 10: Hoare triple {1912#(= ~waterLevel~0 1)} assume !(0 != test_~tmp~3#1); {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,984 INFO L290 TraceCheckUtils]: 11: Hoare triple {1912#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,984 INFO L290 TraceCheckUtils]: 12: Hoare triple {1912#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___0~0#1); {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,985 INFO L290 TraceCheckUtils]: 13: Hoare triple {1912#(= ~waterLevel~0 1)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,986 INFO L290 TraceCheckUtils]: 14: Hoare triple {1912#(= ~waterLevel~0 1)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,986 INFO L290 TraceCheckUtils]: 15: Hoare triple {1912#(= ~waterLevel~0 1)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,986 INFO L290 TraceCheckUtils]: 16: Hoare triple {1912#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,987 INFO L290 TraceCheckUtils]: 17: Hoare triple {1912#(= ~waterLevel~0 1)} ~systemActive~0 := 0; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,987 INFO L290 TraceCheckUtils]: 18: Hoare triple {1912#(= ~waterLevel~0 1)} assume { :end_inline_stopSystem } true; {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,987 INFO L272 TraceCheckUtils]: 19: Hoare triple {1912#(= ~waterLevel~0 1)} call timeShift(); {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,988 INFO L290 TraceCheckUtils]: 20: Hoare triple {1912#(= ~waterLevel~0 1)} assume !(0 != ~pumpRunning~0); {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,988 INFO L290 TraceCheckUtils]: 21: Hoare triple {1912#(= ~waterLevel~0 1)} assume !(0 != ~systemActive~0); {1912#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:16,989 INFO L290 TraceCheckUtils]: 22: Hoare triple {1912#(= ~waterLevel~0 1)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret49#1, __utac_acc__Specification4_spec__1_#t~ret50#1, __utac_acc__Specification4_spec__1_~tmp~7#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~7#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~4#1;havoc getWaterLevel_~retValue_acc~4#1;getWaterLevel_~retValue_acc~4#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~4#1; {1913#(= |timeShift_getWaterLevel_#res#1| 1)} is VALID [2022-02-20 18:10:16,989 INFO L290 TraceCheckUtils]: 23: Hoare triple {1913#(= |timeShift_getWaterLevel_#res#1| 1)} __utac_acc__Specification4_spec__1_#t~ret49#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret49#1 && __utac_acc__Specification4_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~7#1 := __utac_acc__Specification4_spec__1_#t~ret49#1;havoc __utac_acc__Specification4_spec__1_#t~ret49#1; {1914#(= (+ (- 1) |timeShift___utac_acc__Specification4_spec__1_~tmp~7#1|) 0)} is VALID [2022-02-20 18:10:16,990 INFO L290 TraceCheckUtils]: 24: Hoare triple {1914#(= (+ (- 1) |timeShift___utac_acc__Specification4_spec__1_~tmp~7#1|) 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {1911#false} is VALID [2022-02-20 18:10:16,990 INFO L290 TraceCheckUtils]: 25: Hoare triple {1911#false} __utac_acc__Specification4_spec__1_#t~ret50#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret50#1 && __utac_acc__Specification4_spec__1_#t~ret50#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret50#1;havoc __utac_acc__Specification4_spec__1_#t~ret50#1; {1911#false} is VALID [2022-02-20 18:10:16,990 INFO L290 TraceCheckUtils]: 26: Hoare triple {1911#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {1911#false} is VALID [2022-02-20 18:10:16,990 INFO L290 TraceCheckUtils]: 27: Hoare triple {1911#false} assume !false; {1911#false} is VALID [2022-02-20 18:10:16,990 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:16,991 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:16,991 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1525738828] [2022-02-20 18:10:16,991 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1525738828] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:16,991 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:16,991 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [4] imperfect sequences [] total 4 [2022-02-20 18:10:16,991 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [839250130] [2022-02-20 18:10:16,991 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:16,992 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 28 [2022-02-20 18:10:16,992 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:16,993 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,009 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 28 edges. 28 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,009 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 5 states [2022-02-20 18:10:17,009 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:17,010 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 5 interpolants. [2022-02-20 18:10:17,011 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=7, Invalid=13, Unknown=0, NotChecked=0, Total=20 [2022-02-20 18:10:17,012 INFO L87 Difference]: Start difference. First operand 160 states and 212 transitions. Second operand has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,208 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,209 INFO L93 Difference]: Finished difference Result 449 states and 617 transitions. [2022-02-20 18:10:17,209 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:17,209 INFO L78 Accepts]: Start accepts. Automaton has has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 28 [2022-02-20 18:10:17,209 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:17,209 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,213 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 247 transitions. [2022-02-20 18:10:17,213 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,216 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 247 transitions. [2022-02-20 18:10:17,216 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 247 transitions. [2022-02-20 18:10:17,352 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 247 edges. 247 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,359 INFO L225 Difference]: With dead ends: 449 [2022-02-20 18:10:17,360 INFO L226 Difference]: Without dead ends: 296 [2022-02-20 18:10:17,361 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 5 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=17, Invalid=25, Unknown=0, NotChecked=0, Total=42 [2022-02-20 18:10:17,361 INFO L933 BasicCegarLoop]: 92 mSDtfsCounter, 60 mSDsluCounter, 261 mSDsCounter, 0 mSdLazyCounter, 24 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 60 SdHoareTripleChecker+Valid, 353 SdHoareTripleChecker+Invalid, 27 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 24 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:17,362 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [60 Valid, 353 Invalid, 27 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 24 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:17,362 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 296 states. [2022-02-20 18:10:17,377 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 296 to 296. [2022-02-20 18:10:17,378 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:17,379 INFO L82 GeneralOperation]: Start isEquivalent. First operand 296 states. Second operand has 296 states, 218 states have (on average 1.348623853211009) internal successors, (294), 250 states have internal predecessors, (294), 48 states have call successors, (48), 32 states have call predecessors, (48), 29 states have return successors, (54), 25 states have call predecessors, (54), 48 states have call successors, (54) [2022-02-20 18:10:17,379 INFO L74 IsIncluded]: Start isIncluded. First operand 296 states. Second operand has 296 states, 218 states have (on average 1.348623853211009) internal successors, (294), 250 states have internal predecessors, (294), 48 states have call successors, (48), 32 states have call predecessors, (48), 29 states have return successors, (54), 25 states have call predecessors, (54), 48 states have call successors, (54) [2022-02-20 18:10:17,380 INFO L87 Difference]: Start difference. First operand 296 states. Second operand has 296 states, 218 states have (on average 1.348623853211009) internal successors, (294), 250 states have internal predecessors, (294), 48 states have call successors, (48), 32 states have call predecessors, (48), 29 states have return successors, (54), 25 states have call predecessors, (54), 48 states have call successors, (54) [2022-02-20 18:10:17,389 