./Ultimate.py --spec ../sv-benchmarks/c/properties/unreach-call.prp --file ../sv-benchmarks/c/product-lines/minepump_spec4_product25.cil.c --full-output -ea --architecture 32bit -------------------------------------------------------------------------------- Checking for ERROR reachability Using default analysis Version 03d7b7b3 Calling Ultimate with: /usr/bin/java -Dosgi.configuration.area=/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/config -Xmx15G -Xms4m -ea -jar /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/org.eclipse.equinox.launcher_1.5.800.v20200727-1323.jar -data @noDefault -ultimatedata /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data -tc /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/AutomizerReach.xml -i ../sv-benchmarks/c/product-lines/minepump_spec4_product25.cil.c -s /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf --cacsl2boogietranslator.entry.function main --witnessprinter.witness.directory /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux --witnessprinter.witness.filename witness.graphml --witnessprinter.write.witness.besides.input.file false --witnessprinter.graph.data.specification CHECK( init(main()), LTL(G ! call(reach_error())) ) --witnessprinter.graph.data.producer Automizer --witnessprinter.graph.data.architecture 32bit --witnessprinter.graph.data.programhash 586e2c87093d9cb3f870b8341d8eab6b70b165e3f162b5ed0d4d08ed0a9ba515 --- Real Ultimate output --- This is Ultimate 0.2.2-dev-03d7b7b [2022-02-20 18:10:14,336 INFO L177 SettingsManager]: Resetting all preferences to default values... [2022-02-20 18:10:14,338 INFO L181 SettingsManager]: Resetting UltimateCore preferences to default values [2022-02-20 18:10:14,373 INFO L184 SettingsManager]: Ultimate Commandline Interface provides no preferences, ignoring... [2022-02-20 18:10:14,374 INFO L181 SettingsManager]: Resetting Boogie Preprocessor preferences to default values [2022-02-20 18:10:14,376 INFO L181 SettingsManager]: Resetting Boogie Procedure Inliner preferences to default values [2022-02-20 18:10:14,378 INFO L181 SettingsManager]: Resetting Abstract Interpretation preferences to default values [2022-02-20 18:10:14,380 INFO L181 SettingsManager]: Resetting LassoRanker preferences to default values [2022-02-20 18:10:14,382 INFO L181 SettingsManager]: Resetting Reaching Definitions preferences to default values [2022-02-20 18:10:14,385 INFO L181 SettingsManager]: Resetting SyntaxChecker preferences to default values [2022-02-20 18:10:14,386 INFO L181 SettingsManager]: Resetting Sifa preferences to default values [2022-02-20 18:10:14,387 INFO L184 SettingsManager]: Büchi Program Product provides no preferences, ignoring... [2022-02-20 18:10:14,387 INFO L181 SettingsManager]: Resetting LTL2Aut preferences to default values [2022-02-20 18:10:14,389 INFO L181 SettingsManager]: Resetting PEA to Boogie preferences to default values [2022-02-20 18:10:14,390 INFO L181 SettingsManager]: Resetting BlockEncodingV2 preferences to default values [2022-02-20 18:10:14,392 INFO L181 SettingsManager]: Resetting ChcToBoogie preferences to default values [2022-02-20 18:10:14,393 INFO L181 SettingsManager]: Resetting AutomataScriptInterpreter preferences to default values [2022-02-20 18:10:14,394 INFO L181 SettingsManager]: Resetting BuchiAutomizer preferences to default values [2022-02-20 18:10:14,395 INFO L181 SettingsManager]: Resetting CACSL2BoogieTranslator preferences to default values [2022-02-20 18:10:14,400 INFO L181 SettingsManager]: Resetting CodeCheck preferences to default values [2022-02-20 18:10:14,401 INFO L181 SettingsManager]: Resetting InvariantSynthesis preferences to default values [2022-02-20 18:10:14,401 INFO L181 SettingsManager]: Resetting RCFGBuilder preferences to default values [2022-02-20 18:10:14,403 INFO L181 SettingsManager]: Resetting Referee preferences to default values [2022-02-20 18:10:14,403 INFO L181 SettingsManager]: Resetting TraceAbstraction preferences to default values [2022-02-20 18:10:14,408 INFO L184 SettingsManager]: TraceAbstractionConcurrent provides no preferences, ignoring... [2022-02-20 18:10:14,409 INFO L184 SettingsManager]: TraceAbstractionWithAFAs provides no preferences, ignoring... [2022-02-20 18:10:14,409 INFO L181 SettingsManager]: Resetting TreeAutomizer preferences to default values [2022-02-20 18:10:14,410 INFO L181 SettingsManager]: Resetting IcfgToChc preferences to default values [2022-02-20 18:10:14,410 INFO L181 SettingsManager]: Resetting IcfgTransformer preferences to default values [2022-02-20 18:10:14,411 INFO L184 SettingsManager]: ReqToTest provides no preferences, ignoring... [2022-02-20 18:10:14,411 INFO L181 SettingsManager]: Resetting Boogie Printer preferences to default values [2022-02-20 18:10:14,412 INFO L181 SettingsManager]: Resetting ChcSmtPrinter preferences to default values [2022-02-20 18:10:14,413 INFO L181 SettingsManager]: Resetting ReqPrinter preferences to default values [2022-02-20 18:10:14,414 INFO L181 SettingsManager]: Resetting Witness Printer preferences to default values [2022-02-20 18:10:14,414 INFO L184 SettingsManager]: Boogie PL CUP Parser provides no preferences, ignoring... [2022-02-20 18:10:14,415 INFO L181 SettingsManager]: Resetting CDTParser preferences to default values [2022-02-20 18:10:14,415 INFO L184 SettingsManager]: AutomataScriptParser provides no preferences, ignoring... [2022-02-20 18:10:14,415 INFO L184 SettingsManager]: ReqParser provides no preferences, ignoring... [2022-02-20 18:10:14,415 INFO L181 SettingsManager]: Resetting SmtParser preferences to default values [2022-02-20 18:10:14,416 INFO L181 SettingsManager]: Resetting Witness Parser preferences to default values [2022-02-20 18:10:14,417 INFO L188 SettingsManager]: Finished resetting all preferences to default values... [2022-02-20 18:10:14,418 INFO L101 SettingsManager]: Beginning loading settings from /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/config/svcomp-Reach-32bit-Automizer_Default.epf [2022-02-20 18:10:14,441 INFO L113 SettingsManager]: Loading preferences was successful [2022-02-20 18:10:14,441 INFO L115 SettingsManager]: Preferences different from defaults after loading the file: [2022-02-20 18:10:14,442 INFO L136 SettingsManager]: Preferences of UltimateCore differ from their defaults: [2022-02-20 18:10:14,442 INFO L138 SettingsManager]: * Log level for class=de.uni_freiburg.informatik.ultimate.lib.smtlibutils.quantifier.QuantifierPusher=ERROR; [2022-02-20 18:10:14,443 INFO L136 SettingsManager]: Preferences of Boogie Procedure Inliner differ from their defaults: [2022-02-20 18:10:14,443 INFO L138 SettingsManager]: * Ignore calls to procedures called more than once=ONLY_FOR_SEQUENTIAL_PROGRAMS [2022-02-20 18:10:14,443 INFO L136 SettingsManager]: Preferences of BlockEncodingV2 differ from their defaults: [2022-02-20 18:10:14,443 INFO L138 SettingsManager]: * Create parallel compositions if possible=false [2022-02-20 18:10:14,443 INFO L138 SettingsManager]: * Use SBE=true [2022-02-20 18:10:14,444 INFO L136 SettingsManager]: Preferences of CACSL2BoogieTranslator differ from their defaults: [2022-02-20 18:10:14,444 INFO L138 SettingsManager]: * sizeof long=4 [2022-02-20 18:10:14,444 INFO L138 SettingsManager]: * Overapproximate operations on floating types=true [2022-02-20 18:10:14,445 INFO L138 SettingsManager]: * sizeof POINTER=4 [2022-02-20 18:10:14,445 INFO L138 SettingsManager]: * Check division by zero=IGNORE [2022-02-20 18:10:14,445 INFO L138 SettingsManager]: * Pointer to allocated memory at dereference=IGNORE [2022-02-20 18:10:14,445 INFO L138 SettingsManager]: * If two pointers are subtracted or compared they have the same base address=IGNORE [2022-02-20 18:10:14,445 INFO L138 SettingsManager]: * Check array bounds for arrays that are off heap=IGNORE [2022-02-20 18:10:14,445 INFO L138 SettingsManager]: * sizeof long double=12 [2022-02-20 18:10:14,445 INFO L138 SettingsManager]: * Check if freed pointer was valid=false [2022-02-20 18:10:14,446 INFO L138 SettingsManager]: * Use constant arrays=true [2022-02-20 18:10:14,446 INFO L138 SettingsManager]: * Pointer base address is valid at dereference=IGNORE [2022-02-20 18:10:14,446 INFO L136 SettingsManager]: Preferences of RCFGBuilder differ from their defaults: [2022-02-20 18:10:14,446 INFO L138 SettingsManager]: * Size of a code block=SequenceOfStatements [2022-02-20 18:10:14,446 INFO L138 SettingsManager]: * SMT solver=External_DefaultMode [2022-02-20 18:10:14,446 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:14,446 INFO L136 SettingsManager]: Preferences of TraceAbstraction differ from their defaults: [2022-02-20 18:10:14,447 INFO L138 SettingsManager]: * Compute Interpolants along a Counterexample=FPandBP [2022-02-20 18:10:14,447 INFO L138 SettingsManager]: * Positions where we compute the Hoare Annotation=LoopsAndPotentialCycles [2022-02-20 18:10:14,447 INFO L138 SettingsManager]: * Trace refinement strategy=CAMEL [2022-02-20 18:10:14,447 INFO L138 SettingsManager]: * Command for external solver=z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in [2022-02-20 18:10:14,447 INFO L138 SettingsManager]: * Large block encoding in concurrent analysis=OFF [2022-02-20 18:10:14,447 INFO L138 SettingsManager]: * Automaton type used in concurrency analysis=PETRI_NET [2022-02-20 18:10:14,448 INFO L138 SettingsManager]: * Compute Hoare Annotation of negated interpolant automaton, abstraction and CFG=true [2022-02-20 18:10:14,448 INFO L138 SettingsManager]: * SMT solver=External_ModelsAndUnsatCoreMode WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 (file:/storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/plugins/com.sun.xml.bind_2.2.0.v201505121915.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int) WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release Applying setting for plugin de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator: Entry function -> main Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness directory -> /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Witness filename -> witness.graphml Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Write witness besides input file -> false Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data specification -> CHECK( init(main()), LTL(G ! call(reach_error())) ) Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data producer -> Automizer Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data architecture -> 32bit Applying setting for plugin de.uni_freiburg.informatik.ultimate.witnessprinter: Graph data programhash -> 586e2c87093d9cb3f870b8341d8eab6b70b165e3f162b5ed0d4d08ed0a9ba515 [2022-02-20 18:10:14,667 INFO L75 nceAwareModelManager]: Repository-Root is: /tmp [2022-02-20 18:10:14,688 INFO L261 ainManager$Toolchain]: [Toolchain 1]: Applicable parser(s) successfully (re)initialized [2022-02-20 18:10:14,691 INFO L217 ainManager$Toolchain]: [Toolchain 1]: Toolchain selected. [2022-02-20 18:10:14,692 INFO L271 PluginConnector]: Initializing CDTParser... [2022-02-20 18:10:14,693 INFO L275 PluginConnector]: CDTParser initialized [2022-02-20 18:10:14,694 INFO L432 ainManager$Toolchain]: [Toolchain 1]: Parsing single file: /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/../sv-benchmarks/c/product-lines/minepump_spec4_product25.cil.c [2022-02-20 18:10:14,746 INFO L220 CDTParser]: Created temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3827f5b81/9e6759f7fb974c5a8a2a9bb27c6692eb/FLAG4c8599fee [2022-02-20 18:10:15,169 INFO L306 CDTParser]: Found 1 translation units. [2022-02-20 18:10:15,170 INFO L160 CDTParser]: Scanning /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product25.cil.c [2022-02-20 18:10:15,190 INFO L349 CDTParser]: About to delete temporary CDT project at /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3827f5b81/9e6759f7fb974c5a8a2a9bb27c6692eb/FLAG4c8599fee [2022-02-20 18:10:15,546 INFO L357 CDTParser]: Successfully deleted /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/data/3827f5b81/9e6759f7fb974c5a8a2a9bb27c6692eb [2022-02-20 18:10:15,548 INFO L299 ainManager$Toolchain]: ####################### [Toolchain 1] ####################### [2022-02-20 18:10:15,549 INFO L131 ToolchainWalker]: Walking toolchain with 6 elements. [2022-02-20 18:10:15,551 INFO L113 PluginConnector]: ------------------------CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:15,552 INFO L271 PluginConnector]: Initializing CACSL2BoogieTranslator... [2022-02-20 18:10:15,554 INFO L275 PluginConnector]: CACSL2BoogieTranslator initialized [2022-02-20 18:10:15,556 INFO L185 PluginConnector]: Executing the observer ACSLObjectContainerObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:15,562 INFO L205 PluginConnector]: Invalid model from CACSL2BoogieTranslator for observer de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator.ACSLObjectContainerObserver@6f1ae25f and model type de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15, skipping insertion in model container [2022-02-20 18:10:15,562 INFO L185 PluginConnector]: Executing the observer CACSL2BoogieTranslatorObserver from plugin CACSL2BoogieTranslator for "CDTParser AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:15,568 INFO L145 MainTranslator]: Starting translation in SV-COMP mode [2022-02-20 18:10:15,607 INFO L178 MainTranslator]: Built tables and reachable declarations [2022-02-20 18:10:15,744 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product25.cil.c[1605,1618] [2022-02-20 18:10:15,864 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:15,880 INFO L203 MainTranslator]: Completed pre-run [2022-02-20 18:10:15,889 WARN L230 ndardFunctionHandler]: Function reach_error is already implemented but we override the implementation for the call at /storage/repos/ultimate/releaseScripts/default/sv-benchmarks/c/product-lines/minepump_spec4_product25.cil.c[1605,1618] [2022-02-20 18:10:15,958 INFO L210 PostProcessor]: Analyzing one entry point: main [2022-02-20 18:10:15,980 INFO L208 MainTranslator]: Completed translation [2022-02-20 18:10:15,981 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15 WrapperNode [2022-02-20 18:10:15,981 INFO L132 PluginConnector]: ------------------------ END CACSL2BoogieTranslator---------------------------- [2022-02-20 18:10:15,982 INFO L113 PluginConnector]: ------------------------Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:15,982 INFO L271 PluginConnector]: Initializing Boogie Procedure Inliner... [2022-02-20 18:10:15,982 INFO L275 PluginConnector]: Boogie Procedure Inliner initialized [2022-02-20 18:10:15,987 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,008 INFO L185 PluginConnector]: Executing the observer Inliner from plugin Boogie Procedure Inliner for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,041 INFO L137 Inliner]: procedures = 53, calls = 151, calls flagged for inlining = 23, calls inlined = 17, statements flattened = 219 [2022-02-20 18:10:16,041 INFO L132 PluginConnector]: ------------------------ END Boogie Procedure Inliner---------------------------- [2022-02-20 18:10:16,042 INFO L113 PluginConnector]: ------------------------Boogie Preprocessor---------------------------- [2022-02-20 18:10:16,042 INFO L271 PluginConnector]: Initializing Boogie Preprocessor... [2022-02-20 18:10:16,042 INFO L275 PluginConnector]: Boogie Preprocessor initialized [2022-02-20 18:10:16,048 INFO L185 PluginConnector]: Executing the observer EnsureBoogieModelObserver from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,049 INFO L185 PluginConnector]: Executing the observer TypeChecker from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,057 INFO L185 PluginConnector]: Executing the observer ConstExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,059 INFO L185 PluginConnector]: Executing the observer StructExpander from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,076 INFO L185 PluginConnector]: Executing the observer UnstructureCode from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,079 INFO L185 PluginConnector]: Executing the observer FunctionInliner from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,081 INFO L185 PluginConnector]: Executing the observer BoogieSymbolTableConstructor from plugin Boogie Preprocessor for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,082 INFO L132 PluginConnector]: ------------------------ END Boogie Preprocessor---------------------------- [2022-02-20 18:10:16,091 INFO L113 PluginConnector]: ------------------------RCFGBuilder---------------------------- [2022-02-20 18:10:16,091 INFO L271 PluginConnector]: Initializing RCFGBuilder... [2022-02-20 18:10:16,091 INFO L275 PluginConnector]: RCFGBuilder initialized [2022-02-20 18:10:16,093 INFO L185 PluginConnector]: Executing the observer RCFGBuilderObserver from plugin RCFGBuilder for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (1/1) ... [2022-02-20 18:10:16,098 INFO L173 SolverBuilder]: Constructing external solver with command: z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 [2022-02-20 18:10:16,108 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:16,122 INFO L229 MonitoredProcess]: Starting monitored process 1 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (exit command is (exit), workingDir is null) [2022-02-20 18:10:16,127 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Waiting until timeout for monitored process [2022-02-20 18:10:16,150 INFO L130 BoogieDeclarations]: Found specification of procedure #Ultimate.allocInit [2022-02-20 18:10:16,150 INFO L130 BoogieDeclarations]: Found specification of procedure processEnvironment__wrappee__base [2022-02-20 18:10:16,150 INFO L138 BoogieDeclarations]: Found implementation of procedure processEnvironment__wrappee__base [2022-02-20 18:10:16,150 INFO L130 BoogieDeclarations]: Found specification of procedure cleanup [2022-02-20 18:10:16,150 INFO L138 BoogieDeclarations]: Found implementation of procedure cleanup [2022-02-20 18:10:16,150 INFO L130 BoogieDeclarations]: Found specification of procedure timeShift [2022-02-20 18:10:16,150 INFO L138 BoogieDeclarations]: Found implementation of procedure timeShift [2022-02-20 18:10:16,151 INFO L130 BoogieDeclarations]: Found specification of procedure waterRise [2022-02-20 18:10:16,151 INFO L138 BoogieDeclarations]: Found implementation of procedure waterRise [2022-02-20 18:10:16,151 INFO L130 BoogieDeclarations]: Found specification of procedure write~init~int [2022-02-20 18:10:16,151 INFO L130 BoogieDeclarations]: Found specification of procedure changeMethaneLevel [2022-02-20 18:10:16,151 INFO L138 BoogieDeclarations]: Found implementation of procedure changeMethaneLevel [2022-02-20 18:10:16,151 INFO L130 BoogieDeclarations]: Found specification of procedure ULTIMATE.start [2022-02-20 18:10:16,152 INFO L138 BoogieDeclarations]: Found implementation of procedure ULTIMATE.start [2022-02-20 18:10:16,204 INFO L234 CfgBuilder]: Building ICFG [2022-02-20 18:10:16,208 INFO L260 CfgBuilder]: Building CFG for each procedure with an implementation [2022-02-20 18:10:16,478 INFO L275 CfgBuilder]: Performing block encoding [2022-02-20 18:10:16,512 INFO L294 CfgBuilder]: Using the 1 location(s) as analysis (start of procedure ULTIMATE.start) [2022-02-20 18:10:16,512 INFO L299 CfgBuilder]: Removed 2 assume(true) statements. [2022-02-20 18:10:16,514 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:16 BoogieIcfgContainer [2022-02-20 18:10:16,514 INFO L132 PluginConnector]: ------------------------ END RCFGBuilder---------------------------- [2022-02-20 18:10:16,515 INFO L113 PluginConnector]: ------------------------TraceAbstraction---------------------------- [2022-02-20 18:10:16,515 INFO L271 PluginConnector]: Initializing TraceAbstraction... [2022-02-20 18:10:16,517 INFO L275 PluginConnector]: TraceAbstraction initialized [2022-02-20 18:10:16,517 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "CDTParser AST 20.02 06:10:15" (1/3) ... [2022-02-20 18:10:16,518 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@79b0cde8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:16, skipping insertion in model container [2022-02-20 18:10:16,518 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.cacsl2boogietranslator AST 20.02 06:10:15" (2/3) ... [2022-02-20 18:10:16,518 INFO L205 PluginConnector]: Invalid model from TraceAbstraction for observer de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction.TraceAbstractionObserver@79b0cde8 and model type de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction AST 20.02 06:10:16, skipping insertion in model container [2022-02-20 18:10:16,518 INFO L185 PluginConnector]: Executing the observer TraceAbstractionObserver from plugin TraceAbstraction for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:16" (3/3) ... [2022-02-20 18:10:16,519 INFO L111 eAbstractionObserver]: Analyzing ICFG minepump_spec4_product25.cil.c [2022-02-20 18:10:16,522 INFO L205 ceAbstractionStarter]: Automizer settings: Hoare:true NWA Interpolation:FPandBP Determinization: PREDICATE_ABSTRACTION [2022-02-20 18:10:16,523 INFO L164 ceAbstractionStarter]: Applying trace abstraction to program that has 1 error locations. [2022-02-20 18:10:16,580 INFO L338 AbstractCegarLoop]: ======== Iteration 0 == of CEGAR loop == AllErrorsAtOnce ======== [2022-02-20 18:10:16,587 INFO L339 AbstractCegarLoop]: Settings: SEPARATE_VIOLATION_CHECK=true, mInterprocedural=true, mMaxIterations=1000000, mWatchIteration=1000000, mArtifact=RCFG, mInterpolation=FPandBP, mInterpolantAutomaton=STRAIGHT_LINE, mDumpAutomata=false, mAutomataFormat=ATS_NUMERATE, mDumpPath=., mDeterminiation=PREDICATE_ABSTRACTION, mMinimize=MINIMIZE_SEVPA, mHoare=true, mAutomataTypeConcurrency=PETRI_NET, mHoareTripleChecks=INCREMENTAL, mHoareAnnotationPositions=LoopsAndPotentialCycles, mDumpOnlyReuseAutomata=false, mLimitTraceHistogram=0, mErrorLocTimeLimit=0, mLimitPathProgramCount=0, mCollectInterpolantStatistics=true, mHeuristicEmptinessCheck=false, mHeuristicEmptinessCheckAStarHeuristic=ZERO, mHeuristicEmptinessCheckAStarHeuristicRandomSeed=1337, mHeuristicEmptinessCheckSmtFeatureScoringMethod=DAGSIZE, mSMTFeatureExtraction=false, mSMTFeatureExtractionDumpPath=., mOverrideInterpolantAutomaton=false, mMcrInterpolantMethod=WP, mLoopAccelerationTechnique=FAST_UPR [2022-02-20 18:10:16,587 INFO L340 AbstractCegarLoop]: Starting to check reachability of 1 error locations. [2022-02-20 18:10:16,606 INFO L276 IsEmpty]: Start isEmpty. Operand has 69 states, 54 states have (on average 1.4074074074074074) internal successors, (76), 60 states have internal predecessors, (76), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) [2022-02-20 18:10:16,611 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 20 [2022-02-20 18:10:16,611 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:16,612 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:16,612 INFO L402 AbstractCegarLoop]: === Iteration 1 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:16,616 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:16,616 INFO L85 PathProgramCache]: Analyzing trace with hash 1303461530, now seen corresponding path program 1 times [2022-02-20 18:10:16,624 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:16,624 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1947235016] [2022-02-20 18:10:16,625 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:16,625 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:16,741 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:16,829 INFO L290 TraceCheckUtils]: 0: Hoare triple {72#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {72#true} is VALID [2022-02-20 18:10:16,829 INFO L290 TraceCheckUtils]: 1: Hoare triple {72#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {72#true} is VALID [2022-02-20 18:10:16,829 INFO L290 TraceCheckUtils]: 2: Hoare triple {72#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {72#true} is VALID [2022-02-20 18:10:16,830 INFO L290 TraceCheckUtils]: 3: Hoare triple {72#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {72#true} is VALID [2022-02-20 18:10:16,830 INFO L290 TraceCheckUtils]: 4: Hoare triple {72#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {72#true} is VALID [2022-02-20 18:10:16,830 INFO L290 TraceCheckUtils]: 5: Hoare triple {72#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {72#true} is VALID [2022-02-20 18:10:16,830 INFO L290 TraceCheckUtils]: 6: Hoare triple {72#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {72#true} is VALID [2022-02-20 18:10:16,831 INFO L290 TraceCheckUtils]: 7: Hoare triple {72#true} assume false; {73#false} is VALID [2022-02-20 18:10:16,832 INFO L272 TraceCheckUtils]: 8: Hoare triple {73#false} call cleanup(); {73#false} is VALID [2022-02-20 18:10:16,832 INFO L290 TraceCheckUtils]: 9: Hoare triple {73#false} havoc ~i~0;havoc ~__cil_tmp2~0; {73#false} is VALID [2022-02-20 18:10:16,832 INFO L272 TraceCheckUtils]: 10: Hoare triple {73#false} call timeShift(); {73#false} is VALID [2022-02-20 18:10:16,833 INFO L290 TraceCheckUtils]: 11: Hoare triple {73#false} assume !(0 != ~pumpRunning~0); {73#false} is VALID [2022-02-20 18:10:16,833 INFO L290 TraceCheckUtils]: 12: Hoare triple {73#false} assume !(0 != ~systemActive~0); {73#false} is VALID [2022-02-20 18:10:16,834 INFO L290 TraceCheckUtils]: 13: Hoare triple {73#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {73#false} is VALID [2022-02-20 18:10:16,834 INFO L290 TraceCheckUtils]: 14: Hoare triple {73#false} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {73#false} is VALID [2022-02-20 18:10:16,834 INFO L290 TraceCheckUtils]: 15: Hoare triple {73#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {73#false} is VALID [2022-02-20 18:10:16,834 INFO L290 TraceCheckUtils]: 16: Hoare triple {73#false} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {73#false} is VALID [2022-02-20 18:10:16,835 INFO L290 TraceCheckUtils]: 17: Hoare triple {73#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {73#false} is VALID [2022-02-20 18:10:16,835 INFO L290 TraceCheckUtils]: 18: Hoare triple {73#false} assume !false; {73#false} is VALID [2022-02-20 18:10:16,836 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:16,836 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:16,836 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1947235016] [2022-02-20 18:10:16,837 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1947235016] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:16,837 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:16,837 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [2] imperfect sequences [] total 2 [2022-02-20 18:10:16,839 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [708165008] [2022-02-20 18:10:16,839 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:16,843 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:16,844 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:16,847 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:16,882 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:16,882 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 2 states [2022-02-20 18:10:16,882 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:16,899 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 2 interpolants. [2022-02-20 18:10:16,900 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:16,903 INFO L87 Difference]: Start difference. First operand has 69 states, 54 states have (on average 1.4074074074074074) internal successors, (76), 60 states have internal predecessors, (76), 8 states have call successors, (8), 5 states have call predecessors, (8), 5 states have return successors, (8), 7 states have call predecessors, (8), 8 states have call successors, (8) Second operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,009 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,010 INFO L93 Difference]: Finished difference Result 130 states and 179 transitions. [2022-02-20 18:10:17,010 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 2 states. [2022-02-20 18:10:17,011 INFO L78 Accepts]: Start accepts. Automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 19 [2022-02-20 18:10:17,011 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:17,013 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,022 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 179 transitions. [2022-02-20 18:10:17,022 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,028 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 2 states to 2 states and 179 transitions. [2022-02-20 18:10:17,028 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 2 states and 179 transitions. [2022-02-20 18:10:17,202 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 179 edges. 179 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,210 INFO L225 Difference]: With dead ends: 130 [2022-02-20 18:10:17,210 INFO L226 Difference]: Without dead ends: 60 [2022-02-20 18:10:17,213 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 2 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 0 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=1, Invalid=1, Unknown=0, NotChecked=0, Total=2 [2022-02-20 18:10:17,216 INFO L933 BasicCegarLoop]: 86 mSDtfsCounter, 0 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 0 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 0 SdHoareTripleChecker+Valid, 86 SdHoareTripleChecker+Invalid, 0 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 0 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:17,216 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [0 Valid, 86 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 0 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:17,228 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 60 states. [2022-02-20 18:10:17,240 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 60 to 60. [2022-02-20 18:10:17,255 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:17,256 INFO L82 GeneralOperation]: Start isEquivalent. First operand 60 states. Second operand has 60 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:17,257 INFO L74 IsIncluded]: Start isIncluded. First operand 60 states. Second operand has 60 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:17,258 INFO L87 Difference]: Start difference. First operand 60 states. Second operand has 60 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:17,268 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,268 INFO L93 Difference]: Finished difference Result 60 states and 77 transitions. [2022-02-20 18:10:17,268 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 77 transitions. [2022-02-20 18:10:17,269 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,269 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,269 INFO L74 IsIncluded]: Start isIncluded. First operand has 60 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 60 states. [2022-02-20 18:10:17,270 INFO L87 Difference]: Start difference. First operand has 60 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) Second operand 60 states. [2022-02-20 18:10:17,274 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,274 INFO L93 Difference]: Finished difference Result 60 states and 77 transitions. [2022-02-20 18:10:17,274 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 77 transitions. [2022-02-20 18:10:17,275 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,275 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,275 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:17,276 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:17,276 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 60 states, 47 states have (on average 1.3191489361702127) internal successors, (62), 52 states have internal predecessors, (62), 8 states have call successors, (8), 5 states have call predecessors, (8), 4 states have return successors, (7), 6 states have call predecessors, (7), 7 states have call successors, (7) [2022-02-20 18:10:17,279 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 60 states to 60 states and 77 transitions. [2022-02-20 18:10:17,280 INFO L78 Accepts]: Start accepts. Automaton has 60 states and 77 transitions. Word has length 19 [2022-02-20 18:10:17,280 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:17,280 INFO L470 AbstractCegarLoop]: Abstraction has 60 states and 77 transitions. [2022-02-20 18:10:17,281 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 2 states, 2 states have (on average 8.5) internal successors, (17), 2 states have internal predecessors, (17), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,281 INFO L276 IsEmpty]: Start isEmpty. Operand 60 states and 77 transitions. [2022-02-20 18:10:17,282 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 21 [2022-02-20 18:10:17,282 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:17,282 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:17,282 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable0 [2022-02-20 18:10:17,282 INFO L402 AbstractCegarLoop]: === Iteration 2 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:17,283 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:17,283 INFO L85 PathProgramCache]: Analyzing trace with hash 626328786, now seen corresponding path program 1 times [2022-02-20 18:10:17,283 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:17,283 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [126580429] [2022-02-20 18:10:17,283 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:17,284 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:17,329 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,363 INFO L290 TraceCheckUtils]: 0: Hoare triple {472#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {472#true} is VALID [2022-02-20 18:10:17,363 INFO L290 TraceCheckUtils]: 1: Hoare triple {472#true} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {472#true} is VALID [2022-02-20 18:10:17,363 INFO L290 TraceCheckUtils]: 2: Hoare triple {472#true} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {472#true} is VALID [2022-02-20 18:10:17,363 INFO L290 TraceCheckUtils]: 3: Hoare triple {472#true} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {472#true} is VALID [2022-02-20 18:10:17,364 INFO L290 TraceCheckUtils]: 4: Hoare triple {472#true} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {472#true} is VALID [2022-02-20 18:10:17,364 INFO L290 TraceCheckUtils]: 5: Hoare triple {472#true} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {472#true} is VALID [2022-02-20 18:10:17,364 INFO L290 TraceCheckUtils]: 6: Hoare triple {472#true} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {474#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:17,365 INFO L290 TraceCheckUtils]: 7: Hoare triple {474#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !false; {474#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} is VALID [2022-02-20 18:10:17,365 INFO L290 TraceCheckUtils]: 8: Hoare triple {474#(= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)} assume !(test_~splverifierCounter~0#1 < 4); {473#false} is VALID [2022-02-20 18:10:17,365 INFO L272 TraceCheckUtils]: 9: Hoare triple {473#false} call cleanup(); {473#false} is VALID [2022-02-20 18:10:17,365 INFO L290 TraceCheckUtils]: 10: Hoare triple {473#false} havoc ~i~0;havoc ~__cil_tmp2~0; {473#false} is VALID [2022-02-20 18:10:17,366 INFO L272 TraceCheckUtils]: 11: Hoare triple {473#false} call timeShift(); {473#false} is VALID [2022-02-20 18:10:17,366 INFO L290 TraceCheckUtils]: 12: Hoare triple {473#false} assume !(0 != ~pumpRunning~0); {473#false} is VALID [2022-02-20 18:10:17,366 INFO L290 TraceCheckUtils]: 13: Hoare triple {473#false} assume !(0 != ~systemActive~0); {473#false} is VALID [2022-02-20 18:10:17,367 INFO L290 TraceCheckUtils]: 14: Hoare triple {473#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {473#false} is VALID [2022-02-20 18:10:17,367 INFO L290 TraceCheckUtils]: 15: Hoare triple {473#false} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {473#false} is VALID [2022-02-20 18:10:17,367 INFO L290 TraceCheckUtils]: 16: Hoare triple {473#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {473#false} is VALID [2022-02-20 18:10:17,367 INFO L290 TraceCheckUtils]: 17: Hoare triple {473#false} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {473#false} is VALID [2022-02-20 18:10:17,367 INFO L290 TraceCheckUtils]: 18: Hoare triple {473#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {473#false} is VALID [2022-02-20 18:10:17,367 INFO L290 TraceCheckUtils]: 19: Hoare triple {473#false} assume !false; {473#false} is VALID [2022-02-20 18:10:17,368 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:17,368 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:17,368 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [126580429] [2022-02-20 18:10:17,369 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [126580429] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:17,369 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:17,369 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:17,369 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [417321603] [2022-02-20 18:10:17,369 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:17,371 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:17,371 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:17,371 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,386 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 20 edges. 20 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,387 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:17,387 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:17,388 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:17,388 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:17,388 INFO L87 Difference]: Start difference. First operand 60 states and 77 transitions. Second operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,474 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,475 INFO L93 Difference]: Finished difference Result 86 states and 110 transitions. [2022-02-20 18:10:17,475 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:17,475 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 20 [2022-02-20 18:10:17,476 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:17,476 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,480 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 110 transitions. [2022-02-20 18:10:17,481 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,483 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 110 transitions. [2022-02-20 18:10:17,483 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 110 transitions. [2022-02-20 18:10:17,571 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 110 edges. 