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,389 INFO L93 Difference]: Finished difference Result 296 states and 396 transitions. [2022-02-20 18:10:17,389 INFO L276 IsEmpty]: Start isEmpty. Operand 296 states and 396 transitions. [2022-02-20 18:10:17,390 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,390 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,391 INFO L74 IsIncluded]: Start isIncluded. First operand has 296 states, 218 states have (on average 1.348623853211009) internal successors, (294), 250 states have internal predecessors, (294), 48 states have call successors, (48), 32 states have call predecessors, (48), 29 states have return successors, (54), 25 states have call predecessors, (54), 48 states have call successors, (54) Second operand 296 states. [2022-02-20 18:10:17,392 INFO L87 Difference]: Start difference. First operand has 296 states, 218 states have (on average 1.348623853211009) internal successors, (294), 250 states have internal predecessors, (294), 48 states have call successors, (48), 32 states have call predecessors, (48), 29 states have return successors, (54), 25 states have call predecessors, (54), 48 states have call successors, (54) Second operand 296 states. [2022-02-20 18:10:17,400 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,401 INFO L93 Difference]: Finished difference Result 296 states and 396 transitions. [2022-02-20 18:10:17,401 INFO L276 IsEmpty]: Start isEmpty. Operand 296 states and 396 transitions. [2022-02-20 18:10:17,402 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,402 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,402 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:17,402 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:17,403 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 296 states, 218 states have (on average 1.348623853211009) internal successors, (294), 250 states have internal predecessors, (294), 48 states have call successors, (48), 32 states have call predecessors, (48), 29 states have return successors, (54), 25 states have call predecessors, (54), 48 states have call successors, (54) [2022-02-20 18:10:17,412 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 296 states to 296 states and 396 transitions. [2022-02-20 18:10:17,412 INFO L78 Accepts]: Start accepts. Automaton has 296 states and 396 transitions. Word has length 28 [2022-02-20 18:10:17,413 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:17,413 INFO L470 AbstractCegarLoop]: Abstraction has 296 states and 396 transitions. [2022-02-20 18:10:17,413 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 5 states, 5 states have (on average 5.4) internal successors, (27), 4 states have internal predecessors, (27), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,413 INFO L276 IsEmpty]: Start isEmpty. Operand 296 states and 396 transitions. [2022-02-20 18:10:17,414 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 31 [2022-02-20 18:10:17,414 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:17,414 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:17,414 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:10:17,415 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:17,415 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:17,415 INFO L85 PathProgramCache]: Analyzing trace with hash -89703733, now seen corresponding path program 1 times [2022-02-20 18:10:17,415 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:17,415 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [589649032] [2022-02-20 18:10:17,416 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:17,416 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:17,434 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,450 INFO L290 TraceCheckUtils]: 0: Hoare triple {3584#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,451 INFO L290 TraceCheckUtils]: 1: Hoare triple {3586#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,451 INFO L290 TraceCheckUtils]: 2: Hoare triple {3586#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,452 INFO L290 TraceCheckUtils]: 3: Hoare triple {3586#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,452 INFO L290 TraceCheckUtils]: 4: Hoare triple {3586#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,452 INFO L290 TraceCheckUtils]: 5: Hoare triple {3586#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,453 INFO L290 TraceCheckUtils]: 6: Hoare triple {3586#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,453 INFO L290 TraceCheckUtils]: 7: Hoare triple {3586#(= ~pumpRunning~0 0)} assume !false; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,453 INFO L290 TraceCheckUtils]: 8: Hoare triple {3586#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,454 INFO L290 TraceCheckUtils]: 9: Hoare triple {3586#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,454 INFO L290 TraceCheckUtils]: 10: Hoare triple {3586#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~3#1); {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,454 INFO L290 TraceCheckUtils]: 11: Hoare triple {3586#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,455 INFO L290 TraceCheckUtils]: 12: Hoare triple {3586#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,455 INFO L290 TraceCheckUtils]: 13: Hoare triple {3586#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,455 INFO L290 TraceCheckUtils]: 14: Hoare triple {3586#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,455 INFO L290 TraceCheckUtils]: 15: Hoare triple {3586#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,457 INFO L290 TraceCheckUtils]: 16: Hoare triple {3586#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,457 INFO L290 TraceCheckUtils]: 17: Hoare triple {3586#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,458 INFO L290 TraceCheckUtils]: 18: Hoare triple {3586#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,458 INFO L272 TraceCheckUtils]: 19: Hoare triple {3586#(= ~pumpRunning~0 0)} call timeShift(); {3586#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,459 INFO L290 TraceCheckUtils]: 20: Hoare triple {3586#(= ~pumpRunning~0 0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {3585#false} is VALID [2022-02-20 18:10:17,459 INFO L290 TraceCheckUtils]: 21: Hoare triple {3585#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {3585#false} is VALID [2022-02-20 18:10:17,459 INFO L290 TraceCheckUtils]: 22: Hoare triple {3585#false} assume { :end_inline_lowerWaterLevel } true; {3585#false} is VALID [2022-02-20 18:10:17,459 INFO L290 TraceCheckUtils]: 23: Hoare triple {3585#false} assume !(0 != ~systemActive~0); {3585#false} is VALID [2022-02-20 18:10:17,459 INFO L290 TraceCheckUtils]: 24: Hoare triple {3585#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret49#1, __utac_acc__Specification4_spec__1_#t~ret50#1, __utac_acc__Specification4_spec__1_~tmp~7#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~7#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~4#1;havoc getWaterLevel_~retValue_acc~4#1;getWaterLevel_~retValue_acc~4#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~4#1; {3585#false} is VALID [2022-02-20 18:10:17,459 INFO L290 TraceCheckUtils]: 25: Hoare triple {3585#false} __utac_acc__Specification4_spec__1_#t~ret49#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret49#1 && __utac_acc__Specification4_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~7#1 := __utac_acc__Specification4_spec__1_#t~ret49#1;havoc __utac_acc__Specification4_spec__1_#t~ret49#1; {3585#false} is VALID [2022-02-20 18:10:17,460 INFO L290 TraceCheckUtils]: 26: Hoare triple {3585#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {3585#false} is VALID [2022-02-20 18:10:17,460 INFO L290 TraceCheckUtils]: 27: Hoare triple {3585#false} __utac_acc__Specification4_spec__1_#t~ret50#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret50#1 && __utac_acc__Specification4_spec__1_#t~ret50#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret50#1;havoc __utac_acc__Specification4_spec__1_#t~ret50#1; {3585#false} is VALID [2022-02-20 18:10:17,460 INFO L290 TraceCheckUtils]: 28: Hoare triple {3585#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {3585#false} is VALID [2022-02-20 18:10:17,460 INFO L290 TraceCheckUtils]: 29: Hoare triple {3585#false} assume !false; {3585#false} is VALID [2022-02-20 18:10:17,460 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:17,460 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:17,461 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [589649032] [2022-02-20 18:10:17,461 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [589649032] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:17,461 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:17,461 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:17,461 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [2005279620] [2022-02-20 18:10:17,461 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:17,462 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 2 states have internal predecessors, (29), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 30 [2022-02-20 18:10:17,462 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:17,462 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 2 states have internal predecessors, (29), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,483 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 30 edges. 30 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,483 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:17,483 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:17,484 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:17,484 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:17,484 INFO L87 Difference]: Start difference. First operand 296 states and 396 transitions. Second operand has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 2 states have internal predecessors, (29), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,542 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,543 INFO L93 Difference]: Finished difference Result 504 states and 684 transitions. [2022-02-20 18:10:17,543 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:17,543 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 2 states have internal predecessors, (29), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 30 [2022-02-20 18:10:17,543 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:17,543 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 2 states have internal predecessors, (29), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,545 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 145 transitions. [2022-02-20 18:10:17,545 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 2 states have internal predecessors, (29), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,547 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 145 transitions. [2022-02-20 18:10:17,547 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 145 transitions. [2022-02-20 18:10:17,636 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 145 edges. 145 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,640 INFO L225 Difference]: With dead ends: 504 [2022-02-20 18:10:17,640 INFO L226 Difference]: Without dead ends: 215 [2022-02-20 18:10:17,641 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:17,650 INFO L933 BasicCegarLoop]: 53 mSDtfsCounter, 38 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 5 mSolverCounterSat, 3 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 38 SdHoareTripleChecker+Valid, 53 SdHoareTripleChecker+Invalid, 8 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 3 IncrementalHoareTripleChecker+Valid, 5 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:17,655 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [38 Valid, 53 Invalid, 8 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [3 Valid, 5 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:17,657 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 215 states. [2022-02-20 18:10:17,672 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 215 to 211. [2022-02-20 18:10:17,672 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:17,673 INFO L82 GeneralOperation]: Start isEquivalent. First operand 215 states. Second operand has 211 states, 161 states have (on average 1.2546583850931676) internal successors, (202), 171 states have internal predecessors, (202), 26 states have call successors, (26), 26 states have call predecessors, (26), 23 states have return successors, (28), 23 states have call predecessors, (28), 26 states have call successors, (28) [2022-02-20 18:10:17,673 INFO L74 IsIncluded]: Start isIncluded. First operand 215 states. Second operand has 211 states, 161 states have (on average 1.2546583850931676) internal successors, (202), 171 states have internal predecessors, (202), 26 states have call successors, (26), 26 states have call predecessors, (26), 23 states have return successors, (28), 23 states have call predecessors, (28), 26 states have call successors, (28) [2022-02-20 18:10:17,674 INFO L87 Difference]: Start difference. First operand 215 states. Second operand has 211 states, 161 states have (on average 1.2546583850931676) internal successors, (202), 171 states have internal predecessors, (202), 26 states have call successors, (26), 26 states have call predecessors, (26), 23 states have return successors, (28), 23 states have call predecessors, (28), 26 states have call successors, (28) [2022-02-20 18:10:17,678 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,679 INFO L93 Difference]: Finished difference Result 215 states and 260 transitions. [2022-02-20 18:10:17,679 INFO L276 IsEmpty]: Start isEmpty. Operand 215 states and 260 transitions. [2022-02-20 18:10:17,679 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,679 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,680 INFO L74 IsIncluded]: Start isIncluded. First operand has 211 states, 161 states have (on average 1.2546583850931676) internal successors, (202), 171 states have internal predecessors, (202), 26 states have call successors, (26), 26 states have call predecessors, (26), 23 states have return successors, (28), 23 states have call predecessors, (28), 26 states have call successors, (28) Second operand 215 states. [2022-02-20 18:10:17,680 INFO L87 Difference]: Start difference. First operand has 211 states, 161 states have (on average 1.2546583850931676) internal successors, (202), 171 states have internal predecessors, (202), 26 states have call successors, (26), 26 states have call predecessors, (26), 23 states have return successors, (28), 23 states have call predecessors, (28), 26 states have call successors, (28) Second operand 215 states. [2022-02-20 18:10:17,685 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,685 INFO L93 Difference]: Finished difference Result 215 states and 260 transitions. [2022-02-20 18:10:17,685 INFO L276 IsEmpty]: Start isEmpty. Operand 215 states and 260 transitions. [2022-02-20 18:10:17,686 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,686 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,686 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:17,686 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:17,686 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 211 states, 161 states have (on average 1.2546583850931676) internal successors, (202), 171 states have internal predecessors, (202), 26 states have call successors, (26), 26 states have call predecessors, (26), 23 states have return successors, (28), 23 states have call predecessors, (28), 26 states have call successors, (28) [2022-02-20 18:10:17,691 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 211 states to 211 states and 256 transitions. [2022-02-20 18:10:17,691 INFO L78 Accepts]: Start accepts. Automaton has 211 states and 256 transitions. Word has length 30 [2022-02-20 18:10:17,692 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:17,692 INFO L470 AbstractCegarLoop]: Abstraction has 211 states and 256 transitions. [2022-02-20 18:10:17,692 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.666666666666666) internal successors, (29), 2 states have internal predecessors, (29), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,692 INFO L276 IsEmpty]: Start isEmpty. Operand 211 states and 256 transitions. [2022-02-20 18:10:17,692 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 33 [2022-02-20 18:10:17,693 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:17,693 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:17,693 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:10:17,693 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:17,693 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:17,694 INFO L85 PathProgramCache]: Analyzing trace with hash 520035500, now seen corresponding path program 1 times [2022-02-20 18:10:17,694 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:17,694 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1504054130] [2022-02-20 18:10:17,694 