110 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,573 INFO L225 Difference]: With dead ends: 86 [2022-02-20 18:10:17,573 INFO L226 Difference]: Without dead ends: 51 [2022-02-20 18:10:17,574 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 3 GetRequests, 2 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:17,575 INFO L933 BasicCegarLoop]: 64 mSDtfsCounter, 12 mSDsluCounter, 48 mSDsCounter, 0 mSdLazyCounter, 1 mSolverCounterSat, 0 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 15 SdHoareTripleChecker+Valid, 112 SdHoareTripleChecker+Invalid, 1 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Valid, 1 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:17,575 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [15 Valid, 112 Invalid, 1 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [0 Valid, 1 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:17,576 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 51 states. [2022-02-20 18:10:17,579 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 51 to 51. [2022-02-20 18:10:17,580 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:17,580 INFO L82 GeneralOperation]: Start isEquivalent. First operand 51 states. Second operand has 51 states, 41 states have (on average 1.3414634146341464) internal successors, (55), 46 states have internal predecessors, (55), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:17,580 INFO L74 IsIncluded]: Start isIncluded. First operand 51 states. Second operand has 51 states, 41 states have (on average 1.3414634146341464) internal successors, (55), 46 states have internal predecessors, (55), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:17,581 INFO L87 Difference]: Start difference. First operand 51 states. Second operand has 51 states, 41 states have (on average 1.3414634146341464) internal successors, (55), 46 states have internal predecessors, (55), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:17,583 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,583 INFO L93 Difference]: Finished difference Result 51 states and 65 transitions. [2022-02-20 18:10:17,583 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 65 transitions. [2022-02-20 18:10:17,584 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,584 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,584 INFO L74 IsIncluded]: Start isIncluded. First operand has 51 states, 41 states have (on average 1.3414634146341464) internal successors, (55), 46 states have internal predecessors, (55), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 51 states. [2022-02-20 18:10:17,585 INFO L87 Difference]: Start difference. First operand has 51 states, 41 states have (on average 1.3414634146341464) internal successors, (55), 46 states have internal predecessors, (55), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 51 states. [2022-02-20 18:10:17,587 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,587 INFO L93 Difference]: Finished difference Result 51 states and 65 transitions. [2022-02-20 18:10:17,587 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 65 transitions. [2022-02-20 18:10:17,587 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:17,588 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:17,588 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:17,588 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:17,588 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 51 states, 41 states have (on average 1.3414634146341464) internal successors, (55), 46 states have internal predecessors, (55), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:17,590 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 51 states to 51 states and 65 transitions. [2022-02-20 18:10:17,590 INFO L78 Accepts]: Start accepts. Automaton has 51 states and 65 transitions. Word has length 20 [2022-02-20 18:10:17,590 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:17,590 INFO L470 AbstractCegarLoop]: Abstraction has 51 states and 65 transitions. [2022-02-20 18:10:17,590 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 6.0) internal successors, (18), 3 states have internal predecessors, (18), 1 states have call successors, (2), 1 states have call predecessors, (2), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,590 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 65 transitions. [2022-02-20 18:10:17,591 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 25 [2022-02-20 18:10:17,593 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:17,593 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:17,594 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable1 [2022-02-20 18:10:17,594 INFO L402 AbstractCegarLoop]: === Iteration 3 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:17,594 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:17,595 INFO L85 PathProgramCache]: Analyzing trace with hash -1992386770, now seen corresponding path program 1 times [2022-02-20 18:10:17,595 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:17,595 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1031056505] [2022-02-20 18:10:17,595 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:17,595 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:17,623 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:17,683 INFO L290 TraceCheckUtils]: 0: Hoare triple {777#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {779#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:17,683 INFO L290 TraceCheckUtils]: 1: Hoare triple {779#(= 1 ~systemActive~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {779#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:17,684 INFO L290 TraceCheckUtils]: 2: Hoare triple {779#(= 1 ~systemActive~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {779#(= 1 ~systemActive~0)} is VALID [2022-02-20 18:10:17,685 INFO L290 TraceCheckUtils]: 3: Hoare triple {779#(= 1 ~systemActive~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {780#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} is VALID [2022-02-20 18:10:17,685 INFO L290 TraceCheckUtils]: 4: Hoare triple {780#(= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {781#(= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)} is VALID [2022-02-20 18:10:17,686 INFO L290 TraceCheckUtils]: 5: Hoare triple {781#(= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,686 INFO L290 TraceCheckUtils]: 6: Hoare triple {782#(not (= 0 ~systemActive~0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,686 INFO L290 TraceCheckUtils]: 7: Hoare triple {782#(not (= 0 ~systemActive~0))} assume !false; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,687 INFO L290 TraceCheckUtils]: 8: Hoare triple {782#(not (= 0 ~systemActive~0))} assume test_~splverifierCounter~0#1 < 4; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,687 INFO L290 TraceCheckUtils]: 9: Hoare triple {782#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,688 INFO L290 TraceCheckUtils]: 10: Hoare triple {782#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp~0#1); {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,691 INFO L290 TraceCheckUtils]: 11: Hoare triple {782#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,691 INFO L290 TraceCheckUtils]: 12: Hoare triple {782#(not (= 0 ~systemActive~0))} assume !(0 != test_~tmp___0~0#1); {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,692 INFO L290 TraceCheckUtils]: 13: Hoare triple {782#(not (= 0 ~systemActive~0))} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,692 INFO L290 TraceCheckUtils]: 14: Hoare triple {782#(not (= 0 ~systemActive~0))} assume 0 != test_~tmp___2~0#1; {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,695 INFO L272 TraceCheckUtils]: 15: Hoare triple {782#(not (= 0 ~systemActive~0))} call timeShift(); {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,695 INFO L290 TraceCheckUtils]: 16: Hoare triple {782#(not (= 0 ~systemActive~0))} assume !(0 != ~pumpRunning~0); {782#(not (= 0 ~systemActive~0))} is VALID [2022-02-20 18:10:17,697 INFO L290 TraceCheckUtils]: 17: Hoare triple {782#(not (= 0 ~systemActive~0))} assume !(0 != ~systemActive~0); {778#false} is VALID [2022-02-20 18:10:17,697 INFO L290 TraceCheckUtils]: 18: Hoare triple {778#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {778#false} is VALID [2022-02-20 18:10:17,697 INFO L290 TraceCheckUtils]: 19: Hoare triple {778#false} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {778#false} is VALID [2022-02-20 18:10:17,697 INFO L290 TraceCheckUtils]: 20: Hoare triple {778#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {778#false} is VALID [2022-02-20 18:10:17,697 INFO L290 TraceCheckUtils]: 21: Hoare triple {778#false} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {778#false} is VALID [2022-02-20 18:10:17,697 INFO L290 TraceCheckUtils]: 22: Hoare triple {778#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {778#false} is VALID [2022-02-20 18:10:17,698 INFO L290 TraceCheckUtils]: 23: Hoare triple {778#false} assume !false; {778#false} is VALID [2022-02-20 18:10:17,698 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:17,698 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:17,698 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1031056505] [2022-02-20 18:10:17,698 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1031056505] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:17,698 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:17,698 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [5] imperfect sequences [] total 5 [2022-02-20 18:10:17,699 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1519699877] [2022-02-20 18:10:17,699 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:17,699 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:17,699 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:17,699 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,716 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 24 edges. 24 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:17,716 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 6 states [2022-02-20 18:10:17,717 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:17,718 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 6 interpolants. [2022-02-20 18:10:17,719 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=10, Invalid=20, Unknown=0, NotChecked=0, Total=30 [2022-02-20 18:10:17,719 INFO L87 Difference]: Start difference. First operand 51 states and 65 transitions. Second operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,938 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:17,938 INFO L93 Difference]: Finished difference Result 95 states and 124 transitions. [2022-02-20 18:10:17,938 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 5 states. [2022-02-20 18:10:17,939 INFO L78 Accepts]: Start accepts. Automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Word has length 24 [2022-02-20 18:10:17,939 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:17,940 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,944 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 124 transitions. [2022-02-20 18:10:17,944 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:17,947 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 5 states to 5 states and 124 transitions. [2022-02-20 18:10:17,948 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 5 states and 124 transitions. [2022-02-20 18:10:18,051 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 124 edges. 124 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:18,054 INFO L225 Difference]: With dead ends: 95 [2022-02-20 18:10:18,055 INFO L226 Difference]: Without dead ends: 51 [2022-02-20 18:10:18,057 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 7 GetRequests, 1 SyntacticMatches, 0 SemanticMatches, 6 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=22, Invalid=34, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:18,062 INFO L933 BasicCegarLoop]: 58 mSDtfsCounter, 131 mSDsluCounter, 70 mSDsCounter, 0 mSdLazyCounter, 25 mSolverCounterSat, 19 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 131 SdHoareTripleChecker+Valid, 128 SdHoareTripleChecker+Invalid, 44 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 19 IncrementalHoareTripleChecker+Valid, 25 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:18,063 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [131 Valid, 128 Invalid, 44 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [19 Valid, 25 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:18,064 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 51 states. [2022-02-20 18:10:18,073 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 51 to 51. [2022-02-20 18:10:18,073 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:18,074 INFO L82 GeneralOperation]: Start isEquivalent. First operand 51 states. Second operand has 51 states, 41 states have (on average 1.3170731707317074) internal successors, (54), 46 states have internal predecessors, (54), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:18,075 INFO L74 IsIncluded]: Start isIncluded. First operand 51 states. Second operand has 51 states, 41 states have (on average 1.3170731707317074) internal successors, (54), 46 states have internal predecessors, (54), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:18,076 INFO L87 Difference]: Start difference. First operand 51 states. Second operand has 51 states, 41 states have (on average 1.3170731707317074) internal successors, (54), 46 states have internal predecessors, (54), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:18,079 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,079 INFO L93 Difference]: Finished difference Result 51 states and 64 transitions. [2022-02-20 18:10:18,079 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 64 transitions. [2022-02-20 18:10:18,082 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,082 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,083 INFO L74 IsIncluded]: Start isIncluded. First operand has 51 states, 41 states have (on average 1.3170731707317074) internal successors, (54), 46 states have internal predecessors, (54), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 51 states. [2022-02-20 18:10:18,083 INFO L87 Difference]: Start difference. First operand has 51 states, 41 states have (on average 1.3170731707317074) internal successors, (54), 46 states have internal predecessors, (54), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) Second operand 51 states. [2022-02-20 18:10:18,085 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,085 INFO L93 Difference]: Finished difference Result 51 states and 64 transitions. [2022-02-20 18:10:18,086 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 64 transitions. [2022-02-20 18:10:18,087 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,087 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,087 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:18,087 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:18,088 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 51 states, 41 states have (on average 1.3170731707317074) internal successors, (54), 46 states have internal predecessors, (54), 5 states have call successors, (5), 4 states have call predecessors, (5), 4 states have return successors, (5), 4 states have call predecessors, (5), 5 states have call successors, (5) [2022-02-20 18:10:18,091 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 51 states to 51 states and 64 transitions. [2022-02-20 18:10:18,092 INFO L78 Accepts]: Start accepts. Automaton has 51 states and 64 transitions. Word has length 24 [2022-02-20 18:10:18,092 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:18,092 INFO L470 AbstractCegarLoop]: Abstraction has 51 states and 64 transitions. [2022-02-20 18:10:18,092 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 6 states, 6 states have (on average 3.8333333333333335) internal successors, (23), 5 states have internal predecessors, (23), 1 states have call successors, (1), 1 states have call predecessors, (1), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:18,093 INFO L276 IsEmpty]: Start isEmpty. Operand 51 states and 64 transitions. [2022-02-20 18:10:18,094 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 30 [2022-02-20 18:10:18,094 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:18,094 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:18,094 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable2 [2022-02-20 18:10:18,095 INFO L402 AbstractCegarLoop]: === Iteration 4 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:18,096 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:18,096 INFO L85 PathProgramCache]: Analyzing trace with hash 19457872, now seen corresponding path program 1 times [2022-02-20 18:10:18,096 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:18,096 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1710707264] [2022-02-20 18:10:18,097 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:18,097 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:18,140 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:18,215 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:10:18,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:18,223 INFO L290 TraceCheckUtils]: 0: Hoare triple {1099#true} assume true; {1099#true} is VALID [2022-02-20 18:10:18,224 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1099#true} {1104#(not (= ~waterLevel~0 0))} #196#return; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,225 INFO L290 TraceCheckUtils]: 0: Hoare triple {1099#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {1101#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:18,225 INFO L290 TraceCheckUtils]: 1: Hoare triple {1101#(= ~waterLevel~0 1)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1101#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:18,225 INFO L290 TraceCheckUtils]: 2: Hoare triple {1101#(= ~waterLevel~0 1)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1101#(= ~waterLevel~0 1)} is VALID [2022-02-20 18:10:18,226 INFO L290 TraceCheckUtils]: 3: Hoare triple {1101#(= ~waterLevel~0 1)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1102#(= |ULTIMATE.start_valid_product_#res#1| ~waterLevel~0)} is VALID [2022-02-20 18:10:18,226 INFO L290 TraceCheckUtils]: 4: Hoare triple {1102#(= |ULTIMATE.start_valid_product_#res#1| ~waterLevel~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1103#(= ~waterLevel~0 |ULTIMATE.start_main_~tmp~8#1|)} is VALID [2022-02-20 18:10:18,227 INFO L290 TraceCheckUtils]: 5: Hoare triple {1103#(= ~waterLevel~0 |ULTIMATE.start_main_~tmp~8#1|)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,227 INFO L290 TraceCheckUtils]: 6: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,227 INFO L290 TraceCheckUtils]: 7: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume !false; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,228 INFO L290 TraceCheckUtils]: 8: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume test_~splverifierCounter~0#1 < 4; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,229 INFO L290 TraceCheckUtils]: 9: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,229 INFO L290 TraceCheckUtils]: 10: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp~0#1); {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,229 INFO L290 TraceCheckUtils]: 11: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,230 INFO L290 TraceCheckUtils]: 12: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume !(0 != test_~tmp___0~0#1); {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,230 INFO L290 TraceCheckUtils]: 13: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,230 INFO L290 TraceCheckUtils]: 14: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume 0 != test_~tmp___2~0#1; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,231 INFO L272 TraceCheckUtils]: 15: Hoare triple {1104#(not (= ~waterLevel~0 0))} call timeShift(); {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,231 INFO L290 TraceCheckUtils]: 16: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume !(0 != ~pumpRunning~0); {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,232 INFO L290 TraceCheckUtils]: 17: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,232 INFO L290 TraceCheckUtils]: 18: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume !(0 != ~pumpRunning~0); {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,233 INFO L272 TraceCheckUtils]: 19: Hoare triple {1104#(not (= ~waterLevel~0 0))} call processEnvironment__wrappee__base(); {1099#true} is VALID [2022-02-20 18:10:18,233 INFO L290 TraceCheckUtils]: 20: Hoare triple {1099#true} assume true; {1099#true} is VALID [2022-02-20 18:10:18,233 INFO L284 TraceCheckUtils]: 21: Hoare quadruple {1099#true} {1104#(not (= ~waterLevel~0 0))} #196#return; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,234 INFO L290 TraceCheckUtils]: 22: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume { :end_inline_processEnvironment } true; {1104#(not (= ~waterLevel~0 0))} is VALID [2022-02-20 18:10:18,234 INFO L290 TraceCheckUtils]: 23: Hoare triple {1104#(not (= ~waterLevel~0 0))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {1107#(not (= |timeShift_getWaterLevel_#res#1| 0))} is VALID [2022-02-20 18:10:18,234 INFO L290 TraceCheckUtils]: 24: Hoare triple {1107#(not (= |timeShift_getWaterLevel_#res#1| 0))} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {1108#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))} is VALID [2022-02-20 18:10:18,235 INFO L290 TraceCheckUtils]: 25: Hoare triple {1108#(not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1100#false} is VALID [2022-02-20 18:10:18,235 INFO L290 TraceCheckUtils]: 26: Hoare triple {1100#false} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {1100#false} is VALID [2022-02-20 18:10:18,235 INFO L290 TraceCheckUtils]: 27: Hoare triple {1100#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {1100#false} is VALID [2022-02-20 18:10:18,235 INFO L290 TraceCheckUtils]: 28: Hoare triple {1100#false} assume !false; {1100#false} is VALID [2022-02-20 18:10:18,236 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:18,236 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:18,236 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1710707264] [2022-02-20 18:10:18,237 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1710707264] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:18,237 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:18,237 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [8] imperfect sequences [] total 8 [2022-02-20 18:10:18,237 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [191039715] [2022-02-20 18:10:18,238 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:18,239 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.25) internal successors, (26), 8 states have internal predecessors, (26), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:18,239 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:18,239 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 8 states, 8 states have (on average 3.25) internal successors, (26), 8 states have internal predecessors, (26), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:18,258 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 29 edges. 29 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:18,258 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 8 states [2022-02-20 18:10:18,258 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:18,260 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 8 interpolants. [2022-02-20 18:10:18,260 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=14, Invalid=42, Unknown=0, NotChecked=0, Total=56 [2022-02-20 18:10:18,261 INFO L87 Difference]: Start difference. First operand 51 states and 64 transitions. Second operand has 8 states, 8 states have (on average 3.25) internal successors, (26), 8 states have internal predecessors, (26), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:18,706 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,707 INFO L93 Difference]: Finished difference Result 175 states and 237 transitions. [2022-02-20 18:10:18,707 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 11 states. [2022-02-20 18:10:18,707 INFO L78 Accepts]: Start accepts. Automaton has has 8 states, 8 states have (on average 3.25) internal successors, (26), 8 states have internal predecessors, (26), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 29 [2022-02-20 18:10:18,707 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:18,707 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.25) internal successors, (26), 8 states have internal predecessors, (26), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:18,710 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 237 transitions. [2022-02-20 18:10:18,710 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 8 states, 8 states have (on average 3.25) internal successors, (26), 8 states have internal predecessors, (26), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:18,713 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 11 states to 11 states and 237 transitions. [2022-02-20 18:10:18,713 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 11 states and 237 transitions. [2022-02-20 18:10:18,862 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 237 edges. 237 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:18,865 INFO L225 Difference]: With dead ends: 175 [2022-02-20 18:10:18,865 INFO L226 Difference]: Without dead ends: 131 [2022-02-20 18:10:18,865 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 16 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 12 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 15 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=51, Invalid=131, Unknown=0, NotChecked=0, Total=182 [2022-02-20 18:10:18,866 INFO L933 BasicCegarLoop]: 66 mSDtfsCounter, 153 mSDsluCounter, 324 mSDsCounter, 0 mSdLazyCounter, 109 mSolverCounterSat, 22 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.1s Time, 0 mProtectedPredicate, 0 mProtectedAction, 153 SdHoareTripleChecker+Valid, 390 SdHoareTripleChecker+Invalid, 131 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 22 IncrementalHoareTripleChecker+Valid, 109 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.1s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:18,866 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [153 Valid, 390 Invalid, 131 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [22 Valid, 109 Invalid, 0 Unknown, 0 Unchecked, 0.1s Time] [2022-02-20 18:10:18,867 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 131 states. [2022-02-20 18:10:18,874 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 131 to 126. [2022-02-20 18:10:18,874 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:18,875 INFO L82 GeneralOperation]: Start isEquivalent. First operand 131 states. Second operand has 126 states, 100 states have (on average 1.32) internal successors, (132), 112 states have internal predecessors, (132), 14 states have call successors, (14), 11 states have call predecessors, (14), 11 states have return successors, (17), 11 states have call predecessors, (17), 14 states have call successors, (17) [2022-02-20 18:10:18,875 INFO L74 IsIncluded]: Start isIncluded. First operand 131 states. Second operand has 126 states, 100 states have (on average 1.32) internal successors, (132), 112 states have internal predecessors, (132), 14 states have call successors, (14), 11 states have call predecessors, (14), 11 states have return successors, (17), 11 states have call predecessors, (17), 14 states have call successors, (17) [2022-02-20 18:10:18,875 INFO L87 Difference]: Start difference. First operand 131 states. Second operand has 126 states, 100 states have (on average 1.32) internal successors, (132), 112 states have internal predecessors, (132), 14 states have call successors, (14), 11 states have call predecessors, (14), 11 states have return successors, (17), 11 states have call predecessors, (17), 14 states have call successors, (17) [2022-02-20 18:10:18,882 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,882 INFO L93 Difference]: Finished difference Result 131 states and 173 transitions. [2022-02-20 18:10:18,882 INFO L276 IsEmpty]: Start isEmpty. Operand 131 states and 173 transitions. [2022-02-20 18:10:18,882 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,882 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,883 INFO L74 IsIncluded]: Start isIncluded. First operand has 126 states, 100 states have (on average 1.32) internal successors, (132), 112 states have internal predecessors, (132), 14 states have call successors, (14), 11 states have call predecessors, (14), 11 states have return successors, (17), 11 states have call predecessors, (17), 14 states have call successors, (17) Second operand 131 states. [2022-02-20 18:10:18,883 INFO L87 Difference]: Start difference. First operand has 126 states, 100 states have (on average 1.32) internal successors, (132), 112 states have internal predecessors, (132), 14 states have call successors, (14), 11 states have call predecessors, (14), 11 states have return successors, (17), 11 states have call predecessors, (17), 14 states have call successors, (17) Second operand 131 states. [2022-02-20 18:10:18,888 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:18,888 INFO L93 Difference]: Finished difference Result 131 states and 173 transitions. [2022-02-20 18:10:18,888 INFO L276 IsEmpty]: Start isEmpty. Operand 131 states and 173 transitions. [2022-02-20 18:10:18,888 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:18,888 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:18,888 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:18,889 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:18,889 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 126 states, 100 states have (on average 1.32) internal successors, (132), 112 states have internal predecessors, (132), 14 states have call successors, (14), 11 states have call predecessors, (14), 11 states have return successors, (17), 11 states have call predecessors, (17), 14 states have call successors, (17) [2022-02-20 18:10:18,893 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 126 states to 126 states and 163 transitions. [2022-02-20 18:10:18,893 INFO L78 Accepts]: Start accepts. Automaton has 126 states and 163 transitions. Word has length 29 [2022-02-20 18:10:18,893 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:18,894 INFO L470 AbstractCegarLoop]: Abstraction has 126 states and 163 transitions. [2022-02-20 18:10:18,894 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 8 states, 8 states have (on average 3.25) internal successors, (26), 8 states have internal predecessors, (26), 1 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:18,895 INFO L276 IsEmpty]: Start isEmpty. Operand 126 states and 163 transitions. [2022-02-20 18:10:18,895 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 32 [2022-02-20 18:10:18,895 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:18,895 INFO L514 BasicCegarLoop]: trace histogram [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:18,895 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable3 [2022-02-20 18:10:18,896 INFO L402 AbstractCegarLoop]: === Iteration 5 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:18,896 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:18,896 INFO L85 PathProgramCache]: Analyzing trace with hash 1673340907, now seen corresponding path program 1 times [2022-02-20 18:10:18,896 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:18,896 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1460166365] [2022-02-20 18:10:18,897 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:18,897 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:18,926 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:18,957 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 21 [2022-02-20 18:10:18,958 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:18,962 INFO L290 TraceCheckUtils]: 0: Hoare triple {1813#true} assume true; {1813#true} is VALID [2022-02-20 18:10:18,963 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {1813#true} {1814#false} #196#return; {1814#false} is VALID [2022-02-20 18:10:18,963 INFO L290 TraceCheckUtils]: 0: Hoare triple {1813#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,964 INFO L290 TraceCheckUtils]: 1: Hoare triple {1815#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,964 INFO L290 TraceCheckUtils]: 2: Hoare triple {1815#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,964 INFO L290 TraceCheckUtils]: 3: Hoare triple {1815#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,965 INFO L290 TraceCheckUtils]: 4: Hoare triple {1815#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,965 INFO L290 TraceCheckUtils]: 5: Hoare triple {1815#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,965 INFO L290 TraceCheckUtils]: 6: Hoare triple {1815#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,965 INFO L290 TraceCheckUtils]: 7: Hoare triple {1815#(= ~pumpRunning~0 0)} assume !false; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,967 INFO L290 TraceCheckUtils]: 8: Hoare triple {1815#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,968 INFO L290 TraceCheckUtils]: 9: Hoare triple {1815#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,968 INFO L290 TraceCheckUtils]: 10: Hoare triple {1815#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp~0#1); {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,968 INFO L290 TraceCheckUtils]: 11: Hoare triple {1815#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,969 INFO L290 TraceCheckUtils]: 12: Hoare triple {1815#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,969 INFO L290 TraceCheckUtils]: 13: Hoare triple {1815#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,969 INFO L290 TraceCheckUtils]: 14: Hoare triple {1815#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,970 INFO L272 TraceCheckUtils]: 15: Hoare triple {1815#(= ~pumpRunning~0 0)} call timeShift(); {1815#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:18,973 INFO L290 TraceCheckUtils]: 16: Hoare triple {1815#(= ~pumpRunning~0 0)} assume 0 != ~pumpRunning~0;assume { :begin_inline_lowerWaterLevel } true; {1814#false} is VALID [2022-02-20 18:10:18,973 INFO L290 TraceCheckUtils]: 17: Hoare triple {1814#false} assume ~waterLevel~0 > 0;~waterLevel~0 := ~waterLevel~0 - 1; {1814#false} is VALID [2022-02-20 18:10:18,973 INFO L290 TraceCheckUtils]: 18: Hoare triple {1814#false} assume { :end_inline_lowerWaterLevel } true; {1814#false} is VALID [2022-02-20 18:10:18,974 INFO L290 TraceCheckUtils]: 19: Hoare triple {1814#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {1814#false} is VALID [2022-02-20 18:10:18,974 INFO L290 TraceCheckUtils]: 20: Hoare triple {1814#false} assume !(0 != ~pumpRunning~0); {1814#false} is VALID [2022-02-20 18:10:18,974 INFO L272 TraceCheckUtils]: 21: Hoare triple {1814#false} call processEnvironment__wrappee__base(); {1813#true} is VALID [2022-02-20 18:10:18,975 INFO L290 TraceCheckUtils]: 22: Hoare triple {1813#true} assume true; {1813#true} is VALID [2022-02-20 18:10:18,976 INFO L284 TraceCheckUtils]: 23: Hoare quadruple {1813#true} {1814#false} #196#return; {1814#false} is VALID [2022-02-20 18:10:18,977 INFO L290 TraceCheckUtils]: 24: Hoare triple {1814#false} assume { :end_inline_processEnvironment } true; {1814#false} is VALID [2022-02-20 18:10:18,979 INFO L290 TraceCheckUtils]: 25: Hoare triple {1814#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {1814#false} is VALID [2022-02-20 18:10:18,982 INFO L290 TraceCheckUtils]: 26: Hoare triple {1814#false} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {1814#false} is VALID [2022-02-20 18:10:18,983 INFO L290 TraceCheckUtils]: 27: Hoare triple {1814#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {1814#false} is VALID [2022-02-20 18:10:18,983 INFO L290 TraceCheckUtils]: 28: Hoare triple {1814#false} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {1814#false} is VALID [2022-02-20 18:10:18,983 INFO L290 TraceCheckUtils]: 29: Hoare triple {1814#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {1814#false} is VALID [2022-02-20 18:10:18,983 INFO L290 TraceCheckUtils]: 30: Hoare triple {1814#false} assume !false; {1814#false} is VALID [2022-02-20 18:10:18,983 INFO L134 CoverageAnalysis]: Checked inductivity of 0 backedges. 0 proven. 0 refuted. 0 times theorem prover too weak. 0 trivial. 0 not checked. [2022-02-20 18:10:18,983 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:18,983 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1460166365] [2022-02-20 18:10:18,983 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1460166365] provided 1 perfect and 0 imperfect interpolant sequences [2022-02-20 18:10:18,984 INFO L191 FreeRefinementEngine]: Found 1 perfect and 0 imperfect interpolant sequences. [2022-02-20 18:10:18,984 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [3] imperfect sequences [] total 3 [2022-02-20 18:10:18,984 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [110599800] [2022-02-20 18:10:18,984 INFO L85 oduleStraightlineAll]: Using 1 perfect interpolants to construct interpolant automaton [2022-02-20 18:10:18,984 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:10:18,984 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:18,984 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:19,003 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 31 edges. 31 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:19,003 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 3 states [2022-02-20 18:10:19,003 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:19,004 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 3 interpolants. [2022-02-20 18:10:19,004 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:19,004 INFO L87 Difference]: Start difference. First operand 126 states and 163 transitions. Second operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:19,039 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:19,040 INFO L93 Difference]: Finished difference Result 219 states and 285 transitions. [2022-02-20 18:10:19,040 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 3 states. [2022-02-20 18:10:19,040 INFO L78 Accepts]: Start accepts. Automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) Word has length 31 [2022-02-20 18:10:19,040 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:19,040 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:19,041 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 109 transitions. [2022-02-20 18:10:19,042 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:19,043 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 3 states to 3 states and 109 transitions. [2022-02-20 18:10:19,043 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 3 states and 109 transitions. [2022-02-20 18:10:19,101 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 109 edges. 