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:17,694 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:17,713 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,751 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:17,753 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,755 INFO L290 TraceCheckUtils]: 0: Hoare triple {5034#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5026#true} is VALID [2022-02-20 18:10:17,755 INFO L290 TraceCheckUtils]: 1: Hoare triple {5026#true} assume true; {5026#true} is VALID [2022-02-20 18:10:17,757 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {5026#true} {5028#(= ~pumpRunning~0 0)} #232#return; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,757 INFO L290 TraceCheckUtils]: 0: Hoare triple {5026#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(30, 4);call #Ultimate.allocInit(9, 5);call #Ultimate.allocInit(21, 6);call #Ultimate.allocInit(30, 7);call #Ultimate.allocInit(9, 8);call #Ultimate.allocInit(21, 9);call #Ultimate.allocInit(30, 10);call #Ultimate.allocInit(9, 11);call #Ultimate.allocInit(25, 12);call #Ultimate.allocInit(30, 13);call #Ultimate.allocInit(9, 14);call #Ultimate.allocInit(25, 15);call #Ultimate.allocInit(13, 16);call #Ultimate.allocInit(7, 17);call write~init~int(44, 17, 0, 1);call write~init~int(77, 17, 1, 1);call write~init~int(101, 17, 2, 1);call write~init~int(116, 17, 3, 1);call write~init~int(104, 17, 4, 1);call write~init~int(58, 17, 5, 1);call write~init~int(0, 17, 6, 1);call #Ultimate.allocInit(5, 18);call write~init~int(67, 18, 0, 1);call write~init~int(82, 18, 1, 1);call write~init~int(73, 18, 2, 1);call write~init~int(84, 18, 3, 1);call write~init~int(0, 18, 4, 1);call #Ultimate.allocInit(3, 19);call write~init~int(79, 19, 0, 1);call write~init~int(75, 19, 1, 1);call write~init~int(0, 19, 2, 1);call #Ultimate.allocInit(2, 20);call write~init~int(41, 20, 0, 1);call write~init~int(0, 20, 1, 1);call #Ultimate.allocInit(13, 21);call #Ultimate.allocInit(3, 22);call write~init~int(79, 22, 0, 1);call write~init~int(110, 22, 1, 1);call write~init~int(0, 22, 2, 1);call #Ultimate.allocInit(4, 23);call write~init~int(79, 23, 0, 1);call write~init~int(102, 23, 1, 1);call write~init~int(102, 23, 2, 1);call write~init~int(0, 23, 3, 1);call #Ultimate.allocInit(7, 24);call write~init~int(44, 24, 0, 1);call write~init~int(80, 24, 1, 1);call write~init~int(117, 24, 2, 1);call write~init~int(109, 24, 3, 1);call write~init~int(112, 24, 4, 1);call write~init~int(58, 24, 5, 1);call write~init~int(0, 24, 6, 1);call #Ultimate.allocInit(3, 25);call write~init~int(79, 25, 0, 1);call write~init~int(110, 25, 1, 1);call write~init~int(0, 25, 2, 1);call #Ultimate.allocInit(4, 26);call write~init~int(79, 26, 0, 1);call write~init~int(102, 26, 1, 1);call write~init~int(102, 26, 2, 1);call write~init~int(0, 26, 3, 1);call #Ultimate.allocInit(3, 27);call write~init~int(41, 27, 0, 1);call write~init~int(32, 27, 1, 1);call write~init~int(0, 27, 2, 1);call #Ultimate.allocInit(2, 28);call write~init~int(10, 28, 0, 1);call write~init~int(0, 28, 1, 1);~head~0.base, ~head~0.offset := 0, 0;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~pumpRunning~0 := 0;~systemActive~0 := 1;~cleanupTimeShifts~0 := 4; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,758 INFO L290 TraceCheckUtils]: 1: Hoare triple {5028#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,758 INFO L290 TraceCheckUtils]: 2: Hoare triple {5028#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,759 INFO L290 TraceCheckUtils]: 3: Hoare triple {5028#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~7#1;havoc valid_product_~retValue_acc~7#1;valid_product_~retValue_acc~7#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~7#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,759 INFO L290 TraceCheckUtils]: 4: Hoare triple {5028#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,759 INFO L290 TraceCheckUtils]: 5: Hoare triple {5028#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,760 INFO L290 TraceCheckUtils]: 6: Hoare triple {5028#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet33#1, test_#t~nondet34#1, test_#t~nondet35#1, test_#t~nondet36#1, test_~splverifierCounter~0#1, test_~tmp~3#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~3#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,760 INFO L290 TraceCheckUtils]: 7: Hoare triple {5028#(= ~pumpRunning~0 0)} assume !false; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,760 INFO L290 TraceCheckUtils]: 8: Hoare triple {5028#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,761 INFO L290 TraceCheckUtils]: 9: Hoare triple {5028#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet33#1 && test_#t~nondet33#1 <= 2147483647;test_~tmp~3#1 := test_#t~nondet33#1;havoc test_#t~nondet33#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,761 INFO L290 TraceCheckUtils]: 10: Hoare triple {5028#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~3#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,761 INFO L272 TraceCheckUtils]: 11: Hoare triple {5028#(= ~pumpRunning~0 0)} call waterRise(); {5034#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:17,761 INFO L290 TraceCheckUtils]: 12: Hoare triple {5034#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {5026#true} is VALID [2022-02-20 18:10:17,761 INFO L290 TraceCheckUtils]: 13: Hoare triple {5026#true} assume true; {5026#true} is VALID [2022-02-20 18:10:17,762 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {5026#true} {5028#(= ~pumpRunning~0 0)} #232#return; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,762 INFO L290 TraceCheckUtils]: 15: Hoare triple {5028#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet34#1 && test_#t~nondet34#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet34#1;havoc test_#t~nondet34#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,762 INFO L290 TraceCheckUtils]: 16: Hoare triple {5028#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,763 INFO L290 TraceCheckUtils]: 17: Hoare triple {5028#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet35#1 && test_#t~nondet35#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet35#1;havoc test_#t~nondet35#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,763 INFO L290 TraceCheckUtils]: 18: Hoare triple {5028#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___2~0#1);assume -2147483648 <= test_#t~nondet36#1 && test_#t~nondet36#1 <= 2147483647;test_~tmp___1~0#1 := test_#t~nondet36#1;havoc test_#t~nondet36#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,763 INFO L290 TraceCheckUtils]: 19: Hoare triple {5028#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___1~0#1;assume { :begin_inline_stopSystem } true; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,763 INFO L290 TraceCheckUtils]: 20: Hoare triple {5028#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,764 INFO L290 TraceCheckUtils]: 21: Hoare triple {5028#(= ~pumpRunning~0 0)} ~systemActive~0 := 0; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,764 INFO L290 TraceCheckUtils]: 22: Hoare triple {5028#(= ~pumpRunning~0 0)} assume { :end_inline_stopSystem } true; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,764 INFO L272 TraceCheckUtils]: 23: Hoare triple {5028#(= ~pumpRunning~0 0)} call timeShift(); {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,765 INFO L290 TraceCheckUtils]: 24: Hoare triple {5028#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,765 INFO L290 TraceCheckUtils]: 25: Hoare triple {5028#(= ~pumpRunning~0 0)} assume !