109 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:19,102 INFO L225 Difference]: With dead ends: 219 [2022-02-20 18:10:19,103 INFO L226 Difference]: Without dead ends: 100 [2022-02-20 18:10:19,103 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 5 GetRequests, 4 SyntacticMatches, 0 SemanticMatches, 1 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 0 ImplicationChecksByTransitivity, 0.0s TimeCoverageRelationStatistics Valid=3, Invalid=3, Unknown=0, NotChecked=0, Total=6 [2022-02-20 18:10:19,104 INFO L933 BasicCegarLoop]: 46 mSDtfsCounter, 33 mSDsluCounter, 0 mSDsCounter, 0 mSdLazyCounter, 3 mSolverCounterSat, 1 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.0s Time, 0 mProtectedPredicate, 0 mProtectedAction, 33 SdHoareTripleChecker+Valid, 46 SdHoareTripleChecker+Invalid, 4 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 1 IncrementalHoareTripleChecker+Valid, 3 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.0s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:19,104 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [33 Valid, 46 Invalid, 4 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [1 Valid, 3 Invalid, 0 Unknown, 0 Unchecked, 0.0s Time] [2022-02-20 18:10:19,105 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 100 states. [2022-02-20 18:10:19,109 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 100 to 100. [2022-02-20 18:10:19,113 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:19,114 INFO L82 GeneralOperation]: Start isEquivalent. First operand 100 states. Second operand has 100 states, 77 states have (on average 1.2337662337662338) internal successors, (95), 83 states have internal predecessors, (95), 11 states have call successors, (11), 11 states have call predecessors, (11), 11 states have return successors, (12), 11 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:10:19,114 INFO L74 IsIncluded]: Start isIncluded. First operand 100 states. Second operand has 100 states, 77 states have (on average 1.2337662337662338) internal successors, (95), 83 states have internal predecessors, (95), 11 states have call successors, (11), 11 states have call predecessors, (11), 11 states have return successors, (12), 11 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:10:19,114 INFO L87 Difference]: Start difference. First operand 100 states. Second operand has 100 states, 77 states have (on average 1.2337662337662338) internal successors, (95), 83 states have internal predecessors, (95), 11 states have call successors, (11), 11 states have call predecessors, (11), 11 states have return successors, (12), 11 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:10:19,116 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:19,116 INFO L93 Difference]: Finished difference Result 100 states and 118 transitions. [2022-02-20 18:10:19,117 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 118 transitions. [2022-02-20 18:10:19,117 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:19,121 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:19,121 INFO L74 IsIncluded]: Start isIncluded. First operand has 100 states, 77 states have (on average 1.2337662337662338) internal successors, (95), 83 states have internal predecessors, (95), 11 states have call successors, (11), 11 states have call predecessors, (11), 11 states have return successors, (12), 11 states have call predecessors, (12), 11 states have call successors, (12) Second operand 100 states. [2022-02-20 18:10:19,122 INFO L87 Difference]: Start difference. First operand has 100 states, 77 states have (on average 1.2337662337662338) internal successors, (95), 83 states have internal predecessors, (95), 11 states have call successors, (11), 11 states have call predecessors, (11), 11 states have return successors, (12), 11 states have call predecessors, (12), 11 states have call successors, (12) Second operand 100 states. [2022-02-20 18:10:19,124 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:19,124 INFO L93 Difference]: Finished difference Result 100 states and 118 transitions. [2022-02-20 18:10:19,124 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 118 transitions. [2022-02-20 18:10:19,124 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:19,124 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:19,125 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:19,125 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:19,125 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 100 states, 77 states have (on average 1.2337662337662338) internal successors, (95), 83 states have internal predecessors, (95), 11 states have call successors, (11), 11 states have call predecessors, (11), 11 states have return successors, (12), 11 states have call predecessors, (12), 11 states have call successors, (12) [2022-02-20 18:10:19,127 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 100 states to 100 states and 118 transitions. [2022-02-20 18:10:19,127 INFO L78 Accepts]: Start accepts. Automaton has 100 states and 118 transitions. Word has length 31 [2022-02-20 18:10:19,127 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:19,128 INFO L470 AbstractCegarLoop]: Abstraction has 100 states and 118 transitions. [2022-02-20 18:10:19,128 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 3 states, 3 states have (on average 9.333333333333334) internal successors, (28), 3 states have internal predecessors, (28), 2 states have call successors, (2), 2 states have call predecessors, (2), 1 states have return successors, (1), 1 states have call predecessors, (1), 1 states have call successors, (1) [2022-02-20 18:10:19,128 INFO L276 IsEmpty]: Start isEmpty. Operand 100 states and 118 transitions. [2022-02-20 18:10:19,129 INFO L282 IsEmpty]: Finished isEmpty. Found accepting run of length 60 [2022-02-20 18:10:19,129 INFO L506 BasicCegarLoop]: Found error trace [2022-02-20 18:10:19,129 INFO L514 BasicCegarLoop]: trace histogram [2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1] [2022-02-20 18:10:19,129 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: SelfDestructingSolverStorable4 [2022-02-20 18:10:19,129 INFO L402 AbstractCegarLoop]: === Iteration 6 === Targeting timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION === [timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION] === [2022-02-20 18:10:19,130 INFO L144 PredicateUnifier]: Initialized classic predicate unifier [2022-02-20 18:10:19,130 INFO L85 PathProgramCache]: Analyzing trace with hash -1699050591, now seen corresponding path program 1 times [2022-02-20 18:10:19,130 INFO L126 FreeRefinementEngine]: Executing refinement strategy CAMEL [2022-02-20 18:10:19,130 INFO L338 FreeRefinementEngine]: Using trace check IpTcStrategyModuleSmtInterpolCraig [1947592418] [2022-02-20 18:10:19,130 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:19,130 INFO L127 SolverBuilder]: Constructing new instance of SMTInterpol with explicit timeout -1 ms and remaining time -1 ms [2022-02-20 18:10:19,158 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,209 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 11 [2022-02-20 18:10:19,211 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,213 INFO L290 TraceCheckUtils]: 0: Hoare triple {2492#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2466#true} is VALID [2022-02-20 18:10:19,213 INFO L290 TraceCheckUtils]: 1: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,213 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #198#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,218 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 19 [2022-02-20 18:10:19,220 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,224 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 3 [2022-02-20 18:10:19,224 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,226 INFO L290 TraceCheckUtils]: 0: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,226 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #196#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,227 INFO L290 TraceCheckUtils]: 0: Hoare triple {2493#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,227 INFO L290 TraceCheckUtils]: 1: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,227 INFO L290 TraceCheckUtils]: 2: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,227 INFO L272 TraceCheckUtils]: 3: Hoare triple {2468#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {2466#true} is VALID [2022-02-20 18:10:19,227 INFO L290 TraceCheckUtils]: 4: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,228 INFO L284 TraceCheckUtils]: 5: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #196#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,228 INFO L290 TraceCheckUtils]: 6: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,228 INFO L290 TraceCheckUtils]: 7: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,228 INFO L290 TraceCheckUtils]: 8: Hoare triple {2468#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,229 INFO L290 TraceCheckUtils]: 9: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,229 INFO L290 TraceCheckUtils]: 10: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,229 INFO L290 TraceCheckUtils]: 11: Hoare triple {2468#(= ~pumpRunning~0 0)} assume true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,230 INFO L284 TraceCheckUtils]: 12: Hoare quadruple {2468#(= ~pumpRunning~0 0)} {2468#(= ~pumpRunning~0 0)} #202#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,230 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 37 [2022-02-20 18:10:19,231 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,234 INFO L290 TraceCheckUtils]: 0: Hoare triple {2492#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2466#true} is VALID [2022-02-20 18:10:19,234 INFO L290 TraceCheckUtils]: 1: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,235 INFO L284 TraceCheckUtils]: 2: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #198#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,235 INFO L376 atingTraceCheckCraig]: Compute interpolants for subsequence at non-pending call position 49 [2022-02-20 18:10:19,236 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,239 INFO L284 TraceCheckUtils]: 1: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #196#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,239 INFO L290 TraceCheckUtils]: 0: Hoare triple {2466#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,240 INFO L290 TraceCheckUtils]: 1: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,240 INFO L290 TraceCheckUtils]: 2: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,240 INFO L290 TraceCheckUtils]: 3: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,241 INFO L290 TraceCheckUtils]: 4: Hoare triple {2468#(= ~pumpRunning~0 0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,241 INFO L290 TraceCheckUtils]: 5: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,241 INFO L290 TraceCheckUtils]: 6: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,241 INFO L290 TraceCheckUtils]: 7: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !false; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,242 INFO L290 TraceCheckUtils]: 8: Hoare triple {2468#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,242 INFO L290 TraceCheckUtils]: 9: Hoare triple {2468#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,242 INFO L290 TraceCheckUtils]: 10: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~0#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,243 INFO L272 TraceCheckUtils]: 11: Hoare triple {2468#(= ~pumpRunning~0 0)} call waterRise(); {2492#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,243 INFO L290 TraceCheckUtils]: 12: Hoare triple {2492#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2466#true} is VALID [2022-02-20 18:10:19,243 INFO L290 TraceCheckUtils]: 13: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,243 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #198#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,243 INFO L290 TraceCheckUtils]: 15: Hoare triple {2468#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,244 INFO L290 TraceCheckUtils]: 16: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,244 INFO L290 TraceCheckUtils]: 17: Hoare triple {2468#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,244 INFO L290 TraceCheckUtils]: 18: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,245 INFO L272 TraceCheckUtils]: 19: Hoare triple {2468#(= ~pumpRunning~0 0)} call timeShift(); {2493#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} is VALID [2022-02-20 18:10:19,245 INFO L290 TraceCheckUtils]: 20: Hoare triple {2493#(and (= ~pumpRunning~0 |old(~pumpRunning~0)|) (= |old(~waterLevel~0)| ~waterLevel~0))} assume !(0 != ~pumpRunning~0); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,245 INFO L290 TraceCheckUtils]: 21: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,245 INFO L290 TraceCheckUtils]: 22: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,245 INFO L272 TraceCheckUtils]: 23: Hoare triple {2468#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {2466#true} is VALID [2022-02-20 18:10:19,246 INFO L290 TraceCheckUtils]: 24: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,246 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #196#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,246 INFO L290 TraceCheckUtils]: 26: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,246 INFO L290 TraceCheckUtils]: 27: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,247 INFO L290 TraceCheckUtils]: 28: Hoare triple {2468#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,247 INFO L290 TraceCheckUtils]: 29: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,247 INFO L290 TraceCheckUtils]: 30: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,247 INFO L290 TraceCheckUtils]: 31: Hoare triple {2468#(= ~pumpRunning~0 0)} assume true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,248 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {2468#(= ~pumpRunning~0 0)} {2468#(= ~pumpRunning~0 0)} #202#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,248 INFO L290 TraceCheckUtils]: 33: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !false; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,248 INFO L290 TraceCheckUtils]: 34: Hoare triple {2468#(= ~pumpRunning~0 0)} assume test_~splverifierCounter~0#1 < 4; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,251 INFO L290 TraceCheckUtils]: 35: Hoare triple {2468#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,251 INFO L290 TraceCheckUtils]: 36: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != test_~tmp~0#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,252 INFO L272 TraceCheckUtils]: 37: Hoare triple {2468#(= ~pumpRunning~0 0)} call waterRise(); {2492#(= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,252 INFO L290 TraceCheckUtils]: 38: Hoare triple {2492#(= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2466#true} is VALID [2022-02-20 18:10:19,252 INFO L290 TraceCheckUtils]: 39: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,252 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #198#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,252 INFO L290 TraceCheckUtils]: 41: Hoare triple {2468#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,253 INFO L290 TraceCheckUtils]: 42: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 != test_~tmp___0~0#1); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,253 INFO L290 TraceCheckUtils]: 43: Hoare triple {2468#(= ~pumpRunning~0 0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,253 INFO L290 TraceCheckUtils]: 44: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != test_~tmp___2~0#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,254 INFO L272 TraceCheckUtils]: 45: Hoare triple {2468#(= ~pumpRunning~0 0)} call timeShift(); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,254 INFO L290 TraceCheckUtils]: 46: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,254 INFO L290 TraceCheckUtils]: 47: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,254 INFO L290 TraceCheckUtils]: 48: Hoare triple {2468#(= ~pumpRunning~0 0)} assume !(0 != ~pumpRunning~0); {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,254 INFO L272 TraceCheckUtils]: 49: Hoare triple {2468#(= ~pumpRunning~0 0)} call processEnvironment__wrappee__base(); {2466#true} is VALID [2022-02-20 18:10:19,257 INFO L290 TraceCheckUtils]: 50: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,257 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {2466#true} {2468#(= ~pumpRunning~0 0)} #196#return; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,258 INFO L290 TraceCheckUtils]: 52: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :end_inline_processEnvironment } true; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,258 INFO L290 TraceCheckUtils]: 53: Hoare triple {2468#(= ~pumpRunning~0 0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,258 INFO L290 TraceCheckUtils]: 54: Hoare triple {2468#(= ~pumpRunning~0 0)} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {2468#(= ~pumpRunning~0 0)} is VALID [2022-02-20 18:10:19,258 INFO L290 TraceCheckUtils]: 55: Hoare triple {2468#(= ~pumpRunning~0 0)} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {2490#(= |timeShift_isPumpRunning_#res#1| 0)} is VALID [2022-02-20 18:10:19,259 INFO L290 TraceCheckUtils]: 56: Hoare triple {2490#(= |timeShift_isPumpRunning_#res#1| 0)} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {2491#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~2#1| 0)} is VALID [2022-02-20 18:10:19,259 INFO L290 TraceCheckUtils]: 57: Hoare triple {2491#(= |timeShift___utac_acc__Specification4_spec__1_~tmp___0~2#1| 0)} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {2467#false} is VALID [2022-02-20 18:10:19,259 INFO L290 TraceCheckUtils]: 58: Hoare triple {2467#false} assume !false; {2467#false} is VALID [2022-02-20 18:10:19,260 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 0 proven. 1 refuted. 0 times theorem prover too weak. 22 trivial. 0 not checked. [2022-02-20 18:10:19,260 INFO L144 FreeRefinementEngine]: Strategy CAMEL found an infeasible trace [2022-02-20 18:10:19,260 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleSmtInterpolCraig [1947592418] [2022-02-20 18:10:19,260 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleSmtInterpolCraig [1947592418] provided 0 perfect and 1 imperfect interpolant sequences [2022-02-20 18:10:19,260 INFO L338 FreeRefinementEngine]: Using interpolant generator IpTcStrategyModuleZ3 [1058176650] [2022-02-20 18:10:19,260 INFO L95 rtionOrderModulation]: Keeping assertion order NOT_INCREMENTALLY [2022-02-20 18:10:19,260 INFO L173 SolverBuilder]: Constructing external solver with command: z3 -smt2 -in SMTLIB2_COMPLIANT=true [2022-02-20 18:10:19,261 INFO L189 MonitoredProcess]: No working directory specified, using /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 [2022-02-20 18:10:19,262 INFO L229 MonitoredProcess]: Starting monitored process 2 with /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (exit command is (exit), workingDir is null) [2022-02-20 18:10:19,270 INFO L327 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Waiting until timeout for monitored process [2022-02-20 18:10:19,351 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,353 INFO L263 TraceCheckSpWp]: Trace formula consists of 366 conjuncts, 9 conjunts are in the unsatisfiable core [2022-02-20 18:10:19,398 INFO L136 AnnotateAndAsserter]: Conjunction of SSA is unsat [2022-02-20 18:10:19,402 INFO L286 TraceCheckSpWp]: Computing forward predicates... [2022-02-20 18:10:19,766 INFO L290 TraceCheckUtils]: 0: Hoare triple {2466#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,767 INFO L290 TraceCheckUtils]: 1: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,767 INFO L290 TraceCheckUtils]: 2: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,768 INFO L290 TraceCheckUtils]: 3: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,768 INFO L290 TraceCheckUtils]: 4: Hoare triple {2499#(<= 1 ~waterLevel~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,768 INFO L290 TraceCheckUtils]: 5: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,768 INFO L290 TraceCheckUtils]: 6: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,769 INFO L290 TraceCheckUtils]: 7: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume !false; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,770 INFO L290 TraceCheckUtils]: 8: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,770 INFO L290 TraceCheckUtils]: 9: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,770 INFO L290 TraceCheckUtils]: 10: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,771 INFO L272 TraceCheckUtils]: 11: Hoare triple {2499#(<= 1 ~waterLevel~0)} call waterRise(); {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,771 INFO L290 TraceCheckUtils]: 12: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2537#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:10:19,772 INFO L290 TraceCheckUtils]: 13: Hoare triple {2537#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} assume true; {2537#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} is VALID [2022-02-20 18:10:19,772 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {2537#(<= (+ |old(~waterLevel~0)| 1) ~waterLevel~0)} {2499#(<= 1 ~waterLevel~0)} #198#return; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,773 INFO L290 TraceCheckUtils]: 15: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,773 INFO L290 TraceCheckUtils]: 16: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,773 INFO L290 TraceCheckUtils]: 17: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,773 INFO L290 TraceCheckUtils]: 18: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,774 INFO L272 TraceCheckUtils]: 19: Hoare triple {2544#(<= 2 ~waterLevel~0)} call timeShift(); {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,774 INFO L290 TraceCheckUtils]: 20: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,774 INFO L290 TraceCheckUtils]: 21: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,775 INFO L290 TraceCheckUtils]: 22: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 != ~pumpRunning~0); {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,775 INFO L272 TraceCheckUtils]: 23: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} call processEnvironment__wrappee__base(); {2466#true} is VALID [2022-02-20 18:10:19,775 INFO L290 TraceCheckUtils]: 24: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:19,775 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {2466#true} {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} #196#return; {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,776 INFO L290 TraceCheckUtils]: 26: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :end_inline_processEnvironment } true; {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,776 INFO L290 TraceCheckUtils]: 27: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,776 INFO L290 TraceCheckUtils]: 28: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,777 INFO L290 TraceCheckUtils]: 29: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,777 INFO L290 TraceCheckUtils]: 30: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,777 INFO L290 TraceCheckUtils]: 31: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume true; {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,778 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} {2544#(<= 2 ~waterLevel~0)} #202#return; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,778 INFO L290 TraceCheckUtils]: 33: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume !false; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,778 INFO L290 TraceCheckUtils]: 34: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,779 INFO L290 TraceCheckUtils]: 35: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,779 INFO L290 TraceCheckUtils]: 36: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:19,780 INFO L272 TraceCheckUtils]: 37: Hoare triple {2544#(<= 2 ~waterLevel~0)} call waterRise(); {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} is VALID [2022-02-20 18:10:19,781 INFO L290 TraceCheckUtils]: 38: Hoare triple {2533#(<= |old(~waterLevel~0)| ~waterLevel~0)} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2617#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:19,782 INFO L290 TraceCheckUtils]: 39: Hoare triple {2617#(< |old(~waterLevel~0)| 2)} assume true; {2617#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:19,783 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2617#(< |old(~waterLevel~0)| 2)} {2544#(<= 2 ~waterLevel~0)} #198#return; {2467#false} is VALID [2022-02-20 18:10:19,783 INFO L290 TraceCheckUtils]: 41: Hoare triple {2467#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2467#false} is VALID [2022-02-20 18:10:19,783 INFO L290 TraceCheckUtils]: 42: Hoare triple {2467#false} assume !