(0 != ~systemActive~0); {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,765 INFO L290 TraceCheckUtils]: 26: Hoare triple {5028#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret49#1, __utac_acc__Specification4_spec__1_#t~ret50#1, __utac_acc__Specification4_spec__1_~tmp~7#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~7#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~4#1;havoc getWaterLevel_~retValue_acc~4#1;getWaterLevel_~retValue_acc~4#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~4#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,765 INFO L290 TraceCheckUtils]: 27: Hoare triple {5028#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret49#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret49#1 && __utac_acc__Specification4_spec__1_#t~ret49#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~7#1 := __utac_acc__Specification4_spec__1_#t~ret49#1;havoc __utac_acc__Specification4_spec__1_#t~ret49#1; {5028#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:17,766 INFO L290 TraceCheckUtils]: 28: Hoare triple {5028#(= ~pumpRunning~0 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~7#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~9#1;havoc isPumpRunning_~retValue_acc~9#1;isPumpRunning_~retValue_acc~9#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~9#1; {5032#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:10:17,766 INFO L290 TraceCheckUtils]: 29: Hoare triple {5032#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification4_spec__1_#t~ret50#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret50#1 && __utac_acc__Specification4_spec__1_#t~ret50#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret50#1;havoc __utac_acc__Specification4_spec__1_#t~ret50#1; {5033#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:17,766 INFO L290 TraceCheckUtils]: 30: Hoare triple {5033#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {5027#false} is VALID [2022-02-20 18:10:17,767 INFO L290 TraceCheckUtils]: 31: Hoare triple {5027#false} assume !false; {5027#false} is VALID [2022-02-20 18:10:17,767 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:17,767 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:17,767 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1504054130] [2022-02-20 18:10:17,767 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1504054130] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:17,767 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:17,767 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [6] imperfect sequences [] total 6 [2022-02-20 18:10:17,767 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [206633102] [2022-02-20 18:10:17,767 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:17,768 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:10:17,768 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:17,768 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:17,785 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 32 edges. 32 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,785 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:17,785 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:17,785 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:17,786 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=9, Invalid=21, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:17,786 INFO L87 Difference]: Start difference. First operand 211 states and 256 transitions. Second operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:17,959 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,960 INFO L93 Difference]: Finished difference Result 226 states and 272 transitions. [2022-02-20 18:10:17,960 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 6 states. [2022-02-20 18:10:17,960 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 32 [2022-02-20 18:10:17,960 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:17,960 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:17,961 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 63 transitions. [2022-02-20 18:10:17,962 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:17,962 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 6 states to 6 states and 63 transitions. [2022-02-20 18:10:17,962 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 6 states and 63 transitions. [2022-02-20 18:10:17,999 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 63 edges. 63 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:18,000 INFO L225 Difference]: With dead ends: 226 [2022-02-20 18:10:18,000 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:10:18,000 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 11 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 7 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=27, Invalid=45, Unknown=0, NotChecked=0, Total=72 [2022-02-20 18:10:18,001 INFO L933 BasicCegarLoop]: 49 mSDtfsCounter, 53 mSDsluCounter, 101 mSDsCounter, 0 mSdLazyCounter, 54 mSolverCounterSat, 12 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 54 SdHoareTripleChecker+Valid, 150 SdHoareTripleChecker+Invalid, 66 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 12 IncrementalHoareTripleChecker+Valid, 54 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:18,001 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [54 Valid, 150 Invalid, 66 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [12 Valid, 54 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:18,002 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:10:18,002 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:10:18,002 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:18,002 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,002 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,002 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,002 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,003 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:18,003 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:18,003 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,003 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,003 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:18,003 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:18,003 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,003 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:18,003 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:18,004 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,004 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,004 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:18,004 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:18,004 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,004 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:10:18,004 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 32 [2022-02-20 18:10:18,004 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:18,005 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:10:18,005 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 4.833333333333333) internal successors, (29), 5 states have internal predecessors, (29), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:18,005 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:18,005 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,007 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:18,007 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable5 [2022-02-20 18:10:18,009 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:10:18,522 INFO L861 garLoopResultBuilder]: At program point deactivatePumpENTRY(lines 728 735) the Hoare annotation is: true [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point deactivatePumpEXIT(lines 728 735) no Hoare annotation was computed. [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point deactivatePumpFINAL(lines 728 735) no Hoare annotation was computed. [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 661 667) no Hoare annotation was computed. [2022-02-20 18:10:18,522 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 661 667) the Hoare annotation is: true [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point L462-1(lines 458 469) no Hoare annotation was computed. [2022-02-20 18:10:18,522 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 458 469) the Hoare annotation is: true [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 458 469) no Hoare annotation was computed. [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point L865(line 865) no Hoare annotation was computed. [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 854 883) no Hoare annotation was computed. [2022-02-20 18:10:18,522 INFO L861 garLoopResultBuilder]: At program point L864-2(lines 864 878) the Hoare annotation is: true [2022-02-20 18:10:18,522 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 854 883) the Hoare annotation is: true [2022-02-20 18:10:18,522 INFO L861 garLoopResultBuilder]: At program point L860(line 860) the Hoare annotation is: true [2022-02-20 18:10:18,522 INFO L858 garLoopResultBuilder]: For program point L860-1(line 860) no Hoare annotation was computed. [2022-02-20 18:10:18,523 INFO L861 garLoopResultBuilder]: At program point L879(lines 854 883) the Hoare annotation is: true [2022-02-20 18:10:18,523 INFO L858 garLoopResultBuilder]: For program point L875(line 875) no Hoare annotation was computed. [2022-02-20 18:10:18,523 INFO L858 garLoopResultBuilder]: For program point L868(lines 868 872) no Hoare annotation was computed. [2022-02-20 18:10:18,523 INFO L861 garLoopResultBuilder]: At program point L868-1(lines 868 872) the Hoare annotation is: true [2022-02-20 18:10:18,523 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 637 660) no Hoare annotation was computed. [2022-02-20 18:10:18,523 INFO L854 garLoopResultBuilder]: At program point L709(line 709) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:10:18,523 INFO L854 garLoopResultBuilder]: At program point L705(line 705) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:10:18,523 INFO L854 garLoopResultBuilder]: At program point L507(lines 502 510) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) (= |timeShift_getWaterLevel_#res#1| 1)))) [2022-02-20 18:10:18,523 INFO L854 garLoopResultBuilder]: At program point L714(line 714) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:10:18,523 INFO L854 garLoopResultBuilder]: At program point L714-1(lines 695 719) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0) (not (= 0 ~systemActive~0)))) [2022-02-20 18:10:18,523 INFO L854 garLoopResultBuilder]: At program point L743(lines 736 746) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:10:18,523 INFO L858 garLoopResultBuilder]: For program point L648-1(lines 648 654) no Hoare annotation was computed. [2022-02-20 18:10:18,523 INFO L854 garLoopResultBuilder]: At program point L475(lines 470 478) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:10:18,524 INFO L858 garLoopResultBuilder]: For program point L438(lines 438 442) no Hoare annotation was computed. [2022-02-20 18:10:18,524 INFO L858 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-02-20 18:10:18,524 INFO L854 garLoopResultBuilder]: At program point L438-2(lines 434 445) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:10:18,524 INFO L854 garLoopResultBuilder]: At program point L752(lines 747 755) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (and (= ~pumpRunning~0 0) (= |timeShift_isPumpRunning_#res#1| 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1))))) [2022-02-20 18:10:18,524 INFO L858 garLoopResultBuilder]: For program point L839(lines 839 845) no Hoare annotation was computed. [2022-02-20 18:10:18,524 INFO L858 garLoopResultBuilder]: For program point L835(lines 835 848) no Hoare annotation was computed. [2022-02-20 18:10:18,524 INFO L854 garLoopResultBuilder]: At program point L835-1(lines 827 851) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0)))) (and (or .cse0 (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) (and (= |timeShift___utac_acc__Specification4_spec__1_~tmp~7#1| 1) (= |timeShift_getWaterLevel_#res#1| 1))))) [2022-02-20 18:10:18,524 INFO L858 garLoopResultBuilder]: For program point L641-1(lines 640 659) no Hoare annotation was computed. [2022-02-20 18:10:18,524 INFO L858 garLoopResultBuilder]: For program point L703(lines 703 711) no Hoare annotation was computed. [2022-02-20 18:10:18,524 INFO L858 garLoopResultBuilder]: For program point L699(lines 699 716) no Hoare annotation was computed. [2022-02-20 18:10:18,524 INFO L854 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (not (= |old(~pumpRunning~0)| 0)) [2022-02-20 18:10:18,525 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 637 660) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (and (= ~pumpRunning~0 0) (= |old(~waterLevel~0)| ~waterLevel~0))) [2022-02-20 18:10:18,525 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 637 660) no Hoare annotation was computed. [2022-02-20 18:10:18,525 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-02-20 18:10:18,525 INFO L854 garLoopResultBuilder]: At program point L539(lines 535 541) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:18,525 INFO L861 garLoopResultBuilder]: At program point L944(lines 925 947) the Hoare annotation is: true [2022-02-20 18:10:18,525 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,525 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,525 INFO L858 garLoopResultBuilder]: For program point L573(lines 572 619) no Hoare annotation was computed. [2022-02-20 18:10:18,525 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,525 INFO L858 garLoopResultBuilder]: For program point L602(lines 602 615) no Hoare annotation was computed. [2022-02-20 18:10:18,525 INFO L854 garLoopResultBuilder]: At program point L594(line 594) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:10:18,525 INFO L854 garLoopResultBuilder]: At program point L817(line 817) the Hoare annotation is: false [2022-02-20 18:10:18,525 INFO L854 garLoopResultBuilder]: At program point L912(lines 908 914) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1) (= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)) [2022-02-20 18:10:18,526 INFO L861 garLoopResultBuilder]: At program point L623(lines 562 627) the Hoare annotation is: true [2022-02-20 18:10:18,526 INFO L858 garLoopResultBuilder]: For program point L582(lines 582 588) no Hoare annotation was computed. [2022-02-20 18:10:18,526 INFO L858 garLoopResultBuilder]: For program point L582-1(lines 582 588) no Hoare annotation was computed. [2022-02-20 18:10:18,526 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:10:18,526 INFO L858 garLoopResultBuilder]: For program point L574(lines 574 578) no Hoare annotation was computed. [2022-02-20 18:10:18,526 INFO L854 garLoopResultBuilder]: At program point L620(lines 571 621) the Hoare annotation is: false [2022-02-20 18:10:18,526 INFO L854 garLoopResultBuilder]: At program point L554(lines 549 557) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:18,526 INFO L854 garLoopResultBuilder]: At program point L546(lines 542 548) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:18,527 INFO L858 garLoopResultBuilder]: For program point L608(lines 608 614) no Hoare annotation was computed. [2022-02-20 18:10:18,527 INFO L854 garLoopResultBuilder]: At program point L608-2(lines 602 615) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:10:18,527 INFO L861 garLoopResultBuilder]: At program point L922(lines 915 924) the Hoare annotation is: true [2022-02-20 18:10:18,527 INFO L854 garLoopResultBuilder]: At program point L823(lines 811 825) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:10:18,527 INFO L858 garLoopResultBuilder]: For program point L592(lines 592 598) no Hoare annotation was computed. [2022-02-20 18:10:18,527 INFO L858 garLoopResultBuilder]: For program point L592-1(lines 592 598) no Hoare annotation was computed. [2022-02-20 18:10:18,527 INFO L858 garLoopResultBuilder]: For program point L815(lines 815 821) no Hoare annotation was computed. [2022-02-20 18:10:18,527 INFO L858 garLoopResultBuilder]: For program point L815-1(lines 815 821) no Hoare annotation was computed. [2022-02-20 18:10:18,527 INFO L854 garLoopResultBuilder]: At program point L617(lines 572 619) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:10:18,528 INFO L854 garLoopResultBuilder]: At program point L584(line 584) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) [2022-02-20 18:10:18,528 INFO L858 garLoopResultBuilder]: For program point L935(lines 935 942) no Hoare annotation was computed. [2022-02-20 18:10:18,528 INFO L858 garLoopResultBuilder]: For program point L935-2(lines 935 942) no Hoare annotation was computed. [2022-02-20 18:10:18,528 INFO L858 garLoopResultBuilder]: For program point L450-1(lines 446 457) no Hoare annotation was computed. [2022-02-20 18:10:18,528 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 446 457) no Hoare annotation was computed. [2022-02-20 18:10:18,528 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 446 457) the Hoare annotation is: (or (not (= ~pumpRunning~0 0)) (= |old(~waterLevel~0)| ~waterLevel~0)) [2022-02-20 18:10:18,528 INFO L858 garLoopResultBuilder]: For program point L673(lines 673 690) no Hoare annotation was computed. [2022-02-20 18:10:18,528 INFO L858 garLoopResultBuilder]: For program point L801(lines 801 805) no Hoare annotation was computed. [2022-02-20 18:10:18,528 INFO L858 garLoopResultBuilder]: For program point L801-2(lines 801 805) no Hoare annotation was computed. [2022-02-20 18:10:18,529 INFO L854 garLoopResultBuilder]: At program point processEnvironment__wrappee__lowWaterSensorENTRY(lines 669 693) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (= 0 ~systemActive~0)) [2022-02-20 18:10:18,529 INFO L854 garLoopResultBuilder]: At program point L688(line 688) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= ~pumpRunning~0 0) (= 0 ~systemActive~0)) [2022-02-20 18:10:18,529 INFO L858 garLoopResultBuilder]: For program