(0 != test_~tmp___0~0#1); {2467#false} is VALID [2022-02-20 18:10:19,783 INFO L290 TraceCheckUtils]: 43: Hoare triple {2467#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2467#false} is VALID [2022-02-20 18:10:19,783 INFO L290 TraceCheckUtils]: 44: Hoare triple {2467#false} assume 0 != test_~tmp___2~0#1; {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L272 TraceCheckUtils]: 45: Hoare triple {2467#false} call timeShift(); {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L290 TraceCheckUtils]: 46: Hoare triple {2467#false} assume !(0 != ~pumpRunning~0); {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L290 TraceCheckUtils]: 47: Hoare triple {2467#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L290 TraceCheckUtils]: 48: Hoare triple {2467#false} assume !(0 != ~pumpRunning~0); {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L272 TraceCheckUtils]: 49: Hoare triple {2467#false} call processEnvironment__wrappee__base(); {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L290 TraceCheckUtils]: 50: Hoare triple {2467#false} assume true; {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {2467#false} {2467#false} #196#return; {2467#false} is VALID [2022-02-20 18:10:19,784 INFO L290 TraceCheckUtils]: 52: Hoare triple {2467#false} assume { :end_inline_processEnvironment } true; {2467#false} is VALID [2022-02-20 18:10:19,785 INFO L290 TraceCheckUtils]: 53: Hoare triple {2467#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {2467#false} is VALID [2022-02-20 18:10:19,785 INFO L290 TraceCheckUtils]: 54: Hoare triple {2467#false} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {2467#false} is VALID [2022-02-20 18:10:19,785 INFO L290 TraceCheckUtils]: 55: Hoare triple {2467#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {2467#false} is VALID [2022-02-20 18:10:19,785 INFO L290 TraceCheckUtils]: 56: Hoare triple {2467#false} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {2467#false} is VALID [2022-02-20 18:10:19,785 INFO L290 TraceCheckUtils]: 57: Hoare triple {2467#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {2467#false} is VALID [2022-02-20 18:10:19,785 INFO L290 TraceCheckUtils]: 58: Hoare triple {2467#false} assume !false; {2467#false} is VALID [2022-02-20 18:10:19,786 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 20 proven. 2 refuted. 0 times theorem prover too weak. 1 trivial. 0 not checked. [2022-02-20 18:10:19,786 INFO L328 TraceCheckSpWp]: Computing backward predicates... [2022-02-20 18:10:20,344 INFO L290 TraceCheckUtils]: 58: Hoare triple {2467#false} assume !false; {2467#false} is VALID [2022-02-20 18:10:20,344 INFO L290 TraceCheckUtils]: 57: Hoare triple {2467#false} assume 0 != __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline___automaton_fail } true; {2467#false} is VALID [2022-02-20 18:10:20,344 INFO L290 TraceCheckUtils]: 56: Hoare triple {2467#false} __utac_acc__Specification4_spec__1_#t~ret22#1 := isPumpRunning_#res#1;assume { :end_inline_isPumpRunning } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret22#1 && __utac_acc__Specification4_spec__1_#t~ret22#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp___0~2#1 := __utac_acc__Specification4_spec__1_#t~ret22#1;havoc __utac_acc__Specification4_spec__1_#t~ret22#1; {2467#false} is VALID [2022-02-20 18:10:20,344 INFO L290 TraceCheckUtils]: 55: Hoare triple {2467#false} assume 0 == __utac_acc__Specification4_spec__1_~tmp~4#1;assume { :begin_inline_isPumpRunning } true;havoc isPumpRunning_#res#1;havoc isPumpRunning_~retValue_acc~1#1;havoc isPumpRunning_~retValue_acc~1#1;isPumpRunning_~retValue_acc~1#1 := ~pumpRunning~0;isPumpRunning_#res#1 := isPumpRunning_~retValue_acc~1#1; {2467#false} is VALID [2022-02-20 18:10:20,345 INFO L290 TraceCheckUtils]: 54: Hoare triple {2467#false} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {2467#false} is VALID [2022-02-20 18:10:20,345 INFO L290 TraceCheckUtils]: 53: Hoare triple {2467#false} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {2467#false} is VALID [2022-02-20 18:10:20,345 INFO L290 TraceCheckUtils]: 52: Hoare triple {2467#false} assume { :end_inline_processEnvironment } true; {2467#false} is VALID [2022-02-20 18:10:20,345 INFO L284 TraceCheckUtils]: 51: Hoare quadruple {2466#true} {2467#false} #196#return; {2467#false} is VALID [2022-02-20 18:10:20,345 INFO L290 TraceCheckUtils]: 50: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:20,345 INFO L272 TraceCheckUtils]: 49: Hoare triple {2467#false} call processEnvironment__wrappee__base(); {2466#true} is VALID [2022-02-20 18:10:20,345 INFO L290 TraceCheckUtils]: 48: Hoare triple {2467#false} assume !(0 != ~pumpRunning~0); {2467#false} is VALID [2022-02-20 18:10:20,345 INFO L290 TraceCheckUtils]: 47: Hoare triple {2467#false} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2467#false} is VALID [2022-02-20 18:10:20,346 INFO L290 TraceCheckUtils]: 46: Hoare triple {2467#false} assume !(0 != ~pumpRunning~0); {2467#false} is VALID [2022-02-20 18:10:20,346 INFO L272 TraceCheckUtils]: 45: Hoare triple {2467#false} call timeShift(); {2467#false} is VALID [2022-02-20 18:10:20,358 INFO L290 TraceCheckUtils]: 44: Hoare triple {2467#false} assume 0 != test_~tmp___2~0#1; {2467#false} is VALID [2022-02-20 18:10:20,358 INFO L290 TraceCheckUtils]: 43: Hoare triple {2467#false} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2467#false} is VALID [2022-02-20 18:10:20,358 INFO L290 TraceCheckUtils]: 42: Hoare triple {2467#false} assume !(0 != test_~tmp___0~0#1); {2467#false} is VALID [2022-02-20 18:10:20,358 INFO L290 TraceCheckUtils]: 41: Hoare triple {2467#false} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2467#false} is VALID [2022-02-20 18:10:20,359 INFO L284 TraceCheckUtils]: 40: Hoare quadruple {2617#(< |old(~waterLevel~0)| 2)} {2544#(<= 2 ~waterLevel~0)} #198#return; {2467#false} is VALID [2022-02-20 18:10:20,359 INFO L290 TraceCheckUtils]: 39: Hoare triple {2617#(< |old(~waterLevel~0)| 2)} assume true; {2617#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:20,360 INFO L290 TraceCheckUtils]: 38: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2617#(< |old(~waterLevel~0)| 2)} is VALID [2022-02-20 18:10:20,360 INFO L272 TraceCheckUtils]: 37: Hoare triple {2544#(<= 2 ~waterLevel~0)} call waterRise(); {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,361 INFO L290 TraceCheckUtils]: 36: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,361 INFO L290 TraceCheckUtils]: 35: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,361 INFO L290 TraceCheckUtils]: 34: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,362 INFO L290 TraceCheckUtils]: 33: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume !false; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,362 INFO L284 TraceCheckUtils]: 32: Hoare quadruple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} {2544#(<= 2 ~waterLevel~0)} #202#return; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,362 INFO L290 TraceCheckUtils]: 31: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume true; {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,363 INFO L290 TraceCheckUtils]: 30: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :end_inline___utac_acc__Specification4_spec__1 } true; {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,363 INFO L290 TraceCheckUtils]: 29: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 == __utac_acc__Specification4_spec__1_~tmp~4#1); {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,363 INFO L290 TraceCheckUtils]: 28: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} __utac_acc__Specification4_spec__1_#t~ret21#1 := getWaterLevel_#res#1;assume { :end_inline_getWaterLevel } true;assume -2147483648 <= __utac_acc__Specification4_spec__1_#t~ret21#1 && __utac_acc__Specification4_spec__1_#t~ret21#1 <= 2147483647;__utac_acc__Specification4_spec__1_~tmp~4#1 := __utac_acc__Specification4_spec__1_#t~ret21#1;havoc __utac_acc__Specification4_spec__1_#t~ret21#1; {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,364 INFO L290 TraceCheckUtils]: 27: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :begin_inline___utac_acc__Specification4_spec__1 } true;havoc __utac_acc__Specification4_spec__1_#t~ret21#1, __utac_acc__Specification4_spec__1_#t~ret22#1, __utac_acc__Specification4_spec__1_~tmp~4#1, __utac_acc__Specification4_spec__1_~tmp___0~2#1;havoc __utac_acc__Specification4_spec__1_~tmp~4#1;havoc __utac_acc__Specification4_spec__1_~tmp___0~2#1;assume { :begin_inline_getWaterLevel } true;havoc getWaterLevel_#res#1;havoc getWaterLevel_~retValue_acc~6#1;havoc getWaterLevel_~retValue_acc~6#1;getWaterLevel_~retValue_acc~6#1 := ~waterLevel~0;getWaterLevel_#res#1 := getWaterLevel_~retValue_acc~6#1; {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,364 INFO L290 TraceCheckUtils]: 26: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume { :end_inline_processEnvironment } true; {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,365 INFO L284 TraceCheckUtils]: 25: Hoare quadruple {2466#true} {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} #196#return; {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,365 INFO L290 TraceCheckUtils]: 24: Hoare triple {2466#true} assume true; {2466#true} is VALID [2022-02-20 18:10:20,365 INFO L272 TraceCheckUtils]: 23: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} call processEnvironment__wrappee__base(); {2466#true} is VALID [2022-02-20 18:10:20,365 INFO L290 TraceCheckUtils]: 22: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 != ~pumpRunning~0); {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,367 INFO L290 TraceCheckUtils]: 21: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume 0 != ~systemActive~0;assume { :begin_inline_processEnvironment } true;havoc processEnvironment_#t~ret8#1, processEnvironment_~tmp~1#1;havoc processEnvironment_~tmp~1#1; {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,367 INFO L290 TraceCheckUtils]: 20: Hoare triple {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} assume !(0 != ~pumpRunning~0); {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,368 INFO L272 TraceCheckUtils]: 19: Hoare triple {2544#(<= 2 ~waterLevel~0)} call timeShift(); {2741#(or (not (< ~waterLevel~0 2)) (< |old(~waterLevel~0)| 2))} is VALID [2022-02-20 18:10:20,368 INFO L290 TraceCheckUtils]: 18: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume 0 != test_~tmp___2~0#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,368 INFO L290 TraceCheckUtils]: 17: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet6#1 && test_#t~nondet6#1 <= 2147483647;test_~tmp___2~0#1 := test_#t~nondet6#1;havoc test_#t~nondet6#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,369 INFO L290 TraceCheckUtils]: 16: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume !(0 != test_~tmp___0~0#1); {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,369 INFO L290 TraceCheckUtils]: 15: Hoare triple {2544#(<= 2 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet5#1 && test_#t~nondet5#1 <= 2147483647;test_~tmp___0~0#1 := test_#t~nondet5#1;havoc test_#t~nondet5#1; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,369 INFO L284 TraceCheckUtils]: 14: Hoare quadruple {2814#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} {2499#(<= 1 ~waterLevel~0)} #198#return; {2544#(<= 2 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,370 INFO L290 TraceCheckUtils]: 13: Hoare triple {2814#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} assume true; {2814#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} is VALID [2022-02-20 18:10:20,370 INFO L290 TraceCheckUtils]: 12: Hoare triple {2821#(or (< |old(~waterLevel~0)| 1) (<= 1 ~waterLevel~0))} assume ~waterLevel~0 < 2;~waterLevel~0 := 1 + ~waterLevel~0; {2814#(or (< |old(~waterLevel~0)| 1) (<= 2 ~waterLevel~0))} is VALID [2022-02-20 18:10:20,371 INFO L272 TraceCheckUtils]: 11: Hoare triple {2499#(<= 1 ~waterLevel~0)} call waterRise(); {2821#(or (< |old(~waterLevel~0)| 1) (<= 1 ~waterLevel~0))} is VALID [2022-02-20 18:10:20,371 INFO L290 TraceCheckUtils]: 10: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume 0 != test_~tmp~0#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,371 INFO L290 TraceCheckUtils]: 9: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume -2147483648 <= test_#t~nondet4#1 && test_#t~nondet4#1 <= 2147483647;test_~tmp~0#1 := test_#t~nondet4#1;havoc test_#t~nondet4#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,372 INFO L290 TraceCheckUtils]: 8: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume test_~splverifierCounter~0#1 < 4; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,372 INFO L290 TraceCheckUtils]: 7: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume !false; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,372 INFO L290 TraceCheckUtils]: 6: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_setup } true;assume { :begin_inline_runTest } true;assume { :begin_inline_test } true;havoc test_#t~nondet4#1, test_#t~nondet5#1, test_#t~nondet6#1, test_#t~nondet7#1, test_~splverifierCounter~0#1, test_~tmp~0#1, test_~tmp___0~0#1, test_~tmp___1~0#1, test_~tmp___2~0#1;havoc test_~splverifierCounter~0#1;havoc test_~tmp~0#1;havoc test_~tmp___0~0#1;havoc test_~tmp___1~0#1;havoc test_~tmp___2~0#1;test_~splverifierCounter~0#1 := 0; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,373 INFO L290 TraceCheckUtils]: 5: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume 0 != main_~tmp~8#1;assume { :begin_inline_setup } true; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,373 INFO L290 TraceCheckUtils]: 4: Hoare triple {2499#(<= 1 ~waterLevel~0)} main_#t~ret51#1 := valid_product_#res#1;assume { :end_inline_valid_product } true;assume -2147483648 <= main_#t~ret51#1 && main_#t~ret51#1 <= 2147483647;main_~tmp~8#1 := main_#t~ret51#1;havoc main_#t~ret51#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,373 INFO L290 TraceCheckUtils]: 3: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_select_features } true;assume { :begin_inline_valid_product } true;havoc valid_product_#res#1;havoc valid_product_~retValue_acc~4#1;havoc valid_product_~retValue_acc~4#1;valid_product_~retValue_acc~4#1 := 1;valid_product_#res#1 := valid_product_~retValue_acc~4#1; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,374 INFO L290 TraceCheckUtils]: 2: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_select_helpers } true;assume { :begin_inline_select_features } true; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,374 INFO L290 TraceCheckUtils]: 1: Hoare triple {2499#(<= 1 ~waterLevel~0)} assume { :end_inline_ULTIMATE.init } true;assume { :begin_inline_main } true;havoc main_#res#1;havoc main_#t~ret51#1, main_~retValue_acc~11#1, main_~tmp~8#1;havoc main_~retValue_acc~11#1;havoc main_~tmp~8#1;assume { :begin_inline_select_helpers } true; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,376 INFO L290 TraceCheckUtils]: 0: Hoare triple {2466#true} assume { :begin_inline_ULTIMATE.init } true;#NULL.base, #NULL.offset := 0, 0;assume 0 == #valid[0];assume 0 < #StackHeapBarrier;call #Ultimate.allocInit(2, 1);call write~init~int(48, 1, 0, 1);call write~init~int(0, 1, 1, 1);call #Ultimate.allocInit(31, 2);call #Ultimate.allocInit(12, 3);call #Ultimate.allocInit(13, 4);call #Ultimate.allocInit(3, 5);call write~init~int(79, 5, 0, 1);call write~init~int(110, 5, 1, 1);call write~init~int(0, 5, 2, 1);call #Ultimate.allocInit(4, 6);call write~init~int(79, 6, 0, 1);call write~init~int(102, 6, 1, 1);call write~init~int(102, 6, 2, 1);call write~init~int(0, 6, 3, 1);call #Ultimate.allocInit(7, 7);call write~init~int(44, 7, 0, 1);call write~init~int(80, 7, 1, 1);call write~init~int(117, 7, 2, 1);call write~init~int(109, 7, 3, 1);call write~init~int(112, 7, 4, 1);call write~init~int(58, 7, 5, 1);call write~init~int(0, 7, 6, 1);call #Ultimate.allocInit(3, 8);call write~init~int(79, 8, 0, 1);call write~init~int(110, 8, 1, 1);call write~init~int(0, 8, 2, 1);call #Ultimate.allocInit(4, 9);call write~init~int(79, 9, 0, 1);call write~init~int(102, 9, 1, 1);call write~init~int(102, 9, 2, 1);call write~init~int(0, 9, 3, 1);call #Ultimate.allocInit(3, 10);call write~init~int(41, 10, 0, 1);call write~init~int(32, 10, 1, 1);call write~init~int(0, 10, 2, 1);call #Ultimate.allocInit(2, 11);call write~init~int(10, 11, 0, 1);call write~init~int(0, 11, 1, 1);call #Ultimate.allocInit(13, 12);call #Ultimate.allocInit(7, 13);call write~init~int(44, 13, 0, 1);call write~init~int(77, 13, 1, 1);call write~init~int(101, 13, 2, 1);call write~init~int(116, 13, 3, 1);call write~init~int(104, 13, 4, 1);call write~init~int(58, 13, 5, 1);call write~init~int(0, 13, 6, 1);call #Ultimate.allocInit(5, 14);call write~init~int(67, 14, 0, 1);call write~init~int(82, 14, 1, 1);call write~init~int(73, 14, 2, 1);call write~init~int(84, 14, 3, 1);call write~init~int(0, 14, 4, 1);call #Ultimate.allocInit(3, 15);call write~init~int(79, 15, 0, 1);call write~init~int(75, 15, 1, 1);call write~init~int(0, 15, 2, 1);call #Ultimate.allocInit(2, 16);call write~init~int(41, 16, 0, 1);call write~init~int(0, 16, 1, 1);call #Ultimate.allocInit(30, 17);call #Ultimate.allocInit(9, 18);call #Ultimate.allocInit(21, 19);call #Ultimate.allocInit(30, 20);call #Ultimate.allocInit(9, 21);call #Ultimate.allocInit(21, 22);call #Ultimate.allocInit(30, 23);call #Ultimate.allocInit(9, 24);call #Ultimate.allocInit(25, 25);call #Ultimate.allocInit(30, 26);call #Ultimate.allocInit(9, 27);call #Ultimate.allocInit(25, 28);~pumpRunning~0 := 0;~systemActive~0 := 1;~waterLevel~0 := 1;~methaneLevelCritical~0 := 0;~head~0.base, ~head~0.offset := 0, 0;~cleanupTimeShifts~0 := 4; {2499#(<= 1 ~waterLevel~0)} is VALID [2022-02-20 18:10:20,378 INFO L134 CoverageAnalysis]: Checked inductivity of 23 backedges. 18 proven. 3 refuted. 0 times theorem prover too weak. 2 trivial. 0 not checked. [2022-02-20 18:10:20,378 INFO L165 FreeRefinementEngine]: IpTcStrategyModuleZ3 [1058176650] provided 0 perfect and 2 imperfect interpolant sequences [2022-02-20 18:10:20,378 INFO L191 FreeRefinementEngine]: Found 0 perfect and 3 imperfect interpolant sequences. [2022-02-20 18:10:20,378 INFO L204 FreeRefinementEngine]: Number of different interpolants: perfect sequences [] imperfect sequences [7, 7, 8] total 15 [2022-02-20 18:10:20,379 INFO L118 tionRefinementEngine]: Using interpolant automaton builder IpAbStrategyModuleStraightlineAll [1023931220] [2022-02-20 18:10:20,379 INFO L85 oduleStraightlineAll]: Using 3 imperfect interpolants to construct interpolant automaton [2022-02-20 18:10:20,380 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 6.0) internal successors, (90), 12 states have internal predecessors, (90), 6 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (12), 5 states have call predecessors, (12), 6 states have call successors, (12) Word has length 59 [2022-02-20 18:10:20,381 INFO L84 Accepts]: Finished accepts. word is accepted. [2022-02-20 18:10:20,381 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with has 15 states, 15 states have (on average 6.0) internal successors, (90), 12 states have internal predecessors, (90), 6 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (12), 5 states have call predecessors, (12), 6 states have call successors, (12) [2022-02-20 18:10:20,448 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 117 edges. 117 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:20,448 INFO L546 AbstractCegarLoop]: INTERPOLANT automaton has 15 states [2022-02-20 18:10:20,448 INFO L108 FreeRefinementEngine]: Using predicate unifier PredicateUnifier provided by strategy CAMEL [2022-02-20 18:10:20,448 INFO L143 InterpolantAutomaton]: Constructing interpolant automaton starting with 15 interpolants. [2022-02-20 18:10:20,448 INFO L145 InterpolantAutomaton]: CoverageRelationStatistics Valid=48, Invalid=162, Unknown=0, NotChecked=0, Total=210 [2022-02-20 18:10:20,449 INFO L87 Difference]: Start difference. First operand 100 states and 118 transitions. Second operand has 15 states, 15 states have (on average 6.0) internal successors, (90), 12 states have internal predecessors, (90), 6 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (12), 5 states have call predecessors, (12), 6 states have call successors, (12) [2022-02-20 18:10:21,021 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:21,022 INFO L93 Difference]: Finished difference Result 133 states and 157 transitions. [2022-02-20 18:10:21,022 INFO L141 InterpolantAutomaton]: Switched to read-only mode: deterministic interpolant automaton has 7 states. [2022-02-20 18:10:21,022 INFO L78 Accepts]: Start accepts. Automaton has has 15 states, 15 states have (on average 6.0) internal successors, (90), 12 states have internal predecessors, (90), 6 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (12), 5 states have call predecessors, (12), 6 states have call successors, (12) Word has length 59 [2022-02-20 18:10:21,023 INFO L84 Accepts]: Finished accepts. some prefix is accepted. [2022-02-20 18:10:21,024 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 6.0) internal successors, (90), 12 states have internal predecessors, (90), 6 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (12), 5 states have call predecessors, (12), 6 states have call successors, (12) [2022-02-20 18:10:21,026 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 123 transitions. [2022-02-20 18:10:21,026 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 15 states, 15 states have (on average 6.0) internal successors, (90), 12 states have internal predecessors, (90), 6 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (12), 5 states have call predecessors, (12), 6 states have call successors, (12) [2022-02-20 18:10:21,028 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 7 states to 7 states and 123 transitions. [2022-02-20 18:10:21,028 INFO L86 InductivityCheck]: Starting indutivity check of a Floyd-Hoare automaton with 7 states and 123 transitions. [2022-02-20 18:10:21,133 INFO L122 InductivityCheck]: Floyd-Hoare automaton has 123 edges. 123 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. [2022-02-20 18:10:21,133 INFO L225 Difference]: With dead ends: 133 [2022-02-20 18:10:21,133 INFO L226 Difference]: Without dead ends: 0 [2022-02-20 18:10:21,134 INFO L932 BasicCegarLoop]: 0 DeclaredPredicates, 139 GetRequests, 120 SyntacticMatches, 1 SemanticMatches, 18 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 45 ImplicationChecksByTransitivity, 0.1s TimeCoverageRelationStatistics Valid=99, Invalid=281, Unknown=0, NotChecked=0, Total=380 [2022-02-20 18:10:21,136 INFO L933 BasicCegarLoop]: 63 mSDtfsCounter, 104 mSDsluCounter, 299 mSDsCounter, 0 mSdLazyCounter, 174 mSolverCounterSat, 40 mSolverCounterUnsat, 0 mSolverCounterUnknown, 0 mSolverCounterNotChecked, 0.2s Time, 0 mProtectedPredicate, 0 mProtectedAction, 104 SdHoareTripleChecker+Valid, 362 SdHoareTripleChecker+Invalid, 214 SdHoareTripleChecker+Unknown, 0 SdHoareTripleChecker+Unchecked, 0.0s SdHoareTripleChecker+Time, 40 IncrementalHoareTripleChecker+Valid, 174 IncrementalHoareTripleChecker+Invalid, 0 IncrementalHoareTripleChecker+Unknown, 0 IncrementalHoareTripleChecker+Unchecked, 0.2s IncrementalHoareTripleChecker+Time [2022-02-20 18:10:21,137 INFO L934 BasicCegarLoop]: SdHoareTripleChecker [104 Valid, 362 Invalid, 214 Unknown, 0 Unchecked, 0.0s Time], IncrementalHoareTripleChecker [40 Valid, 174 Invalid, 0 Unknown, 0 Unchecked, 0.2s Time] [2022-02-20 18:10:21,137 INFO L82 GeneralOperation]: Start minimizeSevpa. Operand 0 states. [2022-02-20 18:10:21,138 INFO L88 GeneralOperation]: Finished minimizeSevpa. Reduced states from 0 to 0. [2022-02-20 18:10:21,138 INFO L214 AbstractMinimizeNwa]: Start testing correctness of minimizeSevpa [2022-02-20 18:10:21,138 INFO L82 GeneralOperation]: Start isEquivalent. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:21,138 INFO L74 IsIncluded]: Start isIncluded. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:21,138 INFO L87 Difference]: Start difference. First operand 0 states. Second operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:21,138 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:21,138 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:21,138 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:21,139 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:21,139 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:21,139 INFO L74 IsIncluded]: Start isIncluded. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:21,139 INFO L87 Difference]: Start difference. First operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) Second operand 0 states. [2022-02-20 18:10:21,139 INFO L144 Difference]: Subtrahend was deterministic. Have not used determinization. [2022-02-20 18:10:21,139 INFO L93 Difference]: Finished difference Result 0 states and 0 transitions. [2022-02-20 18:10:21,139 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:21,139 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:21,139 INFO L83 IsIncluded]: Finished isIncluded. Language is included [2022-02-20 18:10:21,140 INFO L88 GeneralOperation]: Finished isEquivalent. [2022-02-20 18:10:21,140 INFO L221 AbstractMinimizeNwa]: Finished testing correctness of minimizeSevpa [2022-02-20 18:10:21,140 INFO L82 GeneralOperation]: Start removeUnreachable. Operand has 0 states, 0 states have (on average 0.0) internal successors, (0), 0 states have internal predecessors, (0), 0 states have call successors, (0), 0 states have call predecessors, (0), 0 states have return successors, (0), 0 states have call predecessors, (0), 0 states have call successors, (0) [2022-02-20 18:10:21,140 INFO L88 GeneralOperation]: Finished removeUnreachable. Reduced from 0 states to 0 states and 0 transitions. [2022-02-20 18:10:21,140 INFO L78 Accepts]: Start accepts. Automaton has 0 states and 0 transitions. Word has length 59 [2022-02-20 18:10:21,140 INFO L84 Accepts]: Finished accepts. word is rejected. [2022-02-20 18:10:21,140 INFO L470 AbstractCegarLoop]: Abstraction has 0 states and 0 transitions. [2022-02-20 18:10:21,141 INFO L471 AbstractCegarLoop]: INTERPOLANT automaton has has 15 states, 15 states have (on average 6.0) internal successors, (90), 12 states have internal predecessors, (90), 6 states have call successors, (15), 8 states have call predecessors, (15), 8 states have return successors, (12), 5 states have call predecessors, (12), 6 states have call successors, (12) [2022-02-20 18:10:21,141 INFO L276 IsEmpty]: Start isEmpty. Operand 0 states and 0 transitions. [2022-02-20 18:10:21,141 INFO L282 IsEmpty]: Finished isEmpty. No accepting run. [2022-02-20 18:10:21,143 INFO L764 garLoopResultBuilder]: Registering result SAFE for location timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION (0 of 1 remaining) [2022-02-20 18:10:21,163 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true (2)] Forceful destruction successful, exit code 0 [2022-02-20 18:10:21,359 WARN L452 AbstractCegarLoop]: Destroyed unattended storables created during the last iteration: 2 /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 -smt2 -in SMTLIB2_COMPLIANT=true,SelfDestructingSolverStorable5 [2022-02-20 18:10:21,361 INFO L343 DoubleDeckerVisitor]: Before removal of dead ends 0 states and 0 transitions. [2022-02-20 18:10:22,012 INFO L858 garLoopResultBuilder]: For program point processEnvironment__wrappee__baseEXIT(lines 164 170) no Hoare annotation was computed. [2022-02-20 18:10:22,012 INFO L861 garLoopResultBuilder]: At program point processEnvironment__wrappee__baseFINAL(lines 164 170) the Hoare annotation is: true [2022-02-20 18:10:22,012 INFO L858 garLoopResultBuilder]: For program point L402-1(lines 398 409) no Hoare annotation was computed. [2022-02-20 18:10:22,012 INFO L861 garLoopResultBuilder]: At program point changeMethaneLevelENTRY(lines 398 409) the Hoare annotation is: true [2022-02-20 18:10:22,012 INFO L858 garLoopResultBuilder]: For program point changeMethaneLevelEXIT(lines 398 409) no Hoare annotation was computed. [2022-02-20 18:10:22,012 INFO L858 garLoopResultBuilder]: For program point L834-1(line 834) no Hoare annotation was computed. [2022-02-20 18:10:22,012 INFO L858 garLoopResultBuilder]: For program point cleanupEXIT(lines 828 857) no Hoare annotation was computed. [2022-02-20 18:10:22,012 INFO L861 garLoopResultBuilder]: At program point cleanupENTRY(lines 828 857) the Hoare annotation is: true [2022-02-20 18:10:22,012 INFO L861 garLoopResultBuilder]: At program point L853(lines 828 857) the Hoare annotation is: true [2022-02-20 18:10:22,012 INFO L858 garLoopResultBuilder]: For program point L849(line 849) no Hoare annotation was computed. [2022-02-20 18:10:22,012 INFO L858 garLoopResultBuilder]: For program point L842(lines 842 846) no Hoare annotation was computed. [2022-02-20 18:10:22,012 INFO L861 garLoopResultBuilder]: At program point L842-1(lines 842 846) the Hoare annotation is: true [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L839(line 839) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L861 garLoopResultBuilder]: At program point L838-2(lines 838 852) the Hoare annotation is: true [2022-02-20 18:10:22,013 INFO L861 garLoopResultBuilder]: At program point L834(line 834) the Hoare annotation is: true [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L378(lines 378 382) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L854 garLoopResultBuilder]: At program point L378-2(lines 374 385) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L151-1(lines 151 157) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L180(lines 180 188) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L176(lines 176 193) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L296(lines 296 300) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point timeShiftFINAL(lines 140 163) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L296-2(lines 296 300) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L358(lines 358 364) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L354(lines 354 367) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L854 garLoopResultBuilder]: At program point L354-1(lines 346 370) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (= ~pumpRunning~0 0)) (.cse3 (not (= |timeShift___utac_acc__Specification4_spec__1_~tmp~4#1| 0))) (.cse4 (not (= |timeShift_getWaterLevel_#res#1| 0)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 .cse3 .cse4 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 .cse4 (= |old(~waterLevel~0)| ~waterLevel~0)) (not (<= 2 |old(~waterLevel~0)|))))) [2022-02-20 18:10:22,013 INFO L854 garLoopResultBuilder]: At program point L247(lines 242 250) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L144-1(lines 143 162) no Hoare annotation was computed. [2022-02-20 18:10:22,013 INFO L854 garLoopResultBuilder]: At program point L186(line 186) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:22,013 INFO L858 garLoopResultBuilder]: For program point L54(line 54) no Hoare annotation was computed. [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L302(lines 287 305) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L228(lines 223 230) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L191(line 191) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse1 (= ~pumpRunning~0 0))) (and (or .cse0 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 (and .cse1 (= ~waterLevel~0 1))))) [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L447(lines 442 450) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse1 (not (= 1 ~systemActive~0))) (.cse2 (= ~pumpRunning~0 0)) (.cse3 (not (= |timeShift_getWaterLevel_#res#1| 0)))) (and (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (and .cse2 .cse3 (= ~waterLevel~0 1))) (or .cse0 .cse1 (and .cse2 .cse3 (= |old(~waterLevel~0)| ~waterLevel~0)) (not (<= 2 |old(~waterLevel~0)|))))) [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L191-1(lines 172 196) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse1 (= ~pumpRunning~0 0))) (and (or .cse0 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 (and .cse1 (= ~waterLevel~0 1))))) [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L55(lines 50 57) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point timeShiftENTRY(lines 140 163) the Hoare annotation is: (let ((.cse0 (not (= |old(~pumpRunning~0)| 0))) (.cse2 (not (= 1 ~systemActive~0))) (.cse1 (= ~pumpRunning~0 0))) (and (or .cse0 (and .cse1 (= |old(~waterLevel~0)| ~waterLevel~0)) .cse2 (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse2 (and .cse1 (= ~waterLevel~0 1))))) [2022-02-20 18:10:22,014 INFO L858 garLoopResultBuilder]: For program point timeShiftEXIT(lines 140 163) no Hoare annotation was computed. [2022-02-20 18:10:22,014 INFO L858 garLoopResultBuilder]: For program point timeShiftErr0ASSERT_VIOLATIONERROR_FUNCTION(line 54) no Hoare annotation was computed. [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L456(lines 451 459) the Hoare annotation is: (or (not (= |old(~pumpRunning~0)| 0)) (not (= 1 ~systemActive~0)) (not (<= 1 |old(~waterLevel~0)|))) [2022-02-20 18:10:22,014 INFO L858 garLoopResultBuilder]: For program point L93(lines 93 99) no Hoare annotation was computed. [2022-02-20 18:10:22,014 INFO L858 garLoopResultBuilder]: For program point L93-1(lines 93 99) no Hoare annotation was computed. [2022-02-20 18:10:22,014 INFO L861 garLoopResultBuilder]: At program point L122(lines 63 126) the Hoare annotation is: true [2022-02-20 18:10:22,014 INFO L854 garLoopResultBuilder]: At program point L886(lines 882 888) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1) (= ~waterLevel~0 |ULTIMATE.start_main_~tmp~8#1|) (= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0)) [2022-02-20 18:10:22,015 INFO L854 garLoopResultBuilder]: At program point L85(line 85) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0))) (or (and .cse0 (<= 2 ~waterLevel~0) (= 1 ~systemActive~0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 (= ~waterLevel~0 1) (= ~waterLevel~0 |ULTIMATE.start_main_~tmp~8#1|) .cse3))) [2022-02-20 18:10:22,015 INFO L854 garLoopResultBuilder]: At program point L325(lines 321 327) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L-1(line -1) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startENTRY(line -1) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startFINAL(line -1) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L854 garLoopResultBuilder]: At program point L119(lines 72 120) the Hoare annotation is: false [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L74(lines 73 118) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L103(lines 103 114) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point ULTIMATE.startEXIT(line -1) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L861 garLoopResultBuilder]: At program point L896(lines 889 898) the Hoare annotation is: true [2022-02-20 18:10:22,015 INFO L854 garLoopResultBuilder]: At program point L95(line 95) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0))) (or (and .cse0 (<= 2 ~waterLevel~0) (= 1 ~systemActive~0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 (= ~waterLevel~0 1) (= ~waterLevel~0 |ULTIMATE.start_main_~tmp~8#1|) .cse3))) [2022-02-20 18:10:22,015 INFO L854 garLoopResultBuilder]: At program point L116(lines 73 118) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0))) (or (and .cse0 (<= 2 ~waterLevel~0) (= 1 ~systemActive~0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 (= ~waterLevel~0 1) (= ~waterLevel~0 |ULTIMATE.start_main_~tmp~8#1|) .cse3))) [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L83(lines 83 89) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L83-1(lines 83 89) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L909(lines 909 916) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L75(lines 75 79) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L858 garLoopResultBuilder]: For program point L909-2(lines 909 916) no Hoare annotation was computed. [2022-02-20 18:10:22,015 INFO L861 garLoopResultBuilder]: At program point L918(lines 899 921) the Hoare annotation is: true [2022-02-20 18:10:22,016 INFO L854 garLoopResultBuilder]: At program point L340(lines 335 343) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:22,016 INFO L858 garLoopResultBuilder]: For program point L109(lines 109 113) no Hoare annotation was computed. [2022-02-20 18:10:22,016 INFO L854 garLoopResultBuilder]: At program point L332(lines 328 334) the Hoare annotation is: (and (= ~pumpRunning~0 0) (= 1 ~systemActive~0) (= ~waterLevel~0 1)) [2022-02-20 18:10:22,016 INFO L854 garLoopResultBuilder]: At program point L109-2(lines 103 114) the Hoare annotation is: (let ((.cse0 (= ~pumpRunning~0 0)) (.cse1 (= |ULTIMATE.start_valid_product_#res#1| ~systemActive~0)) (.cse2 (= |ULTIMATE.start_test_~splverifierCounter~0#1| 0)) (.cse3 (= |ULTIMATE.start_main_~tmp~8#1| ~systemActive~0))) (or (and .cse0 (<= 2 ~waterLevel~0) (= 1 ~systemActive~0) .cse1 .cse2 .cse3) (and .cse0 .cse1 .cse2 (= ~waterLevel~0 1) (= ~waterLevel~0 |ULTIMATE.start_main_~tmp~8#1|) .cse3))) [2022-02-20 18:10:22,016 INFO L858 garLoopResultBuilder]: For program point waterRiseEXIT(lines 386 397) no Hoare annotation was computed. [2022-02-20 18:10:22,016 INFO L858 garLoopResultBuilder]: For program point L390-1(lines 386 397) no Hoare annotation was computed. [2022-02-20 18:10:22,016 INFO L854 garLoopResultBuilder]: At program point waterRiseENTRY(lines 386 397) the Hoare annotation is: (let ((.cse0 (not (= ~pumpRunning~0 0))) (.cse1 (not (= 1 ~systemActive~0)))) (and (or .cse0 .cse1 (= |old(~waterLevel~0)| ~waterLevel~0) (not (<= 2 |old(~waterLevel~0)|))) (or .cse0 (not (= |old(~waterLevel~0)| 1)) .cse1 (= ~waterLevel~0 1)))) [2022-02-20 18:10:22,018 INFO L732 BasicCegarLoop]: Path program histogram: [1, 1, 1, 1, 1, 1] [2022-02-20 18:10:22,019 INFO L180 ceAbstractionStarter]: Computing trace abstraction results [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: L402-1 has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: L402-1 has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: L378 has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: L144-1 has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: ULTIMATE.startENTRY has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: L390-1 has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: L390-1 has no Hoare annotation [2022-02-20 18:10:22,021 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:22,022 WARN L170 areAnnotationChecker]: processEnvironment__wrappee__baseEXIT has no Hoare annotation [2022-02-20 18:10:22,022 WARN L170 areAnnotationChecker]: L402-1 has no Hoare annotation [2022-02-20 18:10:22,022 WARN L170 areAnnotationChecker]: L834-1 has no Hoare annotation [2022-02-20 18:10:22,025 WARN L170 areAnnotationChecker]: L378 has no Hoare annotation [2022-02-20 18:10:22,025 WARN L170 areAnnotationChecker]: L378 has no Hoare annotation [2022-02-20 18:10:22,025 WARN L170 areAnnotationChecker]: L144-1 has no Hoare annotation [2022-02-20 18:10:22,025 WARN L170 areAnnotationChecker]: L144-1 has no Hoare annotation [2022-02-20 18:10:22,025 WARN L170 areAnnotationChecker]: L-1 has no Hoare annotation [2022-02-20 18:10:22,025 WARN L170 areAnnotationChecker]: L390-1 has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: L151-1 has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: changeMethaneLevelEXIT has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: L834-1 has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: L144-1 has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: L176 has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: L176 has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: L151-1 has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: waterRiseEXIT has no Hoare annotation [2022-02-20 18:10:22,026 WARN L170 areAnnotationChecker]: L93-1 has no Hoare annotation [2022-02-20 18:10:22,027 WARN L170 areAnnotationChecker]: L839 has no Hoare annotation [2022-02-20 18:10:22,027 WARN L170 areAnnotationChecker]: L296 has no Hoare annotation [2022-02-20 18:10:22,027 WARN L170 areAnnotationChecker]: L354 has no Hoare annotation [2022-02-20 18:10:22,027 WARN L170 areAnnotationChecker]: L83-1 has no Hoare annotation [2022-02-20 18:10:22,027 WARN L170 areAnnotationChecker]: L103 has no Hoare annotation [2022-02-20 18:10:22,027 WARN L170 areAnnotationChecker]: L103 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L839 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L296 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L296 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L354 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L354 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L909 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L93 has no Hoare annotation [2022-02-20 18:10:22,028 WARN L170 areAnnotationChecker]: L93 has no Hoare annotation [2022-02-20 18:10:22,029 WARN L170 areAnnotationChecker]: L109 has no Hoare annotation [2022-02-20 18:10:22,029 WARN L170 areAnnotationChecker]: L109 has no Hoare annotation [2022-02-20 18:10:22,029 WARN L170 areAnnotationChecker]: cleanupEXIT has no Hoare annotation [2022-02-20 18:10:22,029 WARN L170 areAnnotationChecker]: L842 has no Hoare annotation [2022-02-20 18:10:22,030 WARN L170 areAnnotationChecker]: L842 has no Hoare annotation [2022-02-20 18:10:22,030 WARN L170 areAnnotationChecker]: L296-2 has no Hoare annotation [2022-02-20 18:10:22,030 WARN L170 areAnnotationChecker]: L358 has no Hoare annotation [2022-02-20 18:10:22,030 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:22,030 WARN L170 areAnnotationChecker]: L909 has no Hoare annotation [2022-02-20 18:10:22,030 WARN L170 areAnnotationChecker]: L909 has no Hoare annotation [2022-02-20 18:10:22,030 WARN L170 areAnnotationChecker]: L93-1 has no Hoare annotation [2022-02-20 18:10:22,032 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:10:22,032 WARN L170 areAnnotationChecker]: L849 has no Hoare annotation [2022-02-20 18:10:22,032 WARN L170 areAnnotationChecker]: L180 has no Hoare annotation [2022-02-20 18:10:22,032 WARN L170 areAnnotationChecker]: L358 has no Hoare annotation [2022-02-20 18:10:22,033 WARN L170 areAnnotationChecker]: L358 has no Hoare annotation [2022-02-20 18:10:22,033 WARN L170 areAnnotationChecker]: timeShiftFINAL has no Hoare annotation [2022-02-20 18:10:22,033 WARN L170 areAnnotationChecker]: L909-2 has no Hoare annotation [2022-02-20 18:10:22,033 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:10:22,033 WARN L170 areAnnotationChecker]: L74 has no Hoare annotation [2022-02-20 18:10:22,033 WARN L170 areAnnotationChecker]: L909-2 has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: L849 has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: L180 has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: L180 has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: L54 has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: timeShiftEXIT has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:22,034 WARN L170 areAnnotationChecker]: L75 has no Hoare annotation [2022-02-20 18:10:22,036 WARN L170 areAnnotationChecker]: ULTIMATE.startFINAL has no Hoare annotation [2022-02-20 18:10:22,036 WARN L170 areAnnotationChecker]: L83 has no Hoare annotation [2022-02-20 18:10:22,036 WARN L170 areAnnotationChecker]: L83 has no Hoare annotation [2022-02-20 18:10:22,036 WARN L170 areAnnotationChecker]: L83-1 has no Hoare annotation [2022-02-20 18:10:22,037 INFO L163 areAnnotationChecker]: CFG has 19 edges. 19 inductive. 0 not inductive. 0 times theorem prover too weak to decide inductivity. 0 times interpolants missing. [2022-02-20 18:10:22,067 INFO L202 PluginConnector]: Adding new model de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction CFG 20.02 06:10:22 BoogieIcfgContainer [2022-02-20 18:10:22,067 INFO L132 PluginConnector]: ------------------------ END TraceAbstraction---------------------------- [2022-02-20 18:10:22,068 INFO L113 PluginConnector]: ------------------------Witness Printer---------------------------- [2022-02-20 18:10:22,068 INFO L271 PluginConnector]: Initializing Witness Printer... [2022-02-20 18:10:22,068 INFO L275 PluginConnector]: Witness Printer initialized [2022-02-20 18:10:22,068 INFO L185 PluginConnector]: Executing the observer RCFGCatcher from plugin Witness Printer for "de.uni_freiburg.informatik.ultimate.plugins.generator.rcfgbuilder CFG 20.02 06:10:16" (3/4) ... [2022-02-20 18:10:22,070 INFO L137 WitnessPrinter]: Generating witness for correct program [2022-02-20 18:10:22,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure processEnvironment__wrappee__base [2022-02-20 18:10:22,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure changeMethaneLevel [2022-02-20 18:10:22,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure cleanup [2022-02-20 18:10:22,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure timeShift [2022-02-20 18:10:22,074 INFO L354 RCFGBacktranslator]: Ignoring RootEdge to procedure waterRise [2022-02-20 18:10:22,078 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 49 nodes and edges [2022-02-20 18:10:22,079 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 22 nodes and edges [2022-02-20 18:10:22,079 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 11 nodes and edges [2022-02-20 18:10:22,079 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 5 nodes and edges [2022-02-20 18:10:22,079 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 2 nodes and edges [2022-02-20 18:10:22,080 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:22,080 INFO L910 BoogieBacktranslator]: Reduced CFG by removing 1 nodes and edges [2022-02-20 18:10:22,095 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 [2022-02-20 18:10:22,095 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((pumpRunning == 0 && \result == systemActive) && waterLevel == 1) && waterLevel == tmp) && tmp == systemActive [2022-02-20 18:10:22,095 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((((pumpRunning == 0 && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == systemActive) || (((((pumpRunning == 0 && \result == systemActive) && splverifierCounter == 0) && waterLevel == 1) && waterLevel == tmp) && tmp == systemActive) [2022-02-20 18:10:22,096 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:22,096 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(2 <= \old(waterLevel))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1)) [2022-02-20 18:10:22,097 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) [2022-02-20 18:10:22,097 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (((pumpRunning == 0 && !(tmp == 0)) && !(\result == 0)) && waterLevel == 1)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && !(tmp == 0)) && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) [2022-02-20 18:10:22,097 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:22,097 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:22,097 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:22,097 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:22,098 WARN L220 nessWitnessGenerator]: Not writing invariant because ACSL is forbidden: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) [2022-02-20 18:10:22,118 INFO L141 WitnessManager]: Wrote witness to /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/witness.graphml [2022-02-20 18:10:22,118 INFO L132 PluginConnector]: ------------------------ END Witness Printer---------------------------- [2022-02-20 18:10:22,119 INFO L158 Benchmark]: Toolchain (without parser) took 6569.76ms. Allocated memory was 94.4MB in the beginning and 157.3MB in the end (delta: 62.9MB). Free memory was 53.0MB in the beginning and 67.2MB in the end (delta: -14.2MB). Peak memory consumption was 48.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:22,119 INFO L158 Benchmark]: CDTParser took 0.23ms. Allocated memory is still 94.4MB. Free memory was 70.0MB in the beginning and 70.0MB in the end (delta: 50.1kB). There was no memory consumed. Max. memory is 16.1GB. [2022-02-20 18:10:22,119 INFO L158 Benchmark]: CACSL2BoogieTranslator took 429.78ms. Allocated memory is still 94.4MB. Free memory was 52.8MB in the beginning and 58.1MB in the end (delta: -5.3MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:22,120 INFO L158 Benchmark]: Boogie Procedure Inliner took 59.52ms. Allocated memory is still 94.4MB. Free memory was 58.1MB in the beginning and 55.4MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:22,120 INFO L158 Benchmark]: Boogie Preprocessor took 41.06ms. Allocated memory is still 94.4MB. Free memory was 55.4MB in the beginning and 53.7MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. [2022-02-20 18:10:22,120 INFO L158 Benchmark]: RCFGBuilder took 422.76ms. Allocated memory was 94.4MB in the beginning and 113.2MB in the end (delta: 18.9MB). Free memory was 53.7MB in the beginning and 89.5MB in the end (delta: -35.8MB). Peak memory consumption was 23.4MB. Max. memory is 16.1GB. [2022-02-20 18:10:22,120 INFO L158 Benchmark]: TraceAbstraction took 5552.55ms. Allocated memory was 113.2MB in the beginning and 157.3MB in the end (delta: 44.0MB). Free memory was 89.0MB in the beginning and 72.5MB in the end (delta: 16.6MB). Peak memory consumption was 93.8MB. Max. memory is 16.1GB. [2022-02-20 18:10:22,120 INFO L158 Benchmark]: Witness Printer took 50.37ms. Allocated memory is still 157.3MB. Free memory was 72.5MB in the beginning and 67.2MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. [2022-02-20 18:10:22,121 INFO L339 ainManager$Toolchain]: ####################### End [Toolchain 1] ####################### --- Results --- * Results from de.uni_freiburg.informatik.ultimate.core: - AssertionsEnabledResult: Assertions are enabled Assertions are enabled - StatisticsResult: Toolchain Benchmarks Benchmark results are: * CDTParser took 0.23ms. Allocated memory is still 94.4MB. Free memory was 70.0MB in the beginning and 70.0MB in the end (delta: 50.1kB). There was no memory consumed. Max. memory is 16.1GB. * CACSL2BoogieTranslator took 429.78ms. Allocated memory is still 94.4MB. Free memory was 52.8MB in the beginning and 58.1MB in the end (delta: -5.3MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Boogie Procedure Inliner took 59.52ms. Allocated memory is still 94.4MB. Free memory was 58.1MB in the beginning and 55.4MB in the end (delta: 2.7MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * Boogie Preprocessor took 41.06ms. Allocated memory is still 94.4MB. Free memory was 55.4MB in the beginning and 53.7MB in the end (delta: 1.6MB). Peak memory consumption was 2.1MB. Max. memory is 16.1GB. * RCFGBuilder took 422.76ms. Allocated memory was 94.4MB in the beginning and 113.2MB in the end (delta: 18.9MB). Free memory was 53.7MB in the beginning and 89.5MB in the end (delta: -35.8MB). Peak memory consumption was 23.4MB. Max. memory is 16.1GB. * TraceAbstraction took 5552.55ms. Allocated memory was 113.2MB in the beginning and 157.3MB in the end (delta: 44.0MB). Free memory was 89.0MB in the beginning and 72.5MB in the end (delta: 16.6MB). Peak memory consumption was 93.8MB. Max. memory is 16.1GB. * Witness Printer took 50.37ms. Allocated memory is still 157.3MB. Free memory was 72.5MB in the beginning and 67.2MB in the end (delta: 5.2MB). Peak memory consumption was 4.2MB. Max. memory is 16.1GB. * Results from de.uni_freiburg.informatik.ultimate.plugins.generator.traceabstraction: - StatisticsResult: ErrorAutomatonStatistics NumberErrorTraces: 0, NumberStatementsAllTraces: 0, NumberRelevantStatements: 0, 0.0s ErrorAutomatonConstructionTimeTotal, 0.0s FaulLocalizationTime, NumberStatementsFirstTrace: -1, TraceLengthAvg: 0, 0.0s ErrorAutomatonConstructionTimeAvg, 0.0s ErrorAutomatonDifferenceTimeAvg, 0.0s ErrorAutomatonDifferenceTimeTotal, NumberOfNoEnhancement: 0, NumberOfFiniteEnhancement: 0, NumberOfInfiniteEnhancement: 0 - PositiveResult [Line: 54]: call to reach_error is unreachable For all program executions holds that call to reach_error is unreachable at this location - StatisticsResult: Ultimate Automizer benchmark data CFG has 6 procedures, 69 locations, 1 error locations. Started 1 CEGAR loops. OverallTime: 5.4s, OverallIterations: 6, TraceHistogramMax: 2, PathProgramHistogramMax: 1, EmptinessCheckTime: 0.0s, AutomataDifference: 2.3s, DeadEndRemovalTime: 0.0s, HoareAnnotationTime: 0.7s, InitialAbstractionConstructionTime: 0.0s, PartialOrderReductionTime: 0.0s, HoareTripleCheckerStatistics: 0 mSolverCounterUnknown, 436 SdHoareTripleChecker+Valid, 0.3s IncrementalHoareTripleChecker+Time, 0 mSdLazyCounter, 433 mSDsluCounter, 1124 SdHoareTripleChecker+Invalid, 0.3s Time, 0 mProtectedAction, 0 SdHoareTripleChecker+Unchecked, 0 IncrementalHoareTripleChecker+Unchecked, 741 mSDsCounter, 82 IncrementalHoareTripleChecker+Valid, 0 mProtectedPredicate, 312 IncrementalHoareTripleChecker+Invalid, 394 SdHoareTripleChecker+Unknown, 0 mSolverCounterNotChecked, 82 mSolverCounterUnsat, 383 mSDtfsCounter, 312 mSolverCounterSat, 0.0s SdHoareTripleChecker+Time, 0 IncrementalHoareTripleChecker+Unknown, PredicateUnifierStatistics: 0 DeclaredPredicates, 172 GetRequests, 133 SyntacticMatches, 1 SemanticMatches, 38 ConstructedPredicates, 0 IntricatePredicates, 0 DeprecatedPredicates, 60 ImplicationChecksByTransitivity, 0.2s Time, 0.0s BasicInterpolantAutomatonTime, BiggestAbstraction: size=126occurred in iteration=4, InterpolantAutomatonStates: 31, traceCheckStatistics: No data available, InterpolantConsolidationStatistics: No data available, PathInvariantsStatistics: No data available, 0/0 InterpolantCoveringCapability, TotalInterpolationStatistics: No data available, 0.0s DumpTime, AutomataMinimizationStatistics: 0.1s AutomataMinimizationTime, 6 MinimizatonAttempts, 5 StatesRemovedByMinimization, 1 NontrivialMinimizations, HoareAnnotationStatistics: 0.0s HoareAnnotationTime, 32 LocationsWithAnnotation, 226 PreInvPairs, 246 NumberOfFragments, 569 HoareAnnotationTreeSize, 226 FomulaSimplifications, 97 FormulaSimplificationTreeSizeReduction, 0.1s HoareSimplificationTime, 32 FomulaSimplificationsInter, 463 FormulaSimplificationTreeSizeReductionInter, 0.5s HoareSimplificationTimeInter, RefinementEngineStatistics: TRACE_CHECK: 0.0s SsaConstructionTime, 0.2s SatisfiabilityAnalysisTime, 1.5s InterpolantComputationTime, 241 NumberOfCodeBlocks, 241 NumberOfCodeBlocksAsserted, 7 NumberOfCheckSat, 292 ConstructedInterpolants, 0 QuantifiedInterpolants, 768 SizeOfPredicates, 0 NumberOfNonLiveVariables, 366 ConjunctsInSsa, 9 ConjunctsInUnsatCore, 8 InterpolantComputations, 5 PerfectInterpolantSequences, 63/69 InterpolantCoveringCapability, INVARIANT_SYNTHESIS: No data available, INTERPOLANT_CONSOLIDATION: No data available, ABSTRACT_INTERPRETATION: No data available, PDR: No data available, ACCELERATED_INTERPOLATION: No data available, SIFA: No data available, ReuseStatistics: No data available - AllSpecificationsHoldResult: All specifications hold 1 specifications checked. All of them hold - InvariantResult [Line: 838]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 72]: Loop Invariant Derived loop invariant: 0 - InvariantResult [Line: 828]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 442]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && waterLevel == 1)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || ((pumpRunning == 0 && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 335]: Loop Invariant Derived loop invariant: ((pumpRunning == 0 && 1 == systemActive) && \result == systemActive) && waterLevel == 1 - InvariantResult [Line: 451]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 242]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 223]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 346]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (((pumpRunning == 0 && !(tmp == 0)) && !(\result == 0)) && waterLevel == 1)) && (((!(\old(pumpRunning) == 0) || !(1 == systemActive)) || (((pumpRunning == 0 && !(tmp == 0)) && !(\result == 0)) && \old(waterLevel) == waterLevel)) || !(2 <= \old(waterLevel))) - InvariantResult [Line: 889]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 172]: Loop Invariant Derived loop invariant: (((!(\old(pumpRunning) == 0) || (pumpRunning == 0 && \old(waterLevel) == waterLevel)) || !(1 == systemActive)) || !(2 <= \old(waterLevel))) && (((!(\old(pumpRunning) == 0) || !(\old(waterLevel) == 1)) || !(1 == systemActive)) || (pumpRunning == 0 && waterLevel == 1)) - InvariantResult [Line: 328]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 - InvariantResult [Line: 374]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 73]: Loop Invariant Derived loop invariant: (((((pumpRunning == 0 && 2 <= waterLevel) && 1 == systemActive) && \result == systemActive) && splverifierCounter == 0) && tmp == systemActive) || (((((pumpRunning == 0 && \result == systemActive) && splverifierCounter == 0) && waterLevel == 1) && waterLevel == tmp) && tmp == systemActive) - InvariantResult [Line: 50]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 882]: Loop Invariant Derived loop invariant: (((pumpRunning == 0 && \result == systemActive) && waterLevel == 1) && waterLevel == tmp) && tmp == systemActive - InvariantResult [Line: 899]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 63]: Loop Invariant Derived loop invariant: 1 - InvariantResult [Line: 287]: Loop Invariant Derived loop invariant: (!(\old(pumpRunning) == 0) || !(1 == systemActive)) || !(1 <= \old(waterLevel)) - InvariantResult [Line: 321]: Loop Invariant Derived loop invariant: (pumpRunning == 0 && 1 == systemActive) && waterLevel == 1 RESULT: Ultimate proved your program to be correct! [2022-02-20 18:10:22,153 INFO L540 MonitoredProcess]: [MP /storage/repos/ultimate/releaseScripts/default/UAutomizer-linux/z3 SMTLIB2_COMPLIANT=true -memory:2024 -smt2 -in -t:2000 (1)] Forceful destruction successful, exit code 0 Received shutdown request... --- End real Ultimate output --- Execution finished normally Writing output log to file Ultimate.log Result: TRUE