point L688-1(lines 669 693) no Hoare annotation was computed. [2022-02-20 18:10:18,529 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__lowWaterSensorEXIT(lines 669 693) no Hoare annotation was computed. [2022-02-20 18:10:18,529 INFO L854 garLoopResultBuilder]: At program point L683(line 683) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:10:18,529 INFO L854 garLoopResultBuilder]: At program point L807(lines 792 810) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:10:18,529 INFO L854 garLoopResultBuilder]: At program point L679(line 679) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:10:18,529 INFO L858 garLoopResultBuilder]: For program point L677(lines 677 685) no Hoare annotation was computed. [2022-02-20 18:10:18,529 INFO L854 garLoopResultBuilder]: At program point L516(lines 511 519) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (= 0 ~systemActive~0)) [2022-02-20 18:10:18,532 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1] [2022-02-20 18:10:18,533 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:18,535 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:10:18,535 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:18,535 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:10:18,535 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:10:18,535 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: L673 has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: deactivatePumpFINAL has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: L462-1 has no Hoare annotation [2022-02-20 18:10:18,536 WARN L170 areAnnotationChecker]: L860-1 has no Hoare annotation [2022-02-20 18:10:18,537 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:10:18,537 WARN L170 areAnnotationChecker]: L438 has no Hoare annotation [2022-02-20 18:10:18,537 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:10:18,537 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:10:18,537 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:10:18,537 WARN L170 areAnnotationChecker]: L450-1 has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: L673 has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: L673 has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: deactivatePumpEXIT has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: L688-1 has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: L860-1 has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: L641-1 has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: L699 has no Hoare annotation [2022-02-20 18:10:18,538 WARN L170 areAnnotationChecker]: L699 has no Hoare annotation [2022-02-20 18:10:18,539 WARN L170 areAnnotationChecker]: L648-1 has no Hoare annotation [2022-02-20 18:10:18,539 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:10:18,539 WARN L170 areAnnotationChecker]: L801 has no Hoare annotation [2022-02-20 18:10:18,539 WARN L170 areAnnotationChecker]: L688-1 has no Hoare annotation [2022-02-20 18:10:18,539 WARN L170 areAnnotationChecker]: L648-1 has no Hoare annotation [2022-02-20 18:10:18,539 WARN L170 areAnnotationChecker]: L815-1 has no Hoare annotation [2022-02-20 18:10:18,540 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:10:18,540 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__lowWaterSensorEXIT has no Hoare annotation [2022-02-20 18:10:18,540 WARN L170 areAnnotationChecker]: L592-1 has no Hoare annotation [2022-02-20 18:10:18,540 WARN L170 areAnnotationChecker]: L865 has no Hoare annotation [2022-02-20 18:10:18,541 WARN L170 areAnnotationChecker]: L835 has no Hoare annotation [2022-02-20 18:10:18,541 WARN L170 areAnnotationChecker]: L582-1 has no Hoare annotation [2022-02-20 18:10:18,541 WARN L170 areAnnotationChecker]: L801 has no Hoare annotation [2022-02-20 18:10:18,541 WARN L170 areAnnotationChecker]: L801 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L602 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L602 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L865 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L703 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L835 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L835 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L935 has no Hoare annotation [2022-02-20 18:10:18,542 WARN L170 areAnnotationChecker]: L592 has no Hoare annotation [2022-02-20 18:10:18,543 WARN L170 areAnnotationChecker]: L592 has no Hoare annotation [2022-02-20 18:10:18,543 WARN L170 areAnnotationChecker]: L801-2 has no Hoare annotation [2022-02-20 18:10:18,543 WARN L170 areAnnotationChecker]: L608 has no Hoare annotation [2022-02-20 18:10:18,543 WARN L170 areAnnotationChecker]: L608 has no Hoare annotation [2022-02-20 18:10:18,543 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L868 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L868 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L703 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L703 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L839 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L935 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L935 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L592-1 has no Hoare annotation [2022-02-20 18:10:18,544 WARN L170 areAnnotationChecker]: L677 has no Hoare annotation [2022-02-20 18:10:18,545 WARN L170 areAnnotationChecker]: L573 has no Hoare annotation [2022-02-20 18:10:18,545 WARN L170 areAnnotationChecker]: L815 has no Hoare annotation [2022-02-20 18:10:18,545 WARN L170 areAnnotationChecker]: L815 has no Hoare annotation [2022-02-20 18:10:18,545 WARN L170 areAnnotationChecker]: L875 has no Hoare annotation [2022-02-20 18:10:18,546 WARN L170 areAnnotationChecker]: L839 has no Hoare annotation [2022-02-20 18:10:18,546 WARN L170 areAnnotationChecker]: L839 has no Hoare annotation [2022-02-20 18:10:18,546 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L935-2 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L677 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L677 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L573 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L573 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L815-1 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L935-2 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L875 has no Hoare annotation [2022-02-20 18:10:18,547 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: L688-1 has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: L688-1 has no Hoare annotation [2022-02-20 18:10:18,548 WARN L170 areAnnotationChecker]: L574 has no Hoare annotation [2022-02-20 18:10:18,549 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:18,549 WARN L170 areAnnotationChecker]: L582 has no Hoare annotation [2022-02-20 18:10:18,549 WARN L170 areAnnotationChecker]: L582 has no Hoare annotation [2022-02-20 18:10:18,549 WARN L170 areAnnotationChecker]: L582-1 has no Hoare annotation [2022-02-20 18:10:18,549 INFO L163 areAnnotationChecker]: CFG has 25 edges. 25 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:10:18,561 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:10:18 BoogieIcfgContainer [2022-02-20 18:10:18,561 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:10:18,561 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:10:18,561 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:10:18,562 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:10:18,562 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:14" (3/4) ... [2022-02-20 18:10:18,564 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:10:18,568 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure deactivatePump [2022-02-20 18:10:18,568 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:10:18,568 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:10:18,568 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:10:18,568 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:10:18,569 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:10:18,569 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__lowWaterSensor [2022-02-20 18:10:18,573 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 52 nodes and edges [2022-02-20 18:10:18,573 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:10:18,574 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:10:18,574 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:10:18,574 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:10:18,574 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:18,575 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:18,590 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 [2022-02-20 18:10:18,590 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive [2022-02-20 18:10:18,591 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:10:18,591 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && !(0 == systemActive)) [2022-02-20 18:10:18,592 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || \result == 1) [2022-02-20 18:10:18,592 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:10:18,592 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (tmp == 1 && \result == 1)) [2022-02-20 18:10:18,592 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:10:18,593 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || 0 == systemActive [2022-02-20 18:10:18,593 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel)) && (!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) [2022-02-20 18:10:18,593 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) || 0 == systemActive [2022-02-20 18:10:18,593 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: !(\old(pumpRunning) == 0) [2022-02-20 18:10:18,605 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:10:18,605 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:10:18,606 INFO L158 Benchmark]: Toolchain (without parser) took 4525.67ms. Allocated memory was 83.9MB in the beginning and 151.0MB in the end (delta: 67.1MB). Free memory was 44.0MB in the beginning and 100.1MB in the end (delta: -56.1MB). Peak memory consumption was 12.3MB. Max. memory is 16.1GB. [2022-02-20 18:10:18,607 INFO L158 Benchmark]: CDTParser took 0.10ms. Allocated memory is still 83.9MB. Free memory was 61.1MB in the beginning and 61.0MB in the end (delta: 45.3kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:18,607 INFO L158 Benchmark]: CACSL2BoogieTranslator took 358.78ms. Allocated memory was 83.9MB in the beginning and 113.2MB in the end (delta: 29.4MB). Free memory was 43.7MB in the beginning and 76.8MB in the end (delta: -33.1MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:18,607 INFO L158 Benchmark]: Boogie Procedure Inliner took 48.43ms. Allocated memory is still 113.2MB. Free memory was 76.7MB in the beginning and 73.9MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:18,607 INFO L158 Benchmark]: Boogie Preprocessor took 42.57ms. Allocated memory is still 113.2MB. Free memory was 73.9MB in the beginning and 71.8MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:18,607 INFO L158 Benchmark]: RCFGBuilder took 408.20ms. Allocated memory is still 113.2MB. Free memory was 71.8MB in the beginning and 51.6MB in the end (delta: 20.2MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:18,608 INFO L158 Benchmark]: TraceAbstraction took 3616.30ms. Allocated memory was 113.2MB in the beginning and 151.0MB in the end (delta: 37.7MB). Free memory was 50.9MB in the beginning and 105.3MB in the end (delta: -54.4MB). Peak memory consumption was 47.9MB. Max. memory is 16.1GB. [2022-02-20 18:10:18,608 INFO L158 Benchmark]: Witness Printer took 44.25ms. Allocated memory is still 151.0MB. Free memory was 105.3MB in the beginning and 100.1MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:18,609 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.10ms. Allocated memory is still 83.9MB. Free memory was 61.1MB in the beginning and 61.0MB in the end (delta: 45.3kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 358.78ms. Allocated memory was 83.9MB in the beginning and 113.2MB in the end (delta: 29.4MB). Free memory was 43.7MB in the beginning and 76.8MB in the end (delta: -33.1MB). Peak memory consumption was 8.4MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 48.43ms. Allocated memory is still 113.2MB. Free memory was 76.7MB in the beginning and 73.9MB in the end (delta: 2.7MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Preprocessor took 42.57ms. Allocated memory is still 113.2MB. Free memory was 73.9MB in the beginning and 71.8MB in the end (delta: 2.1MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 408.20ms. Allocated memory is still 113.2MB. Free memory was 71.8MB in the beginning and 51.6MB in the end (delta: 20.2MB). Peak memory consumption was 18.9MB. Max. memory is 16.1GB. * TraceAbstraction took 3616.30ms. Allocated memory was 113.2MB in the beginning and 151.0MB in the end (delta: 37.7MB). Free memory was 50.9MB in the beginning and 105.3MB in the end (delta: -54.4MB). Peak memory consumption was 47.9MB. Max. memory is 16.1GB. * Witness Printer took 44.25ms. Allocated memory is still 151.0MB. Free memory was 105.3MB in the beginning and 100.1MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 8 procedures, 86 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 3.5s, OverallIterations: 6, TraceHistogramMax: 1, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.0s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.5s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 355 SdHoareTripleChecker+Valid, 0.2s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 350 mSDsluCounter, 1251 SdHoareTripleChecker+Invalid, 0.1s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 755 mSDsCounter, 32 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 181 IncrementalHoareTripleChecker+Invalid, 213 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 32 mSolverCounterUnsat, 496 mSDtfsCounter, 181 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 33 GetRequests, 13 SyntacticMatches, 0 SemanticMatches, 20 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.1s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=296occurred in iteration=4, InterpolantAutomatonStates: 25, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.2s AutomataMinimizationTime, 6 MinimizatonAttempts, 10 StatesRemovedByMinimization, 2 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 41 LocationsWithAnnotation, 493 PreInvPairs, 559 NumberOfFragments, 306 HoareAnnotationTreeSize, 493 FomulaSimplifications, 0 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 41 FomulaSimplificationsInter, 1937 FormulaSimplificationTreeSizeReductionInter, 0.4s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.1s SatisfiabilityAnalysisTime, 0.3s InterpolantComputationTime, 153 NumberOfCodeBlocks, 153 NumberOfCodeBlocksAsserted, 6 NumberOfCheckSat, 147 ConstructedInterpolants, 0 QuantifiedInterpolants, 343 SizeOfPredicates, 0 NumberOfNonLiveVariables, 0 ConjunctsInSsa, 0 ConjunctsInUnsatCore, 6 InterpolantComputations, 6 PerfectInterpolantSequences, 0/0 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 511]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || 0 == systemActive - InvariantResult [Line: 535]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 470]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 811]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 542]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 562]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 915]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 736]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 695]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \old(waterLevel) == waterLevel) && !(0 == systemActive)) - InvariantResult [Line: 434]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 502]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || \result == 1) - InvariantResult [Line: 925]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 571]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 747]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || ((pumpRunning == 0 && \result == 0) && \old(waterLevel) == waterLevel)) && (!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) - InvariantResult [Line: 827]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) && ((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || (tmp == 1 && \result == 1)) - InvariantResult [Line: 864]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 854]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) - InvariantResult [Line: 572]: Loop Invariant Derived loop invariant: pumpRunning == 0 && splverifierCounter == 0 - InvariantResult [Line: 792]: Loop Invariant Derived loop invariant: !(\old(pumpRunning) == 0) || 0 == systemActive - InvariantResult [Line: 908]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1) && tmp == systemActive - InvariantResult [Line: 549]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 RESULT: Ultimate proved your program to be correct! [2022-02-20 18:10:18,641 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE